You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@isis.apache.org by da...@apache.org on 2019/09/25 23:06:37 UTC
[isis] branch v2 updated (37259aa -> 7a844b5)
This is an automated email from the ASF dual-hosted git repository.
danhaywood pushed a change to branch v2
in repository https://gitbox.apache.org/repos/asf/isis.git.
from 37259aa ISIS-2158: DemoApp: preload JRuby stuff for AsciiDoc
new 43c7a2c ISIS-2062: moves shiro docs to isis-plugins-security-shiro
new 3998aba ISIS-2062: factors out isis-security-bypass.
new 7a844b5 ISIS-2062: splitting out security docs
The 3 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
README.adoc | 12 +--
.../archdesign/modules/ROOT/pages/about.adoc | 13 ++-
.../relnotes/modules/ROOT/pages/rn-1.10.0.adoc | 3 +-
.../what-is-apache-isis/isis-in-pictures.adoc | 12 +--
.../modules/cfg/pages/configuring-core.adoc | 2 +-
.../pages/classes/AppManifest-bootstrapping.adoc | 2 +-
.../cms/pages/classes/contributee/HasUserName.adoc | 4 +-
.../pages/classes/super/AbstractSubscriber.adoc | 2 +-
.../svc/pages/core-domain-api/EventBusService.adoc | 2 +-
.../metadata-api/ApplicationFeatureRepository.adoc | 4 -
.../UserRegistrationService.adoc | 2 +-
.../deployment/externalized-configuration.adoc | 2 +-
.../btb/pages/hints-and-tips/multi-tenancy.adoc | 6 +-
core/_adoc-ug/modules/btb/pages/web-xml.adoc | 2 +-
.../apache-isis-vs/mvc-server-side.adoc | 2 +-
.../fun/pages/core-concepts/philosophy/aop.adoc | 2 +-
core/pom.xml | 11 ++-
core/security/_adoc/modules/ROOT/nav.adoc | 27 ------
.../modules/ROOT/pages/_partials/_attributes.adoc | 4 -
.../isisaddons-security-module-realm.adoc | 35 --------
core/security/{ => api}/_adoc/antora.yml | 0
core/security/{ => api}/_adoc/examples.csv | 0
.../{ => api}/_adoc/modules/ROOT/_attributes.adoc | 0
.../assets/attachments}/security-apis-impl.pptx | Bin
.../_adoc/modules/ROOT/assets/images}/.gitkeep | 0
.../_adoc/modules/ROOT/examples}/.gitkeep | 0
core/security/api/_adoc/modules/ROOT/nav.adoc | 1 +
.../_adoc/modules/ROOT/pages/_attributes.adoc | 0
.../{ => api}/_adoc/modules/ROOT/pages/about.adoc | 8 +-
.../modules/ROOT/pages/api-for-applications.adoc | 2 +
.../modules/ROOT/pages/usage-by-isis-viewers.adoc | 35 ++++++++
.../_adoc/modules/ROOT/partials}/_attributes.adoc | 0
.../api/_adoc/modules/ROOT/partials/nav.adoc | 27 ++++++
core/security/{ => api}/_adoc/sync_examples.sh | 0
core/security/{api-and-bypass => api}/pom.xml | 0
.../authentication/AuthenticationRequest.java | 0
.../AuthenticationRequestAbstract.java | 0
.../AuthenticationRequestPassword.java | 0
.../authentication/AuthenticationSession.java | 0
.../AuthenticationSessionAbstract.java | 0
.../AuthenticationSessionProvider.java | 0
.../security/authentication/MessageBroker.java | 0
.../AuthenticationRequestLogonFixture.java | 0
.../fixtures/LogonFixtureAuthenticator.java | 0
.../authentication/health/HealthAuthSession.java | 0
.../manager/AuthenticationManager.java | 0
.../manager/AuthorizationManagerStandard.java | 0
.../manager/RegistrationDetails.java | 0
.../isis/security/authentication/package-info.java | 0
.../AuthenticationRequestSingleUser.java | 0
.../singleuser/SingleUserSession.java | 0
.../standard/AuthenticationManagerStandard.java | 0
