bmarwell commented on a change in pull request #129: URL: https://github.com/apache/shiro-site/pull/129#discussion_r735539406
########## File path: jbake/content/overview.adoc ########## @@ -64,34 +59,30 @@ This example statement indicates that applications are largely written to satisf Shiro largely reflects these concepts in its own design. By matching what is already intuitive for software developers, Apache Shiro remains intuitive and easy to use in practically any application. -<a name="Overview-BasicDesign"></a> -### Bsic Design +=== Bsic Design Shiro's architecture has 3 primary concepts: the `Subject`, `SecurityManager` and `Realm` s. The following diagram is a high-level overview of how these concepts interact, and we'll cover each concept below: -<img src="/img/ShiroBasicArchitecture.png" style="margin:0px auto;display:block"></img> Review comment: Image is missing as well. ########## File path: jbake/content/overview.adoc ########## @@ -1,60 +1,55 @@ -title=Overview of Apache Shiro -type=page -tags=documentation, manual -status=published -~~~~~~ += Overview of Apache Shiro +:jbake-type: page +:jbake-status: published +:jbake-tags: documentation, manual +:idprefix: -<a name="Overview-Introduction"></a> -## Introduction +== Introduction Apache Shiro is a powerful and flexible open-source security framework that cleanly handles authentication, authorization, enterprise session management and cryptography. Apache Shiro's first and foremost goal is to be easy to use and understand. Security can be very complex at times, even painful, but it doesn't have to be. A framework should mask complexities where possible and expose a clean and intuitive API that simplifies the developer's effort to make their application(s) secure. Here are some things that you can do with Apache Shiro: -* Authenticate a user to verify their identity -* Perform access control for a user, such as: - * Determine if a user is assigned a certain security role or not - * Determine if a user is permitted to do something or not -* Use a Session API in any environment, even without web or EJB containers. -* React to events during authentication, access control, or during a session's lifetime. -* Aggregate 1 or more data sources of user security data and present this all as a single composite user 'view'. -* Enable Single Sign On (SSO) functionality -* Enable 'Remember Me' services for user association without login -... +* Authenticate a user to verify their identity +* Perform access control for a user, such as: +** Determine if a user is assigned a certain security role or not +** Determine if a user is permitted to do something or not +* Use a Session API in any environment, even without web or EJB containers. +* React to events during authentication, access control, or during a session's lifetime. +* Aggregate 1 or more data sources of user security data and present this all as a single composite user 'view'. +* Enable Single Sign On (SSO) functionality +* Enable 'Remember Me' services for user association without login +… and much more - all integrated into a cohesive easy-to-use API. Shiro attempts to achieve these goals for all application environments - from the simplest command line application to the largest enterprise applications, without forcing dependencies on other 3rd party frameworks, containers, or application servers. Of course the project aims to integrate into these environments wherever possible, but it could be used out-of-the-box in any environment. -<a name="Overview-Features"></a> -## Features +== Features Apache Shiro is a comprehensive application security framework with many features. The following diagram shows where Shiro focuses its energy, and this reference manual will be organized similarly: -<img src="/img/ShiroFeatures.png" style="margin:0px auto;display:block"></img> - Review comment: Image is missnig, please re-add it. ########## File path: jbake/content/get-started.adoc ########## @@ -1,38 +1,34 @@ -title=Get Started with Apache Shiro -date=2014-01-30 -author=Les Hazelwood -type=page -tags=documentation, manual -status=published -description=Resources, guides and tutorials for new Shiro users. -~~~~~~ += Get Started with Apache Shiro +:jbake-type: page +:jbake-status: published +:jbake-tags: documentation, manual +:idprefix: Apache Shiro focuses on ease-of-use, so you can rely on secure, stable authentication, authorization, cryptography, and session management. With Shiro’s easy-to-understand API, you can quickly and easily secure any application. Get started! -## The Basics +== The Basics -* **[Introduction to the Apache Shiro Java Security Framework](introduction.html)** +* *link:introduction.html[Introduction to the Apache Shiro Java Security Framework]* A high-level overview of Apache Shiro's capabilities. -* **[Architecture](architecture.html)** +* *link:architecture.html[Architecture]* Review comment: ```suggestion * *link:/architecture.html[Architecture]* ``` ########## File path: jbake/content/get-started.adoc ########## @@ -1,38 +1,34 @@ -title=Get Started with Apache Shiro -date=2014-01-30 -author=Les Hazelwood -type=page -tags=documentation, manual -status=published -description=Resources, guides and tutorials for new Shiro users. -~~~~~~ += Get Started with Apache Shiro +:jbake-type: page +:jbake-status: published +:jbake-tags: documentation, manual +:idprefix: Apache Shiro focuses on ease-of-use, so you can rely on secure, stable authentication, authorization, cryptography, and session management. With Shiro’s easy-to-understand API, you can quickly and easily secure any application. Get started! -## The Basics +== The Basics -* **[Introduction to the Apache Shiro Java Security Framework](introduction.html)** +* *link:introduction.html[Introduction to the Apache Shiro Java Security Framework]* A high-level overview of Apache Shiro's capabilities. -* **[Architecture](architecture.html)** +* *link:architecture.html[Architecture]* An architectural overview of Apache Shiro. -* **[Terminology](terminology.html)** +* *link:terminology.html[Terminology]* A list of definitions of common security concepts and concerns. -* **[Apache Shiro Project Background](what-is-shiro.html)** +* *link:what-is-shiro.html[Apache Shiro Project Background]* Apache Shiro, like most useful tools, was created out of necessity. Learn more about the project history and mission statement. +== Tutorials -## Tutorials - -* **[10-Minute Tutorial](10-minute-tutorial.html)** +* *link:10-minute-tutorial.html[10-Minute Tutorial]* Learn all the ins and outs of the Shiro Framework in under 10 minutes. This quick and simple tutorial shows how a developer uses Shiro in their application. -* **[Your First Shiro Application](tutorial.html)** +* *link:tutorial.html[Your First Shiro Application]* If you're new to Apache Shiro, this short tutorial will show you how to set up a very simple application secured by Apache Shiro. We'll discuss Shiro's core concepts along the way to help familiarize you with Shiro's design and API. -## Other Resources +== Other Resources -* **[Introductory Articles... and Beyond!](articles.html)** -Articles and Guides written by and for members of the Apache Shiro community. +* *link:articles.html[Introductory Articles… and Beyond!]* Review comment: /articles.html ########## File path: jbake/content/license.adoc ########## @@ -1,10 +1,11 @@ -title=Apache License, Version 2.0 -type=page -tags=documentation, manual -status=published -~~~~~~ - -``` nohighlight += Apache License, Version 2.0 +:jbake-type: page +:jbake-status: published +:jbake-tags: documentation, manual Review comment: -manual, +license ########## File path: jbake/content/privacy-policy.adoc ########## @@ -1,22 +1,19 @@ -title=Apache Shiro Privacy Policy -type=page -tags=privacy, policy, agreement -status=published -~~~~~~ - -<a name="PrivacyPolicy-ApacheShiroPrivacyPolicy"></a> += Apache Shiro Privacy Policy +:jbake-type: page +:jbake-status: published +:jbake-tags: privacy, policy, agreement +:idprefix: Information about your use of this website is collected using server access logs and a tracking cookie. The collected information consists of the following: Review comment: We may want to add the first four paragraphs from here as well: https://www.apache.org/foundation/policies/privacy.html ########## File path: jbake/content/adoption.adoc ########## @@ -1,9 +1,9 @@ -title=Apache Shiro Adoption -type=page -tags=documentation, about -status=published -~~~~~~ += Apache Shiro Adoption +:jbake-type: page +:jbake-status: published +:jbake-tags: documentation, about Review comment: "about" as tag? :) Probably an earlier mistake by me. ;-) ########## File path: jbake/content/privacy-policy.adoc ########## @@ -1,22 +1,19 @@ -title=Apache Shiro Privacy Policy -type=page -tags=privacy, policy, agreement -status=published -~~~~~~ - -<a name="PrivacyPolicy-ApacheShiroPrivacyPolicy"></a> += Apache Shiro Privacy Policy +:jbake-type: page +:jbake-status: published +:jbake-tags: privacy, policy, agreement +:idprefix: Information about your use of this website is collected using server access logs and a tracking cookie. The collected information consists of the following: -- The IP address from which you access the website; -- The type of browser and operating system you use to access our site; -- The date and time you access our site; -- The pages you visit; and -- The addresses of pages from where you followed a link to our site. +* The IP address from which you access the website +* The type of browser and operating system you use to access our site +* The date and time you access our site +* The pages you visit +* The addresses of pages from where you followed a link to our site Part of this information is gathered using a tracking cookie set by the Google Analytics service and handled by Google as described in their privacy policy. See your browser documentation for instructions on how to disable the cookie if you prefer not to share this data with Google. We use the gathered information to help us make our site more useful to visitors and to better understand how and when our site is used. We do not track or collect personally identifiable information or associate gathered data with any personally identifying information from other sources. -By using this website, you consent to the collection of this data in the manner and for the purpose described above. -<input type="hidden" id="ghEditPage" value="privacy-policy.md"></input> +By using this website, you consent to the collection of this data in the manner and for the purpose described above. Review comment: We may want to add this sentence from https://www.apache.org/foundation/policies/privacy.html: `The ASF welcomes your questions or comments regarding this Privacy Policy. Send them to priv...@apache.org.` ########## File path: jbake/content/core.adoc ########## @@ -1,31 +1,29 @@ -title=Core Concepts in Apache Shiro -type=page -tags=documentation, about -status=published -~~~~~~ += Core Concepts in Apache Shiro +:jbake-type: page +:jbake-status: published +:jbake-tags: documentation, about +:idprefix: This part of the documentation covers Shiro's core architectural concepts. -First we'll present Shiro's architecture and a summary of each core concept. Then we'll cover the most important concept in Shiro - the `Subject`, a security-specific 'view' of a <em>single</em> application user. -Next we'll discuss the <tt>SecurityManager</tt>, an application singleton that manages all Subjects for the application, and as well as the SecurityManager's supporting components that do most of Shiro's heavy lifting. +First we'll present Shiro's architecture and a summary of each core concept. Then we'll cover the most important concept in Shiro - the `Subject`, a security-specific 'view' of a *single* application user. +Next we'll discuss the **SecurityManager**, an application singleton that manages all Subjects for the application, and as well as the SecurityManager's supporting components that do most of Shiro's heavy lifting. Then onto Realms, the security-specific DAOs, Shiro communicates with and then Permissions, the building block of any security policy. -* [Architecture](architecture.html) +* link:architecture.html[Architecture] -* [Subject](subject.html) +* link:subject.html[Subject] -* [SecurityManager](securitymanager.html) +* link:securitymanager.html[SecurityManager] -* [Realms](realm.html) +* link:realm.html[Realms] -* [Permissions](permissions.html) +* link:permissions.html[Permissions] Review comment: I am a big fan of using root-relative (absolute) paths, e.g. /permissions.html. If we move this page to e.g. `/conceps/core.adoc`, the link will break. ########## File path: jbake/content/core.adoc ########## @@ -1,31 +1,29 @@ -title=Core Concepts in Apache