bmarwell commented on a change in pull request #129:
URL: https://github.com/apache/shiro-site/pull/129#discussion_r735539406
##########
File path: jbake/content/overview.adoc
##########
@@ -64,34 +59,30 @@ This example statement indicates that applications are
largely written to satisf
Shiro largely reflects these concepts in its own design. By matching what is
already intuitive for software developers, Apache Shiro remains intuitive and
easy to use in practically any application.
-<a name="Overview-BasicDesign"></a>
-### Bsic Design
+=== Bsic Design
Shiro's architecture has 3 primary concepts: the `Subject`, `SecurityManager`
and `Realm` s. The following diagram is a high-level overview of how these
concepts interact, and we'll cover each concept below:
-<img src="/img/ShiroBasicArchitecture.png" style="margin:0px
auto;display:block"></img>
Review comment:
Image is missing as well.
##########
File path: jbake/content/overview.adoc
##########
@@ -1,60 +1,55 @@
-title=Overview of Apache Shiro
-type=page
-tags=documentation, manual
-status=published
-~~~~~~
+= Overview of Apache Shiro
+:jbake-type: page
+:jbake-status: published
+:jbake-tags: documentation, manual
+:idprefix:
-<a name="Overview-Introduction"></a>
-## Introduction
+== Introduction
Apache Shiro is a powerful and flexible open-source security framework that
cleanly handles authentication, authorization, enterprise session management
and cryptography.
Apache Shiro's first and foremost goal is to be easy to use and understand.
Security can be very complex at times, even painful, but it doesn't have to be.
A framework should mask complexities where possible and expose a clean and
intuitive API that simplifies the developer's effort to make their
application(s) secure.
Here are some things that you can do with Apache Shiro:
-* Authenticate a user to verify their identity
-* Perform access control for a user, such as:
- * Determine if a user is assigned a certain security role or not
- * Determine if a user is permitted to do something or not
-* Use a Session API in any environment, even without web or EJB containers.
-* React to events during authentication, access control, or during a
session's lifetime.
-* Aggregate 1 or more data sources of user security data and present this
all as a single composite user 'view'.
-* Enable Single Sign On (SSO) functionality
-* Enable 'Remember Me' services for user association without login
-...
+* Authenticate a user to verify their identity
+* Perform access control for a user, such as:
+** Determine if a user is assigned a certain security role or not
+** Determine if a user is permitted to do something or not
+* Use a Session API in any environment, even without web or EJB containers.
+* React to events during authentication, access control, or during a session's
lifetime.
+* Aggregate 1 or more data sources of user security data and present this all
as a single composite user 'view'.
+* Enable Single Sign On (SSO) functionality
+* Enable 'Remember Me' services for user association without login
+…
and much more - all integrated into a cohesive easy-to-use API.
Shiro attempts to achieve these goals for all application environments - from
the simplest command line application to the largest enterprise applications,
without forcing dependencies on other 3rd party frameworks, containers, or
application servers. Of course the project aims to integrate into these
environments wherever possible, but it could be used out-of-the-box in any
environment.
-<a name="Overview-Features"></a>
-## Features
+== Features
Apache Shiro is a comprehensive application security framework with many
features. The following diagram shows where Shiro focuses its energy, and this
reference manual will be organized similarly:
-<img src="/img/ShiroFeatures.png" style="margin:0px auto;display:block"></img>
-
Review comment:
Image is missnig, please re-add it.
##########
File path: jbake/content/get-started.adoc
##########
@@ -1,38 +1,34 @@
-title=Get Started with Apache Shiro
-date=2014-01-30
-author=Les Hazelwood
-type=page
-tags=documentation, manual
-status=published
-description=Resources, guides and tutorials for new Shiro users.
-~~~~~~
+= Get Started with Apache Shiro
+:jbake-type: page
+:jbake-status: published
+:jbake-tags: documentation, manual
+:idprefix:
Apache Shiro focuses on ease-of-use, so you can rely on secure, stable
authentication, authorization, cryptography, and session management. With
Shiro’s easy-to-understand API, you can quickly and easily secure any
application. Get started!