.../authentication/standard/Authenticator.java | 0
.../standard/AuthenticatorAbstract.java | 0
.../standard/AuthenticatorDefault.java | 0
.../standard/NoAuthenticatorException.java | 0
.../PasswordRequestAuthenticatorAbstract.java | 0
.../standard/RandomCodeGenerator.java | 0
.../standard/RandomCodeGenerator10Chars.java | 0
.../standard/RandomCodeGeneratorUUID.java | 0
.../authentication/standard/Registrar.java | 0
.../standard/RegistrationDetailsPassword.java | 0
.../authentication/standard/SimpleSession.java | 0
.../manager/AuthorizationManager.java | 0
.../standard/AuthorizationConstants.java | 0
.../authorization/standard/Authorizor.java | 0
.../isis/security/EncodabilityContractTest.java | 0
.../fixture/LogonFixtureAuthenticatorTest.java | 0
.../standard/AuthenticatorDefaultTest.java | 0
.../SimpleSessionEncodabilityNoRolesTest.java | 0
.../SimpleSessionEncodabilityTestAbstract.java | 0
.../SimpleSessionEncodabilityWithRolesTest.java | 0
...rdAuthenticationManager_AuthenticationTest.java | 0
...rdAuthenticationManager_AuthenticatorsTest.java | 0
core/security/{ => bypass}/_adoc/antora.yml | 4 +-
.../security/bypass}/_adoc/examples.csv | 0
.../bypass}/_adoc/modules/ROOT/_attributes.adoc | 0
.../modules/ROOT/assets/attachments}/.gitkeep | 0
.../configure-isis-to-use-bypass.PNG | Bin
.../bypass}/_adoc/modules/ROOT/examples/.gitkeep | 0
core/security/bypass/_adoc/modules/ROOT/nav.adoc | 1 +
.../_adoc/modules/ROOT/pages/_attributes.adoc | 0
.../_adoc/modules/ROOT/pages/about.adoc} | 13 +--
.../pages}/configuring-isis-to-use-bypass.adoc | 5 +-
.../_adoc/modules/ROOT/partials}/_attributes.adoc | 0
.../security/bypass}/_adoc/sync_examples.sh | 0
core/security/{api-and-bypass => bypass}/pom.xml | 14 ++-
.../isis/security/IsisBootSecurityBypass.java | 0
.../authentication/bypass/AuthenticatorBypass.java | 0
.../authorization/bypass/AuthorizorBypass.java | 0
core/security/{plugins => }/shiro/NOTICE | 0
core/security/{ => shiro}/_adoc/antora.yml | 4 +-
.../security/shiro}/_adoc/examples.csv | 0
.../shiro}/_adoc/modules/ROOT/_attributes.adoc | 0
.../modules/ROOT/assets/attachments}/.gitkeep | 0
.../ldap/activeds-ldap-groups.png | Bin
.../ldap/activeds-ldap-mojo-partition.png | Bin
.../ldap/activeds-ldap-mojo-root-dse.png | Bin
.../ldap/activeds-ldap-sasl-authentication.png | Bin
.../configuring-shiro/ldap/activeds-ldap-users.png | Bin
.../configure-isis-to-use-shiro.png | Bin
.../configure-shiro-to-use-custom-jdbc-realm.png | Bin
.../configure-shiro-to-use-ini-realm.PNG | Bin
.../configure-shiro-to-use-isis-ldap-realm.PNG | Bin
.../shiro}/_adoc/modules/ROOT/examples/.gitkeep | 0
core/security/shiro/_adoc/modules/ROOT/nav.adoc | 1 +
.../_adoc/modules/ROOT/pages/_attributes.adoc | 0
.../shiro}/_adoc/modules/ROOT/pages/about.adoc | 6 +-
.../ROOT/pages/configuring-isis-to-use-shiro.adoc | 2 +
.../ROOT/pages/enhanced-wildcard-permission.adoc} | 15 +++-
.../_adoc/modules/ROOT/pages}/ini-realm.adoc | 6 +-
.../_adoc/modules/ROOT/pages}/run-as.adoc | 5 +-
.../_adoc/modules/ROOT/pages}/shiro-caching.adoc | 4 +-
.../_adoc/modules/ROOT/partials}/_attributes.adoc | 0
.../_adoc/modules/realm-jdbc}/_attributes.adoc | 0
.../realm-jdbc/assets/attachments}/.gitkeep | 0
