This is an automated email from the ASF dual-hosted git repository.
lprimak pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/shiro-site.git
The following commit(s) were added to refs/heads/main by this push:
new dac7d849c Add FlowLogix depchain as easier-than-BOM Shiro-Jakarta-EE
dependencies (#219) (#260)
dac7d849c is described below
commit dac7d849c8c71c256cbd6d43c7ee43f9b2a515c0
Author: Ganesh Patil <[email protected]>
AuthorDate: Wed Jan 14 04:43:41 2026 +0530
Add FlowLogix depchain as easier-than-BOM Shiro-Jakarta-EE dependencies
(#219) (#260)
* docs(security): add Security Model documentation
- Created src/site/content/security-model.adoc with detailed explanation
- Covers trust boundaries, authentication, authorization guarantees
- Includes session management and cryptography security considerations
- Documents operator responsibilities and deployment recommendations
- Follows existing site documentation style and AsciiDoc format
* Add FlowLogix depchain as alternative to BOM for Shiro-Jakarta-EE (#219)
This commit introduces documentation for the FlowLogix dependency chain
as a simpler alternative to managing Apache Shiro Jakarta EE dependencies
using the traditional BOM approach.
Changes:
- Add dependency-chain.adoc with complete documentation covering:
- Maven and Gradle configuration examples
- Comparison with traditional BOM approach
- Complete example project
- Migration guide from BOM to dependency chain
- Update jakarta-ee.adoc to reference the dependency chain option
as the recommended approach alongside existing BOM documentation
The FlowLogix shiro-jakarta dependency chain bundles all required
Shiro Jakarta EE modules (shiro-core, shiro-web, shiro-jakarta-ee,
shiro-cdi, shiro-jaxrs) with the correct jakarta classifier, plus
required dependencies like OmniFaces, in a single dependency.
Resolves: #219
---------
Co-authored-by: Lenny Primak <[email protected]>
---
src/site/content/dependency-chain.adoc | 192 +++++++++++++++++++++++++++++++++
src/site/content/jakarta-ee.adoc | 25 ++++-
2 files changed, 216 insertions(+), 1 deletion(-)
diff --git a/src/site/content/dependency-chain.adoc
b/src/site/content/dependency-chain.adoc
new file mode 100644
index 000000000..117627bad
--- /dev/null
+++ b/src/site/content/dependency-chain.adoc
@@ -0,0 +1,192 @@
+= Using FlowLogix Dependency Chains with Apache Shiro
+:jbake-date: 2026-01-03 00:00:00
+:jbake-type: page
+:jbake-status: published
+:jbake-tags: documentation, jakarta-ee, dependencies, integrations
+:idprefix:
+:icons: font
+
+Managing Apache Shiro dependencies in Jakarta EE projects can be simplified
using the FlowLogix Dependency Chains. This approach provides a cleaner
alternative to managing the BOM (Bill of Materials) directly, reducing
configuration complexity and common errors.
+
+== What is the FlowLogix Dependency Chain?
+
+FlowLogix provides pre-configured Maven dependency chains that bundle related
dependencies together. For Apache Shiro with Jakarta EE, the `shiro-jakarta`
module includes all necessary Shiro components with the correct Jakarta
classifier, eliminating the need to declare each dependency individually.
+
+== Why Use Dependency Chains Instead of BOM?
+
+Traditional BOM usage requires importing the BOM in `<dependencyManagement>`
and then declaring each individual dependency. This approach can lead to:
+
+* Forgetting to include required transitive dependencies
+* Inconsistent versions when mixing dependencies
+* Verbose configuration with multiple dependency declarations
+* Missing the `jakarta` classifier on artifacts
+
+The dependency chain approach bundles everything you need in a single
dependency, automatically including:
+
+* `shiro-core` (jakarta classifier)
+* `shiro-web` (jakarta classifier)
+* `shiro-jakarta-ee` (jakarta classifier)
+* `shiro-cdi` (jakarta classifier)
+* `shiro-jaxrs` (jakarta classifier)
+* `commons-configuration2`
+* `omnifaces`
+
+== Maven Configuration
+
+=== Using the Dependency Chain (Recommended)
+
+Add a single dependency to include all Shiro Jakarta EE components:
+
+[source,xml]
+----
+<dependencies>
+ <dependency>
+ <groupId>com.flowlogix.depchain</groupId>
+ <artifactId>shiro-jakarta</artifactId>
+ <version>11</version>
+ <type>pom</type>
+ </dependency>
+</dependencies>
+----
+
+=== Comparison with Traditional BOM Approach
+
+For reference, the traditional BOM approach requires significantly more
configuration:
+
+[source,xml]
+----
+<!-- Traditional BOM Approach (more verbose) -->
+<dependencyManagement>
+ <dependencies>
+ <dependency>
+ <groupId>org.apache.shiro</groupId>
+ <artifactId>shiro-bom</artifactId>
+ <version>${shiro.version}</version>
+ <scope>import</scope>
+ <type>pom</type>
+ </dependency>
+ </dependencies>
+</dependencyManagement>
+
+<dependencies>
+ <dependency>
+ <groupId>org.apache.shiro</groupId>
+ <artifactId>shiro-jakarta-ee</artifactId>
+ <classifier>jakarta</classifier>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.shiro</groupId>
+ <artifactId>shiro-cdi</artifactId>
+ <classifier>jakarta</classifier>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.shiro</groupId>
+ <artifactId>shiro-core</artifactId>
+ <classifier>jakarta</classifier>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.shiro</groupId>
+ <artifactId>shiro-web</artifactId>
+ <classifier>jakarta</classifier>
+ </dependency>
+ <dependency>
+ <groupId>org.omnifaces</groupId>
+ <artifactId>omnifaces</artifactId>
+ <version>LATEST</version>
+ </dependency>
+</dependencies>
+----
+
+== Gradle Configuration
+
+=== Using the Dependency Chain
+
+[source,groovy]
+----
+dependencies {
+ implementation platform('com.flowlogix.depchain:shiro-jakarta:11')
+}
+----
+
+For Kotlin DSL:
+
+[source,kotlin]
+----
+dependencies {
+ implementation(platform("com.flowlogix.depchain:shiro-jakarta:11"))
+}
+----
+
+== Version Information
+
+The FlowLogix dependency chain version corresponds to the major release of
FlowLogix components:
+
+* Version 11: Compatible with Java 17-25+ and Jakarta EE 11
+* Version 10: Compatible with Java 17+ and Jakarta EE 10
+
+Check the
https://central.sonatype.com/search?q=com.flowlogix.depchain&sort=published[Maven
Central] for the latest available version.