-## The Basics
+== The Basics
-* **[Introduction to the Apache Shiro Java Security
Framework](introduction.html)**
+* *link:introduction.html[Introduction to the Apache Shiro Java Security
Framework]*
A high-level overview of Apache Shiro's capabilities.
-* **[Architecture](architecture.html)**
+* *link:architecture.html[Architecture]*
Review comment:
```suggestion
* *link:/architecture.html[Architecture]*
```
##########
File path: jbake/content/get-started.adoc
##########
@@ -1,38 +1,34 @@
-title=Get Started with Apache Shiro
-date=2014-01-30
-author=Les Hazelwood
-type=page
-tags=documentation, manual
-status=published
-description=Resources, guides and tutorials for new Shiro users.
-~~~~~~
+= Get Started with Apache Shiro
+:jbake-type: page
+:jbake-status: published
+:jbake-tags: documentation, manual
+:idprefix:
Apache Shiro focuses on ease-of-use, so you can rely on secure, stable
authentication, authorization, cryptography, and session management. With
Shiro’s easy-to-understand API, you can quickly and easily secure any
application. Get started!
-## The Basics
+== The Basics
-* **[Introduction to the Apache Shiro Java Security
Framework](introduction.html)**
+* *link:introduction.html[Introduction to the Apache Shiro Java Security
Framework]*
A high-level overview of Apache Shiro's capabilities.
-* **[Architecture](architecture.html)**
+* *link:architecture.html[Architecture]*
An architectural overview of Apache Shiro.
-* **[Terminology](terminology.html)**
+* *link:terminology.html[Terminology]*
A list of definitions of common security concepts and concerns.
-* **[Apache Shiro Project Background](what-is-shiro.html)**
+* *link:what-is-shiro.html[Apache Shiro Project Background]*
Apache Shiro, like most useful tools, was created out of necessity. Learn more
about the project history and mission statement.
+== Tutorials
-## Tutorials
-
-* **[10-Minute Tutorial](10-minute-tutorial.html)**
+* *link:10-minute-tutorial.html[10-Minute Tutorial]*
Learn all the ins and outs of the Shiro Framework in under 10 minutes. This
quick and simple tutorial shows how a developer uses Shiro in their application.
-* **[Your First Shiro Application](tutorial.html)**
+* *link:tutorial.html[Your First Shiro Application]*
If you're new to Apache Shiro, this short tutorial will show you how to set up
a very simple application secured by Apache Shiro. We'll discuss Shiro's core
concepts along the way to help familiarize you with Shiro's design and API.
-## Other Resources
+== Other Resources
-* **[Introductory Articles... and Beyond!](articles.html)**
-Articles and Guides written by and for members of the Apache Shiro community.
+* *link:articles.html[Introductory Articles… and Beyond!]*
Review comment:
/articles.html
##########
File path: jbake/content/license.adoc
##########
@@ -1,10 +1,11 @@
-title=Apache License, Version 2.0
-type=page
-tags=documentation, manual
-status=published
-~~~~~~
-
-``` nohighlight
+= Apache License, Version 2.0
+:jbake-type: page
+:jbake-status: published
+:jbake-tags: documentation, manual
Review comment:
-manual, +license
##########
File path: jbake/content/privacy-policy.adoc
##########
@@ -1,22 +1,19 @@
-title=Apache Shiro Privacy Policy
-type=page
-tags=privacy, policy, agreement
-status=published
-~~~~~~
-
-<a name="PrivacyPolicy-ApacheShiroPrivacyPolicy"></a>
+= Apache Shiro Privacy Policy
+:jbake-type: page
+:jbake-status: published
+:jbake-tags: privacy, policy, agreement
+:idprefix:
Information about your use of this website is collected using server access
logs and a tracking cookie. The collected information consists of the following:
Review comment:
We may want to add the first four paragraphs from here as well:
https://www.apache.org/foundation/policies/privacy.html
##########
File path: jbake/content/adoption.adoc
##########
@@ -1,9 +1,9 @@
-title=Apache Shiro Adoption
-type=page
-tags=documentation, about
-status=published
-~~~~~~
+= Apache Shiro Adoption
+:jbake-type: page
+:jbake-status: published
+:jbake-tags: documentation, about
Review comment:
"about" as tag? :) Probably an earlier mistake by me. ;-)
##########
File path: jbake/content/privacy-policy.adoc
##########
@@ -1,22 +1,19 @@
-title=Apache Shiro Privacy Policy
-type=page
-tags=privacy, policy, agreement
-status=published
-~~~~~~
-
-<a name="PrivacyPolicy-ApacheShiroPrivacyPolicy"></a>
+= Apache Shiro Privacy Policy
+:jbake-type: page
+:jbake-status: published
+:jbake-tags: privacy, policy, agreement
+:idprefix:
Information about your use of this website is collected using server access
logs and a tracking cookie. The collected information consists of the following:
-- The IP address from which you access the website;
-- The type of browser and operating system you use to access our site;
-- The date and time you access our site;
-- The pages you visit; and
-- The addresses of pages from where you followed a link to our site.