.../configure-shiro-to-use-custom-jdbc-realm.png | Bin
.../_adoc/modules/realm-jdbc}/examples/.gitkeep | 0
.../shiro/_adoc/modules/realm-jdbc/nav.adoc | 1 +
.../modules/realm-jdbc}/pages/_attributes.adoc | 0
.../_adoc/modules/realm-jdbc/pages/about.adoc} | 6 +-
.../modules/realm-jdbc/partials}/_attributes.adoc | 0
.../_adoc/modules/realm-ldap}/_attributes.adoc | 0
.../realm-ldap/assets/attachments}/.gitkeep | 0
.../assets/images}/activeds-ldap-groups.png | Bin
.../images}/activeds-ldap-mojo-partition.png | Bin
.../assets/images}/activeds-ldap-mojo-root-dse.png | Bin
.../images}/activeds-ldap-sasl-authentication.png | Bin
.../assets/images}/activeds-ldap-users.png | Bin
.../configure-shiro-to-use-isis-ldap-realm.PNG | Bin
.../_adoc/modules/realm-ldap}/examples/.gitkeep | 0
.../shiro/_adoc/modules/realm-ldap/nav.adoc | 1 +
.../modules/realm-ldap}/pages/_attributes.adoc | 0
.../_adoc/modules/realm-ldap/pages/about.adoc} | 17 ++--
.../modules/realm-ldap/partials}/_attributes.adoc | 0
.../security/shiro}/_adoc/sync_examples.sh | 0
core/security/{plugins => }/shiro/pom.xml | 2 +-
.../appended-resources/supplemental-models.xml | 0
.../isis/security/shiro/IsisBootSecurityShiro.java | 0
.../security/shiro/IsisLdapContextFactory.java | 0
.../apache/isis/security/shiro/IsisLdapRealm.java | 0
.../isis/security/shiro/ShiroSecurityContext.java | 0
.../apache/isis/security/shiro/WebModuleShiro.java | 0
.../shiro/authentication/ShiroAuthenticator.java | 0
.../shiro/authorization/IsisPermission.java | 0
.../authorization/IsisPermissionResolver.java | 0
.../shiro/authorization/ShiroAuthorizor.java | 0
.../permrolemapper/PermissionToRoleMapper.java | 0
.../PermissionToRoleMapperFromIni.java | 0
.../PermissionToRoleMapperFromString.java | 0
.../isis/security/shiro/permrolemapper/Util.java | 0
.../shiro/IsisPermissionTest_setParts.java | 0
.../shiro/IsisPermissionTest_typicalUsage.java | 0
...AuthenticatorOrAuthorizorTest_authenticate.java | 0
...ticatorOrAuthorizorTest_isVisibleInAnyRole.java | 0
.../authorization/IsisPermissionTest_equals.java | 0
.../PermissionToRoleMapperFromIniTest.java | 0
.../PermissionToRoleMapperFromStringTest.java | 0
.../shiro/permrolemapper/UtilTest_parse.java | 0
.../isis/security/shiro/permrolemapper/my.ini | 0
.../shiro/src/test/resources/shiro.ini | 0
core/viewer-restfulobjects/_adoc/antora.yml | 1 +
.../_adoc/modules/security}/_attributes.adoc | 0
.../modules/security/assets/attachments}/.gitkeep | 0
.../_adoc/modules/security/assets/images}/.gitkeep | 0
.../_adoc/modules/security}/examples/.gitkeep | 0
.../_adoc/modules/security/nav.adoc | 1 +
.../_adoc/modules/security}/pages/_attributes.adoc | 0
.../_adoc/modules/security/pages/about.adoc} | 12 +--
.../modules/security/partials}/_attributes.adoc | 0
.../security/partials/user-registration.adoc} | 64 +-------------
.../_adoc/modules/security/partials/web-xml.adoc | 95 +++++++++++++++++++++
core/viewer-wicket/_adoc/antora.yml | 1 +
.../ROOT/pages/features/user-registration.adoc | 3 +-
.../_adoc/modules/security}/_attributes.adoc | 0
.../modules/security/assets/attachments}/.gitkeep | 0
.../_adoc/modules/security/assets/images}/.gitkeep | 0
.../_adoc/modules/security}/examples/.gitkeep | 0