Shiro -type=page -tags=documentation, about -status=published -~~~~~~ += Core Concepts in Apache Shiro +:jbake-type: page +:jbake-status: published +:jbake-tags: documentation, about Review comment: -about ########## File path: jbake/content/forums.adoc ########## @@ -0,0 +1,21 @@ += Apache Shiro Community Forums +:jbake-type: page +:jbake-status: published +:jbake-tags: documentation, community Review comment: add forums? ########## File path: jbake/content/get-started.adoc ########## @@ -1,38 +1,34 @@ -title=Get Started with Apache Shiro -date=2014-01-30 -author=Les Hazelwood -type=page -tags=documentation, manual -status=published -description=Resources, guides and tutorials for new Shiro users. -~~~~~~ += Get Started with Apache Shiro +:jbake-type: page +:jbake-status: published +:jbake-tags: documentation, manual +:idprefix: Apache Shiro focuses on ease-of-use, so you can rely on secure, stable authentication, authorization, cryptography, and session management. With Shiro’s easy-to-understand API, you can quickly and easily secure any application. Get started! -## The Basics +== The Basics -* **[Introduction to the Apache Shiro Java Security Framework](introduction.html)** +* *link:introduction.html[Introduction to the Apache Shiro Java Security Framework]* A high-level overview of Apache Shiro's capabilities. -* **[Architecture](architecture.html)** +* *link:architecture.html[Architecture]* An architectural overview of Apache Shiro. -* **[Terminology](terminology.html)** +* *link:terminology.html[Terminology]* A list of definitions of common security concepts and concerns. -* **[Apache Shiro Project Background](what-is-shiro.html)** +* *link:what-is-shiro.html[Apache Shiro Project Background]* Apache Shiro, like most useful tools, was created out of necessity. Learn more about the project history and mission statement. +== Tutorials -## Tutorials - -* **[10-Minute Tutorial](10-minute-tutorial.html)** +* *link:10-minute-tutorial.html[10-Minute Tutorial]* Learn all the ins and outs of the Shiro Framework in under 10 minutes. This quick and simple tutorial shows how a developer uses Shiro in their application. -* **[Your First Shiro Application](tutorial.html)** +* *link:tutorial.html[Your First Shiro Application]* Review comment: /tutorial.html ########## File path: jbake/content/java-annotations-list.adoc ########## @@ -0,0 +1,17 @@ += Java Annotation List +:jbake-type: page +:jbake-status: published +:jbake-tags: documentation, manual Review comment: +annotations ########## File path: jbake/content/java-annotations-list.adoc ########## @@ -0,0 +1,17 @@ += Java Annotation List +:jbake-type: page +:jbake-status: published +:jbake-tags: documentation, manual +:idprefix: + +Below are a list of the different Shiro annotations you can use in your application. + +* *link:static/current/apidocs/org/apache/shiro/authz/annotation/RequiresAuthentication.html[RequiresAuthentication]* - Requires the current Subject to have been authenticated during their current session for the annotated class/instance/method to be accessed or invoked + +* *link:static/current/apidocs/org/apache/shiro/authz/annotation/RequiresGuest.html[RequiresGuest]* - Requires the current Subject to be a "guest", that is, they are not authenticated or remembered from a previous session for the annotated class/instance/method to be accessed or invoked. + +* *link:static/current/apidocs/org/apache/shiro/authz/annotation/RequiresPermissions.html[RequiresPermissions]* - Requires the current executor's Subject to imply a particular permission in order to execute the annotated method. If the executor's associated Subject determines that the executor does not imply the specified permission, the method will not be executed. + +* *link:static/current/apidocs/org/apache/shiro/authz/annotation/RequiresRoles.html[RequiresRoles]* - Requires the currently executing Subject to have all of the specified roles. If they do not have the role(s), the method will not be executed and an AuthorizationException is thrown. + +* *link:static/current/apidocs/org/apache/shiro/authz/annotation/RequiresUser.html[RequiresUser]* - Requires the current Subject to be an application user for the annotated class/instance/method to be accessed or invoked. Review