+* The IP address from which you access the website
+* The type of browser and operating system you use to access our site
+* The date and time you access our site
+* The pages you visit
+* The addresses of pages from where you followed a link to our site
Part of this information is gathered using a tracking cookie set by the Google
Analytics service and handled by Google as described in their privacy policy.
See your browser documentation for instructions on how to disable the cookie if
you prefer not to share this data with Google.
We use the gathered information to help us make our site more useful to
visitors and to better understand how and when our site is used. We do not
track or collect personally identifiable information or associate gathered data
with any personally identifying information from other sources.
-By using this website, you consent to the collection of this data in the
manner and for the purpose described above.
-<input type="hidden" id="ghEditPage" value="privacy-policy.md"></input>
+By using this website, you consent to the collection of this data in the
manner and for the purpose described above.
Review comment:
We may want to add this sentence from
https://www.apache.org/foundation/policies/privacy.html:
`The ASF welcomes your questions or comments regarding this Privacy Policy.
Send them to priv...@apache.org.`
##########
File path: jbake/content/core.adoc
##########
@@ -1,31 +1,29 @@
-title=Core Concepts in Apache Shiro
-type=page
-tags=documentation, about
-status=published
-~~~~~~
+= Core Concepts in Apache Shiro
+:jbake-type: page
+:jbake-status: published
+:jbake-tags: documentation, about
+:idprefix:
This part of the documentation covers Shiro's core architectural concepts.
-First we'll present Shiro's architecture and a summary of each core concept.
Then we'll cover the most important concept in Shiro - the `Subject`, a
security-specific 'view' of a <em>single</em> application user.
-Next we'll discuss the <tt>SecurityManager</tt>, an application singleton that
manages all Subjects for the application, and as well as the SecurityManager's
supporting components that do most of Shiro's heavy lifting.
+First we'll present Shiro's architecture and a summary of each core concept.
Then we'll cover the most important concept in Shiro - the `Subject`, a
security-specific 'view' of a *single* application user.
+Next we'll discuss the **SecurityManager**, an application singleton that
manages all Subjects for the application, and as well as the SecurityManager's
supporting components that do most of Shiro's heavy lifting.
Then onto Realms, the security-specific DAOs, Shiro communicates with and then
Permissions, the building block of any security policy.
-* [Architecture](architecture.html)
+* link:architecture.html[Architecture]
-* [Subject](subject.html)
+* link:subject.html[Subject]
-* [SecurityManager](securitymanager.html)
+* link:securitymanager.html[SecurityManager]
-* [Realms](realm.html)
+* link:realm.html[Realms]
-* [Permissions](permissions.html)
+* link:permissions.html[Permissions]
Review comment:
I am a big fan of using root-relative (absolute) paths, e.g.
/permissions.html.
If we move this page to e.g. `/conceps/core.adoc`, the link will break.
##########
File path: jbake/content/core.adoc
##########
@@ -1,31 +1,29 @@
-title=Core Concepts in Apache Shiro
-type=page
-tags=documentation, about
-status=published
-~~~~~~
+= Core Concepts in Apache Shiro
+:jbake-type: page
+:jbake-status: published
+:jbake-tags: documentation, about
Review comment:
-about
##########
File path: jbake/content/forums.adoc
##########
@@ -0,0 +1,21 @@
+= Apache Shiro Community Forums
+:jbake-type: page
+:jbake-status: published
+:jbake-tags: documentation, community
Review comment:
add forums?