core/viewer-wicket/_adoc/modules/security/nav.adoc | 1 +
.../_adoc/modules/security}/pages/_attributes.adoc | 0
.../_adoc/modules/security/pages/about.adoc} | 6 +-
.../modules/security/partials}/_attributes.adoc | 0
.../_adoc/modules/security/partials/pages.adoc | 43 ++++++++++
.../security/partials/user-registration.adoc | 25 ++++++
examples/apps/simpleapp/module-simple/pom.xml | 5 ++
examples/smoketests/pom.xml | 5 ++
.../isis/testdomain/jdo/JdoTestDomainPersona.java | 6 +-
.../testdomain/auditing/AuditerServiceTest.java | 7 +-
.../JdoBootstrappingTest_usingFixtures.java | 5 +-
.../commandexecution/BackgroundExecutionTest.java | 5 +-
.../testdomain/commandexecution/WrapperTest.java | 5 +-
.../DomainModelTest_usingGoodDomain.java | 2 +-
.../publishing/PublisherServiceTest.java | 5 +-
.../isis/testdomain/shiro/ShiroSecmanLdapTest.java | 3 +-
.../shiro/ShiroSecmanLdap_restfulStressTest.java | 3 +-
.../testdomain/timestamping/TimestampingTest.java | 5 +-
.../transactions/TransactionRollbackTest.java | 7 +-
.../TransactionRollbackTest_withTransactional.java | 5 +-
extensions/secman/_adoc/modules/ROOT/nav.adoc | 3 +-
.../secman/_adoc/modules/ROOT/pages/about.adoc | 6 +-
.../_adoc/modules/ROOT/partials}/_attributes.adoc | 0
.../secman/_adoc/modules/api}/_attributes.adoc | 0
.../_adoc/modules/api/assets/attachments}/.gitkeep | 0
.../_adoc/modules/api/assets/images}/.gitkeep | 0
.../secman/_adoc/modules/api}/examples/.gitkeep | 0
extensions/secman/_adoc/modules/api/nav.adoc | 1 +
.../_adoc/modules/api}/pages/_attributes.adoc | 0
.../secman/_adoc/modules/api/pages/about.adoc | 5 +-
.../_adoc/modules/api/partials}/_attributes.adoc | 0
.../modules/encryption-jbcrypt}/_attributes.adoc | 0
.../assets/attachments}/.gitkeep | 0
.../encryption-jbcrypt/assets/images}/.gitkeep | 0
.../modules/encryption-jbcrypt}/examples/.gitkeep | 0
.../_adoc/modules/encryption-jbcrypt/nav.adoc | 1 +
.../encryption-jbcrypt}/pages/_attributes.adoc | 0
.../modules/encryption-jbcrypt/pages/about.adoc | 5 +-
.../encryption-jbcrypt/partials}/_attributes.adoc | 0
.../secman/_adoc/modules/model}/_attributes.adoc | 0
.../modules/model/assets/attachments}/.gitkeep | 0
.../_adoc/modules/model/assets/images}/.gitkeep | 0
.../secman/_adoc/modules/model}/examples/.gitkeep | 0
extensions/secman/_adoc/modules/model/nav.adoc | 1 +
.../_adoc/modules/model}/pages/_attributes.adoc | 0
.../secman/_adoc/modules/model/pages/about.adoc | 5 +-
.../_adoc/modules/model/partials}/_attributes.adoc | 0
.../modules/persistence-jdo}/_attributes.adoc | 0
.../persistence-jdo/assets/attachments}/.gitkeep | 0
.../persistence-jdo/assets/images}/.gitkeep | 0
.../modules/persistence-jdo}/examples/.gitkeep | 0
.../secman/_adoc/modules/persistence-jdo/nav.adoc | 1 +
.../persistence-jdo}/pages/_attributes.adoc | 0
.../_adoc/modules/persistence-jdo/pages/about.adoc | 5 +-
.../persistence-jdo/partials}/_attributes.adoc | 0
.../_adoc/modules/realm-shiro}/_attributes.adoc | 0
.../realm-shiro/assets/attachments}/.gitkeep | 0
.../modules/realm-shiro/assets/images}/.gitkeep | 0
...s-security-module-realm-with-delegate-realm.PNG | Bin
...iro-to-use-isisaddons-security-module-realm.PNG | Bin
.../_adoc/modules/realm-shiro}/examples/.gitkeep | 0