+
+== Additional Resources
+
+* https://docs.flowlogix.com/depchains[FlowLogix Dependency Chains
Documentation]
+* https://github.com/flowlogix/flowlogix[FlowLogix GitHub Repository]
+* link:jakarta-ee.html[Apache Shiro Jakarta EE Integration Guide]
+
+== Complete Example Project
+
+Here is a minimal `pom.xml` for a Jakarta EE web application with Shiro
security:
+
+[source,xml]
+----
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0";
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
+ https://maven.apache.org/xsd/maven-4.0.0.xsd";>
+ <modelVersion>4.0.0</modelVersion>
+
+ <groupId>com.example</groupId>
+ <artifactId>shiro-jakarta-demo</artifactId>
+ <version>1.0-SNAPSHOT</version>
+ <packaging>war</packaging>
+
+ <properties>
+ <maven.compiler.source>17</maven.compiler.source>
+ <maven.compiler.target>17</maven.compiler.target>
+ <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+ </properties>
+
+ <dependencies>
+ <!-- Jakarta EE API -->
+ <dependency>
+ <groupId>jakarta.platform</groupId>
+ <artifactId>jakarta.jakartaee-api</artifactId>
+ <version>10.0.0</version>
+ <scope>provided</scope>
+ </dependency>
+
+ <!-- Shiro Jakarta EE - All-in-one dependency -->
+ <dependency>
+ <groupId>com.flowlogix.depchain</groupId>
+ <artifactId>shiro-jakarta</artifactId>
+ <version>11</version>
+ <type>pom</type>
+ </dependency>
+ </dependencies>
+
+ <build>
+ <finalName>${project.artifactId}</finalName>
+ </build>
+</project>
+----
+
+== Migrating from BOM to Dependency Chain
+
+To migrate an existing project from the traditional BOM approach:
+
+1. Remove the `shiro-bom` import from `<dependencyManagement>`
+2. Remove individual Shiro dependency declarations
+3. Add the single `shiro-jakarta` dependency chain
+4. Remove any manually specified `jakarta` classifiers
+
+The dependency chain automatically handles classifier configuration and
ensures all required components are included with compatible versions.
\ No newline at end of file
diff --git a/src/site/content/jakarta-ee.adoc b/src/site/content/jakarta-ee.adoc
index b785cb70f..bb78ace91 100644
--- a/src/site/content/jakarta-ee.adoc
+++ b/src/site/content/jakarta-ee.adoc
@@ -39,7 +39,30 @@ Jakarta EE module depends on CDI and Jax-RS submodules to
fully integrate with t
In addition to all Shiro annotations, Jakarta EE module allows to specify
Jakarta EE security annotations such as `@RolesAllowed`, `@DenyAll` and
`@PermitAll` on your beans
=== How to use Jakarta 9+ (jakarta.* namespace)
-Use the Shiro artifacts with Jakarta classifiers:
+
+There are two approaches to include Shiro Jakarta EE dependencies in your
project:
+
+==== Option 1: FlowLogix Dependency Chain (Recommended)
+
+The simplest approach is to use the FlowLogix dependency chain, which bundles
all required Shiro Jakarta EE components in a single dependency:
+
+[source,xml]
+----
+<dependencies>
+ <dependency>
+ <groupId>com.flowlogix.depchain</groupId>
+ <artifactId>shiro-jakarta</artifactId>
+ <version>11</version>
+ <type>pom</type>
+ </dependency>
+</dependencies>
+----
+
+This approach automatically includes all Shiro modules (`shiro-core`,
`shiro-web`, `shiro-jakarta-ee`, `shiro-cdi`, `shiro-jaxrs`) with the correct
Jakarta classifier, plus required dependencies like OmniFaces. See the
link:dependency-chain.html[Dependency Chain Guide] for more details, Gradle
examples, and migration instructions.
+
+==== Option 2: Traditional BOM with Individual Dependencies
+
+Alternatively, use the Shiro artifacts with Jakarta classifiers directly:
[source,xml]
----
<dependency>