##########
File path: jbake/content/get-started.adoc
##########
@@ -1,38 +1,34 @@
-title=Get Started with Apache Shiro
-date=2014-01-30
-author=Les Hazelwood
-type=page
-tags=documentation, manual
-status=published
-description=Resources, guides and tutorials for new Shiro users.
-~~~~~~
+= Get Started with Apache Shiro
+:jbake-type: page
+:jbake-status: published
+:jbake-tags: documentation, manual
+:idprefix:
Apache Shiro focuses on ease-of-use, so you can rely on secure, stable
authentication, authorization, cryptography, and session management. With
Shiro’s easy-to-understand API, you can quickly and easily secure any
application. Get started!
-## The Basics
+== The Basics
-* **[Introduction to the Apache Shiro Java Security
Framework](introduction.html)**
+* *link:introduction.html[Introduction to the Apache Shiro Java Security
Framework]*
A high-level overview of Apache Shiro's capabilities.
-* **[Architecture](architecture.html)**
+* *link:architecture.html[Architecture]*
An architectural overview of Apache Shiro.
-* **[Terminology](terminology.html)**
+* *link:terminology.html[Terminology]*
A list of definitions of common security concepts and concerns.
-* **[Apache Shiro Project Background](what-is-shiro.html)**
+* *link:what-is-shiro.html[Apache Shiro Project Background]*
Apache Shiro, like most useful tools, was created out of necessity. Learn more
about the project history and mission statement.
+== Tutorials
-## Tutorials
-
-* **[10-Minute Tutorial](10-minute-tutorial.html)**
+* *link:10-minute-tutorial.html[10-Minute Tutorial]*
Learn all the ins and outs of the Shiro Framework in under 10 minutes. This
quick and simple tutorial shows how a developer uses Shiro in their application.
-* **[Your First Shiro Application](tutorial.html)**
+* *link:tutorial.html[Your First Shiro Application]*
Review comment:
/tutorial.html
##########
File path: jbake/content/java-annotations-list.adoc
##########
@@ -0,0 +1,17 @@
+= Java Annotation List
+:jbake-type: page
+:jbake-status: published
+:jbake-tags: documentation, manual
Review comment:
+annotations
##########
File path: jbake/content/java-annotations-list.adoc
##########
@@ -0,0 +1,17 @@
+= Java Annotation List
+:jbake-type: page
+:jbake-status: published
+:jbake-tags: documentation, manual
+:idprefix:
+
+Below are a list of the different Shiro annotations you can use in your
application.
+
+*
*link:static/current/apidocs/org/apache/shiro/authz/annotation/RequiresAuthentication.html[RequiresAuthentication]*
- Requires the current Subject to have been authenticated during their current
session for the annotated class/instance/method to be accessed or invoked
+
+*
*link:static/current/apidocs/org/apache/shiro/authz/annotation/RequiresGuest.html[RequiresGuest]*
- Requires the current Subject to be a "guest", that is, they are not
authenticated or remembered from a previous session for the annotated
class/instance/method to be accessed or invoked.
+
+*
*link:static/current/apidocs/org/apache/shiro/authz/annotation/RequiresPermissions.html[RequiresPermissions]*
- Requires the current executor's Subject to imply a particular permission in
order to execute the annotated method. If the executor's associated Subject
determines that the executor does not imply the specified permission, the
method will not be executed.
+
+*
*link:static/current/apidocs/org/apache/shiro/authz/annotation/RequiresRoles.html[RequiresRoles]*
- Requires the currently executing Subject to have all of the specified roles.
If they do not have the role(s), the method will not be executed and an
AuthorizationException is thrown.
+
+*
*link:static/current/apidocs/org/apache/shiro/authz/annotation/RequiresUser.html[RequiresUser]*
- Requires the current Subject to be an application user for the annotated
class/instance/method to be accessed or invoked.
Review comment:
same (/static...)
##########
File path: jbake/content/get-started.adoc
##########
@@ -1,38 +1,34 @@
-title=Get Started with Apache Shiro
-date=2014-01-30
-author=Les Hazelwood
-type=page
-tags=documentation, manual
-status=published
-description=Resources, guides and tutorials for new Shiro users.