.../secman/_adoc/modules/realm-shiro/nav.adoc | 1 +
.../modules/realm-shiro}/pages/_attributes.adoc | 0
.../_adoc/modules/realm-shiro/pages/about.adoc | 31 +++++++
.../modules/realm-shiro/partials}/_attributes.adoc | 0
site.yml | 14 ++-
244 files changed, 470 insertions(+), 258 deletions(-)
delete mode 100644 core/security/_adoc/modules/ROOT/nav.adoc
delete mode 100644 core/security/_adoc/modules/ROOT/pages/_partials/_attributes.adoc
delete mode 100644 core/security/_adoc/modules/ROOT/pages/shiro-realm-implementations/isisaddons-security-module-realm.adoc
copy core/security/{ => api}/_adoc/antora.yml (100%)
rename core/security/{ => api}/_adoc/examples.csv (100%)
rename core/security/{ => api}/_adoc/modules/ROOT/_attributes.adoc (100%)
rename core/security/{_adoc/modules/ROOT/assets/images/security/security-apis-impl => api/_adoc/modules/ROOT/assets/attachments}/security-apis-impl.pptx (100%)
rename core/security/{_adoc/modules/ROOT/examples => api/_adoc/modules/ROOT/assets/images}/.gitkeep (100%)
rename core/security/{_adoc/modules/ROOT/assets/attachments => api/_adoc/modules/ROOT/examples}/.gitkeep (100%)
create mode 100644 core/security/api/_adoc/modules/ROOT/nav.adoc
rename core/security/{ => api}/_adoc/modules/ROOT/pages/_attributes.adoc (100%)
rename core/security/{ => api}/_adoc/modules/ROOT/pages/about.adoc (70%)
rename core/security/{ => api}/_adoc/modules/ROOT/pages/api-for-applications.adoc (98%)
create mode 100644 core/security/api/_adoc/modules/ROOT/pages/usage-by-isis-viewers.adoc
copy {mavendeps/_adoc/modules/ROOT/pages => core/security/api/_adoc/modules/ROOT/partials}/_attributes.adoc (100%)
create mode 100644 core/security/api/_adoc/modules/ROOT/partials/nav.adoc
rename core/security/{ => api}/_adoc/sync_examples.sh (100%)
copy core/security/{api-and-bypass => api}/pom.xml (100%)
rename core/security/{api-and-bypass => api}/src/main/java/org/apache/isis/security/authentication/AuthenticationRequest.java (100%)
rename core/security/{api-and-bypass => api}/src/main/java/org/apache/isis/security/authentication/AuthenticationRequestAbstract.java (100%)
rename core/security/{api-and-bypass => api}/src/main/java/org/apache/isis/security/authentication/AuthenticationRequestPassword.java (100%)
rename core/security/{api-and-bypass => api}/src/main/java/org/apache/isis/security/authentication/AuthenticationSession.java (100%)
rename core/security/{api-and-bypass => api}/src/main/java/org/apache/isis/security/authentication/AuthenticationSessionAbstract.java (100%)
rename core/security/{api-and-bypass => api}/src/main/java/org/apache/isis/security/authentication/AuthenticationSessionProvider.java (100%)
rename core/security/{api-and-bypass => api}/src/main/java/org/apache/isis/security/authentication/MessageBroker.java (100%)
rename core/security/{api-and-bypass => api}/src/main/java/org/apache/isis/security/authentication/fixtures/AuthenticationRequestLogonFixture.java (100%)
rename core/security/{api-and-bypass => api}/src/main/java/org/apache/isis/security/authentication/fixtures/LogonFixtureAuthenticator.java (100%)
rename core/security/{api-and-bypass => api}/src/main/java/org/apache/isis/security/authentication/health/HealthAuthSession.java (100%)