comment: same (/static...) ########## File path: jbake/content/get-started.adoc ########## @@ -1,38 +1,34 @@ -title=Get Started with Apache Shiro -date=2014-01-30 -author=Les Hazelwood -type=page -tags=documentation, manual -status=published -description=Resources, guides and tutorials for new Shiro users. -~~~~~~ += Get Started with Apache Shiro +:jbake-type: page +:jbake-status: published +:jbake-tags: documentation, manual +:idprefix: Apache Shiro focuses on ease-of-use, so you can rely on secure, stable authentication, authorization, cryptography, and session management. With Shiro’s easy-to-understand API, you can quickly and easily secure any application. Get started! -## The Basics +== The Basics -* **[Introduction to the Apache Shiro Java Security Framework](introduction.html)** +* *link:introduction.html[Introduction to the Apache Shiro Java Security Framework]* Review comment: ```suggestion * *link:/introduction.html[Introduction to the Apache Shiro Java Security Framework]* ``` ########## File path: jbake/content/get-started.adoc ########## @@ -1,38 +1,34 @@ -title=Get Started with Apache Shiro -date=2014-01-30 -author=Les Hazelwood -type=page -tags=documentation, manual -status=published -description=Resources, guides and tutorials for new Shiro users. -~~~~~~ += Get Started with Apache Shiro +:jbake-type: page +:jbake-status: published +:jbake-tags: documentation, manual +:idprefix: Apache Shiro focuses on ease-of-use, so you can rely on secure, stable authentication, authorization, cryptography, and session management. With Shiro’s easy-to-understand API, you can quickly and easily secure any application. Get started! -## The Basics +== The Basics -* **[Introduction to the Apache Shiro Java Security Framework](introduction.html)** +* *link:introduction.html[Introduction to the Apache Shiro Java Security Framework]* A high-level overview of Apache Shiro's capabilities. -* **[Architecture](architecture.html)** +* *link:architecture.html[Architecture]* An architectural overview of Apache Shiro. -* **[Terminology](terminology.html)** +* *link:terminology.html[Terminology]* A list of definitions of common security concepts and concerns. -* **[Apache Shiro Project Background](what-is-shiro.html)** +* *link:what-is-shiro.html[Apache Shiro Project Background]* Review comment: ```suggestion * *link:/what-is-shiro.html[Apache Shiro Project Background]* ``` ########## File path: jbake/content/java-annotations.adoc ########## @@ -0,0 +1,15 @@ += Java Annotation Support +:jbake-type: page +:jbake-status: published +:jbake-tags: documentation, manual, lend-a-hand +:idprefix: + +Before you can use Java annotations, you'll need to enable AOP support in your application. There are a number of different AOP frameworks so, unfortunately, there is no standard way to enable AOP in an application. + +For AspectJ, you can review our https://github.com/apache/shiro/tree/main/samples/aspectj[AspectJ sample application]. + +For Spring, you can look into our link:spring.html[Spring Integration] documentation. + +== Shiro's Java Annotations. + +Once you have AOP enabled in our application, you can use Shiro's set of annotations found in the link:java-annotations-list.html[Java Annotations List] Review comment: ```suggestion Once you have AOP enabled in our application, you can use Shiro's set of annotations found in the link:/java-annotations-list.html[Java Annotations List] ``` ########## File path: jbake/content/java-annotations.adoc ########## @@ -0,0 +1,15 @@ += Java Annotation Support +:jbake-type: page +:jbake-status: published +:jbake-tags: documentation, manual, lend-a-hand +:idprefix: + +Before you can use Java annotations, you'll need to enable AOP support in your application. There are a number of different AOP frameworks so, unfortunately, there is no standard way to enable AOP in an application. + +For AspectJ, you can review our https://github.com/apache/shiro/tree/main/samples/aspectj[AspectJ sample application]. + +For Spring, you can look into our link:spring.html[Spring Integration] documentation. Review comment: ```suggestion For Spring, you can look into our link:/spring.html[Spring Integration] documentation. ``` ########## File path: jbake/content/java-annotations-list.adoc ########## @@ -0,0 +1,17 @@ += Java Annotation List +:jbake-type: page +:jbake-status: published +:jbake-tags: documentation, manual +:idprefix: + +Below are a list of the different Shiro annotations you can use in your application. + +* *link:static/current/apidocs/org/apache/shiro/authz/annotation/RequiresAuthentication.html[RequiresAuthentication]* - Requires the current Subject to have been authenticated during their current session for the annotated class/instance/method to be accessed or invoked Review comment: ```suggestion * *link:/static/current/apidocs/org/apache/shiro/authz/annotation/RequiresAuthentication.html[RequiresAuthentication]* - Requires the current Subject to have been authenticated during their current session for the annotated class/instance/method to be accessed or invoked ``` ########## File path: jbake/content/java-annotations.adoc ########## @@ -0,0 +1,15 @@ += Java Annotation Support +:jbake-type: page +:jbake-status: published +:jbake-tags: documentation, manual, lend-a-hand Review comment: -lend-a-hand, +annotations ########## File path: jbake/content/java-annotations-list.adoc ########## @@ -0,0 +1,17 @@ += Java Annotation List +:jbake-type: page +:jbake-status: published +:jbake-tags: documentation, manual +:idprefix: + +Below are a list of the different Shiro annotations you can use in your application. + +* *link:static/current/apidocs/org/apache/shiro/authz/annotation/RequiresAuthentication.html[RequiresAuthentication]* - Requires the current Subject to have been authenticated during their current session for the annotated class/instance/method to be accessed or invoked + +* *link:static/current/apidocs/org/apache/shiro/authz/annotation/RequiresGuest.html[RequiresGuest]* - Requires the current Subject to be a "guest", that is, they are not authenticated or remembered from a previous session for the annotated class/instance/method to be accessed or invoked. Review comment: ```suggestion * *link:/static/current/apidocs/org/apache/shiro/authz/annotation/RequiresGuest.html[RequiresGuest]* - Requires the current Subject to be a "guest", that is, they are not authenticated or remembered from a previous session for the annotated class/instance/method to be accessed or invoked. ``` ########## File path: jbake/content/overview.adoc ########## @@ -1,60 +1,55 @@ -title=Overview of Apache Shiro -type=page -tags=documentation, manual -status=published -~~~~~~ += Overview of Apache Shiro +:jbake-type: page +:jbake-status: published +:jbake-tags: documentation, manual Review comment: ```suggestion :jbake-tags: documentation, overview ``` ########## File path: jbake/content/get-started.adoc ########## @@ -1,38 +1,34 @@ -title=Get Started with Apache Shiro -date=2014-01-30 -author=Les Hazelwood -type=page -tags=documentation, manual -status=published -description=Resources, guides and tutorials for new Shiro users. -~~~~~~ += Get Started with Apache Shiro +:jbake-type: page +:jbake-status: published +:jbake-tags: documentation, manual +:idprefix: Apache Shiro focuses on ease-of-use, so you can rely on secure, stable authentication, authorization, cryptography, and session management. With Shiro’s easy-to-understand API, you can quickly and easily secure any application. Get started! -## The Basics +== The Basics -* **[Introduction to the Apache Shiro Java Security Framework](introduction.html)** +* *link:introduction.html[Introduction to the Apache Shiro Java Security Framework]* A high-level overview of Apache Shiro's capabilities. -* **[Architecture](architecture.html)** +* *link:architecture.html[Architecture]* An architectural overview of Apache Shiro. -* **[Terminology](terminology.html)** +* *link:terminology.html[Terminology]* Review comment: ```suggestion * *link:/terminology.html[Terminology]* ``` ########## File path: jbake/content/license.adoc ########## @@ -1,10 +1,11 @@ -title=Apache License, Version 2.0 -type=page -tags=documentation, manual -status=published -~~~~~~ - -``` nohighlight += Apache License, Version 2.0 +:jbake-type: page +:jbake-status: published +:jbake-tags: documentation, manual Review comment: ```suggestion :jbake-tags: documentation, license ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@shiro.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org