-~~~~~~
+= Get Started with Apache Shiro
+:jbake-type: page
+:jbake-status: published
+:jbake-tags: documentation, manual
+:idprefix:
Apache Shiro focuses on ease-of-use, so you can rely on secure, stable
authentication, authorization, cryptography, and session management. With
Shiro’s easy-to-understand API, you can quickly and easily secure any
application. Get started!
-## The Basics
+== The Basics
-* **[Introduction to the Apache Shiro Java Security
Framework](introduction.html)**
+* *link:introduction.html[Introduction to the Apache Shiro Java Security
Framework]*
Review comment:
```suggestion
* *link:/introduction.html[Introduction to the Apache Shiro Java Security
Framework]*
```
##########
File path: jbake/content/get-started.adoc
##########
@@ -1,38 +1,34 @@
-title=Get Started with Apache Shiro
-date=2014-01-30
-author=Les Hazelwood
-type=page
-tags=documentation, manual
-status=published
-description=Resources, guides and tutorials for new Shiro users.
-~~~~~~
+= Get Started with Apache Shiro
+:jbake-type: page
+:jbake-status: published
+:jbake-tags: documentation, manual
+:idprefix:
Apache Shiro focuses on ease-of-use, so you can rely on secure, stable
authentication, authorization, cryptography, and session management. With
Shiro’s easy-to-understand API, you can quickly and easily secure any
application. Get started!
-## The Basics
+== The Basics
-* **[Introduction to the Apache Shiro Java Security
Framework](introduction.html)**
+* *link:introduction.html[Introduction to the Apache Shiro Java Security
Framework]*
A high-level overview of Apache Shiro's capabilities.
-* **[Architecture](architecture.html)**
+* *link:architecture.html[Architecture]*
An architectural overview of Apache Shiro.
-* **[Terminology](terminology.html)**
+* *link:terminology.html[Terminology]*
A list of definitions of common security concepts and concerns.
-* **[Apache Shiro Project Background](what-is-shiro.html)**
+* *link:what-is-shiro.html[Apache Shiro Project Background]*
Review comment:
```suggestion
* *link:/what-is-shiro.html[Apache Shiro Project Background]*
```
##########
File path: jbake/content/java-annotations.adoc
##########
@@ -0,0 +1,15 @@
+= Java Annotation Support
+:jbake-type: page
+:jbake-status: published
+:jbake-tags: documentation, manual, lend-a-hand
+:idprefix:
+
+Before you can use Java annotations, you'll need to enable AOP support in your
application. There are a number of different AOP frameworks so, unfortunately,
there is no standard way to enable AOP in an application.
+
+For AspectJ, you can review our
https://github.com/apache/shiro/tree/main/samples/aspectj[AspectJ sample
application].
+
+For Spring, you can look into our link:spring.html[Spring Integration]
documentation.
+
+== Shiro's Java Annotations.
+
+Once you have AOP enabled in our application, you can use Shiro's set of
annotations found in the link:java-annotations-list.html[Java Annotations List]
Review comment:
```suggestion
Once you have AOP enabled in our application, you can use Shiro's set of
annotations found in the link:/java-annotations-list.html[Java Annotations List]
```
##########
File path: jbake/content/java-annotations.adoc
##########
@@ -0,0 +1,15 @@
+= Java Annotation Support
+:jbake-type: page
+:jbake-status: published
+:jbake-tags: documentation, manual, lend-a-hand
+:idprefix:
+
+Before you can use Java annotations, you'll need to enable AOP support in your
application. There are a number of different AOP frameworks so, unfortunately,
there is no standard way to enable AOP in an application.
+
+For AspectJ, you can review our
https://github.com/apache/shiro/tree/main/samples/aspectj[AspectJ sample
application].
+
+For Spring, you can look into our link:spring.html[Spring Integration]
documentation.
Review comment:
```suggestion
For Spring, you can look into our link:/spring.html[Spring Integration]
documentation.
```
##########
File path: jbake/content/java-annotations-list.adoc
##########
@@ -0,0 +1,17 @@
+= Java Annotation List
+:jbake-type: page
+:jbake-status: published
+:jbake-tags: documentation, manual
+:idprefix:
+
+Below are a list of the different Shiro annotations you can use in your
application.