rename core/security/{api-and-bypass => api}/src/main/java/org/apache/isis/security/authentication/manager/AuthenticationManager.java (100%)
rename core/security/{api-and-bypass => api}/src/main/java/org/apache/isis/security/authentication/manager/AuthorizationManagerStandard.java (100%)
rename core/security/{api-and-bypass => api}/src/main/java/org/apache/isis/security/authentication/manager/RegistrationDetails.java (100%)
rename core/security/{api-and-bypass => api}/src/main/java/org/apache/isis/security/authentication/package-info.java (100%)
rename core/security/{api-and-bypass => api}/src/main/java/org/apache/isis/security/authentication/singleuser/AuthenticationRequestSingleUser.java (100%)
rename core/security/{api-and-bypass => api}/src/main/java/org/apache/isis/security/authentication/singleuser/SingleUserSession.java (100%)
rename core/security/{api-and-bypass => api}/src/main/java/org/apache/isis/security/authentication/standard/AuthenticationManagerStandard.java (100%)
rename core/security/{api-and-bypass => api}/src/main/java/org/apache/isis/security/authentication/standard/Authenticator.java (100%)
rename core/security/{api-and-bypass => api}/src/main/java/org/apache/isis/security/authentication/standard/AuthenticatorAbstract.java (100%)
rename core/security/{api-and-bypass => api}/src/main/java/org/apache/isis/security/authentication/standard/AuthenticatorDefault.java (100%)
rename core/security/{api-and-bypass => api}/src/main/java/org/apache/isis/security/authentication/standard/NoAuthenticatorException.java (100%)
rename core/security/{api-and-bypass => api}/src/main/java/org/apache/isis/security/authentication/standard/PasswordRequestAuthenticatorAbstract.java (100%)
rename core/security/{api-and-bypass => api}/src/main/java/org/apache/isis/security/authentication/standard/RandomCodeGenerator.java (100%)
rename core/security/{api-and-bypass => api}/src/main/java/org/apache/isis/security/authentication/standard/RandomCodeGenerator10Chars.java (100%)
rename core/security/{api-and-bypass => api}/src/main/java/org/apache/isis/security/authentication/standard/RandomCodeGeneratorUUID.java (100%)
rename core/security/{api-and-bypass => api}/src/main/java/org/apache/isis/security/authentication/standard/Registrar.java (100%)
rename core/security/{api-and-bypass => api}/src/main/java/org/apache/isis/security/authentication/standard/RegistrationDetailsPassword.java (100%)
rename core/security/{api-and-bypass => api}/src/main/java/org/apache/isis/security/authentication/standard/SimpleSession.java (100%)
rename core/security/{api-and-bypass => api}/src/main/java/org/apache/isis/security/authorization/manager/AuthorizationManager.java (100%)
rename core/security/{api-and-bypass => api}/src/main/java/org/apache/isis/security/authorization/standard/AuthorizationConstants.java (100%)
rename core/security/{api-and-bypass => api}/src/main/java/org/apache/isis/security/authorization/standard/Authorizor.java (100%)
rename core/security/{api-and-bypass => api}/src/test/java/org/apache/isis/security/EncodabilityContractTest.java (100%)
rename core/security/{api-and-bypass => api}/src/test/java/org/apache/isis/security/authentication/fixture/LogonFixtureAuthenticatorTest.java (100%)
rename core/security/{api-and-bypass => api}/src/test/java/org/apache/isis/security/authentication/standard/AuthenticatorDefaultTest.java (100%)
rename core/security/{api-and-bypass => api}/src/test/java/org/apache/isis/security/authentication/standard/SimpleSessionEncodabilityNoRolesTest.java (100%)
rename core/security/{api-and-bypass => api}/src/test/java/org/apache/isis/security/authentication/standard/SimpleSessionEncodabilityTestAbstract.java (100%)
rename core/security/{api-and-bypass => api}/src/test/java/org/apache/isis/security/authentication/standard/SimpleSessionEncodabilityWithRolesTest.java (100%)
rename core/security/{api-and-bypass => api}/src/test/java/org/apache/isis/security/authentication/standard/StandardAuthenticationManager_AuthenticationTest.java (100%)
rename core/security/{api-and-bypass => api}/src/test/java/org/apache/isis/security/authentication/standard/StandardAuthenticationManager_AuthenticatorsTest.java (100%)
copy core/security/{ => bypass}/_adoc/antora.yml (59%)
copy {mavendeps => core/security/bypass}/_adoc/examples.csv (100%)
copy {mavendeps => core/security/bypass}/_adoc/modules/ROOT/_attributes.adoc (100%)
copy {mavendeps/_adoc/modules/ROOT/examples => core/security/bypass/_adoc/modules/ROOT/assets/attachments}/.gitkeep (100%)
rename core/security/{ => bypass}/_adoc/modules/ROOT/assets/images/security/security-apis-impl/configure-isis-to-use-bypass.PNG (100%)
copy {mavendeps => core/security/bypass}/_adoc/modules/ROOT/examples/.gitkeep (100%)
create mode 100644 core/security/bypass/_adoc/modules/ROOT/nav.adoc
copy {mavendeps => core/security/bypass}/_adoc/modules/ROOT/pages/_attributes.adoc (100%)
copy core/security/{_adoc/modules/ROOT/pages/hints-and-tips.adoc => bypass/_adoc/modules/ROOT/pages/about.adoc} (80%)
rename core/security/{_adoc/modules/ROOT/pages/hints-and-tips => bypass/_adoc/modules/ROOT/pages}/configuring-isis-to-use-bypass.adoc (97%)
copy {mavendeps/_adoc/modules/ROOT/pages => core/security/bypass/_adoc/modules/ROOT/partials}/_attributes.adoc (100%)
copy {mavendeps => core/security/bypass}/_adoc/sync_examples.sh (100%)
rename core/security/{api-and-bypass => bypass}/pom.xml (89%)
rename core/security/{api-and-bypass => bypass}/src/main/java/org/apache/isis/security/IsisBootSecurityBypass.java (100%)
rename core/security/{api-and-bypass => bypass}/src/main/java/org/apache/isis/security/authentication/bypass/AuthenticatorBypass.java (100%)
rename core/security/{api-and-bypass => bypass}/src/main/java/org/apache/isis/security/authorization/bypass/AuthorizorBypass.java (100%)
rename core/security/{plugins => }/shiro/NOTICE (100%)
rename core/security/{ => shiro}/_adoc/antora.yml (60%)
copy {mavendeps => core/security/shiro}/_adoc/examples.csv (100%)
copy {mavendeps => core/security/shiro}/_adoc/modules/ROOT/_attributes.adoc (100%)
copy {mavendeps/_adoc/modules/ROOT/examples => core/security/shiro/_adoc/modules/ROOT/assets/attachments}/.gitkeep (100%)
copy core/security/{ => shiro}/_adoc/modules/ROOT/assets/images/configuration/configuring-shiro/ldap/activeds-ldap-groups.png (100%)
copy core/security/{ => shiro}/_adoc/modules/ROOT/assets/images/configuration/configuring-shiro/ldap/activeds-ldap-mojo-partition.png (100%)