+
+*
*link:static/current/apidocs/org/apache/shiro/authz/annotation/RequiresAuthentication.html[RequiresAuthentication]*
- Requires the current Subject to have been authenticated during their current
session for the annotated class/instance/method to be accessed or invoked
Review comment:
```suggestion
*
*link:/static/current/apidocs/org/apache/shiro/authz/annotation/RequiresAuthentication.html[RequiresAuthentication]*
- Requires the current Subject to have been authenticated during their current
session for the annotated class/instance/method to be accessed or invoked
```
##########
File path: jbake/content/java-annotations.adoc
##########
@@ -0,0 +1,15 @@
+= Java Annotation Support
+:jbake-type: page
+:jbake-status: published
+:jbake-tags: documentation, manual, lend-a-hand
Review comment:
-lend-a-hand, +annotations
##########
File path: jbake/content/java-annotations-list.adoc
##########
@@ -0,0 +1,17 @@
+= Java Annotation List
+:jbake-type: page
+:jbake-status: published
+:jbake-tags: documentation, manual
+:idprefix:
+
+Below are a list of the different Shiro annotations you can use in your
application.
+
+*
*link:static/current/apidocs/org/apache/shiro/authz/annotation/RequiresAuthentication.html[RequiresAuthentication]*
- Requires the current Subject to have been authenticated during their current
session for the annotated class/instance/method to be accessed or invoked
+
+*
*link:static/current/apidocs/org/apache/shiro/authz/annotation/RequiresGuest.html[RequiresGuest]*
- Requires the current Subject to be a "guest", that is, they are not
authenticated or remembered from a previous session for the annotated
class/instance/method to be accessed or invoked.
Review comment:
```suggestion
*
*link:/static/current/apidocs/org/apache/shiro/authz/annotation/RequiresGuest.html[RequiresGuest]*
- Requires the current Subject to be a "guest", that is, they are not
authenticated or remembered from a previous session for the annotated
class/instance/method to be accessed or invoked.
```
##########
File path: jbake/content/overview.adoc
##########
@@ -1,60 +1,55 @@
-title=Overview of Apache Shiro
-type=page
-tags=documentation, manual
-status=published
-~~~~~~
+= Overview of Apache Shiro
+:jbake-type: page
+:jbake-status: published
+:jbake-tags: documentation, manual
Review comment:
```suggestion
:jbake-tags: documentation, overview
```
##########
File path: jbake/content/get-started.adoc
##########
@@ -1,38 +1,34 @@
-title=Get Started with Apache Shiro
-date=2014-01-30
-author=Les Hazelwood
-type=page
-tags=documentation, manual
-status=published
-description=Resources, guides and tutorials for new Shiro users.
-~~~~~~
+= Get Started with Apache Shiro
+:jbake-type: page
+:jbake-status: published
+:jbake-tags: documentation, manual
+:idprefix:
Apache Shiro focuses on ease-of-use, so you can rely on secure, stable
authentication, authorization, cryptography, and session management. With
Shiro’s easy-to-understand API, you can quickly and easily secure any
application. Get started!
-## The Basics
+== The Basics
-* **[Introduction to the Apache Shiro Java Security
Framework](introduction.html)**
+* *link:introduction.html[Introduction to the Apache Shiro Java Security
Framework]*
A high-level overview of Apache Shiro's capabilities.
-* **[Architecture](architecture.html)**
+* *link:architecture.html[Architecture]*
An architectural overview of Apache Shiro.
-* **[Terminology](terminology.html)**
+* *link:terminology.html[Terminology]*
Review comment:
```suggestion
* *link:/terminology.html[Terminology]*
```
##########
File path: jbake/content/license.adoc
##########
@@ -1,10 +1,11 @@
-title=Apache License, Version 2.0
-type=page
-tags=documentation, manual
-status=published
-~~~~~~
-
-``` nohighlight
+= Apache License, Version 2.0
+:jbake-type: page
+:jbake-status: published
+:jbake-tags: documentation, manual
Review comment:
```suggestion
:jbake-tags: documentation, license
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@shiro.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