copy core/security/{ => shiro}/_adoc/modules/ROOT/assets/images/configuration/configuring-shiro/ldap/activeds-ldap-mojo-root-dse.png (100%)
copy core/security/{ => shiro}/_adoc/modules/ROOT/assets/images/configuration/configuring-shiro/ldap/activeds-ldap-sasl-authentication.png (100%)
copy core/security/{ => shiro}/_adoc/modules/ROOT/assets/images/configuration/configuring-shiro/ldap/activeds-ldap-users.png (100%)
rename core/security/{ => shiro}/_adoc/modules/ROOT/assets/images/security/security-apis-impl/configure-isis-to-use-shiro.png (100%)
copy core/security/{ => shiro}/_adoc/modules/ROOT/assets/images/security/security-apis-impl/configure-shiro-to-use-custom-jdbc-realm.png (100%)
rename core/security/{ => shiro}/_adoc/modules/ROOT/assets/images/security/security-apis-impl/configure-shiro-to-use-ini-realm.PNG (100%)
copy core/security/{ => shiro}/_adoc/modules/ROOT/assets/images/security/security-apis-impl/configure-shiro-to-use-isis-ldap-realm.PNG (100%)
copy {mavendeps => core/security/shiro}/_adoc/modules/ROOT/examples/.gitkeep (100%)
create mode 100644 core/security/shiro/_adoc/modules/ROOT/nav.adoc
copy {mavendeps => core/security/shiro}/_adoc/modules/ROOT/pages/_attributes.adoc (100%)
copy {extensions/secman => core/security/shiro}/_adoc/modules/ROOT/pages/about.adoc (83%)
rename core/security/{ => shiro}/_adoc/modules/ROOT/pages/configuring-isis-to-use-shiro.adoc (98%)
rename core/security/{_adoc/modules/ROOT/pages/shiro-isis-enhanced-wildcard-permission.adoc => shiro/_adoc/modules/ROOT/pages/enhanced-wildcard-permission.adoc} (68%)
rename core/security/{_adoc/modules/ROOT/pages/shiro-realm-implementations => shiro/_adoc/modules/ROOT/pages}/ini-realm.adoc (95%)
rename core/security/{_adoc/modules/ROOT/pages/hints-and-tips => shiro/_adoc/modules/ROOT/pages}/run-as.adoc (99%)
rename core/security/{_adoc/modules/ROOT/pages/hints-and-tips => shiro/_adoc/modules/ROOT/pages}/shiro-caching.adoc (98%)
rename {extensions/secman/_adoc/modules/ROOT/pages/_partials => core/security/shiro/_adoc/modules/ROOT/partials}/_attributes.adoc (100%)
copy {mavendeps/_adoc/modules/ROOT => core/security/shiro/_adoc/modules/realm-jdbc}/_attributes.adoc (100%)
copy {mavendeps/_adoc/modules/ROOT/examples => core/security/shiro/_adoc/modules/realm-jdbc/assets/attachments}/.gitkeep (100%)
rename core/security/{_adoc/modules/ROOT/assets/images/security/security-apis-impl => shiro/_adoc/modules/realm-jdbc/assets/images}/configure-shiro-to-use-custom-jdbc-realm.png (100%)
copy {mavendeps/_adoc/modules/ROOT => core/security/shiro/_adoc/modules/realm-jdbc}/examples/.gitkeep (100%)
create mode 100644 core/security/shiro/_adoc/modules/realm-jdbc/nav.adoc
copy {mavendeps/_adoc/modules/ROOT => core/security/shiro/_adoc/modules/realm-jdbc}/pages/_attributes.adoc (100%)
rename core/security/{_adoc/modules/ROOT/pages/shiro-realm-implementations/jdbc-realm.adoc => shiro/_adoc/modules/realm-jdbc/pages/about.adoc} (91%)
rename core/security/{_adoc/modules/ROOT/pages/shiro-realm-implementations => shiro/_adoc/modules/realm-jdbc/partials}/_attributes.adoc (100%)
copy {mavendeps/_adoc/modules/ROOT => core/security/shiro/_adoc/modules/realm-ldap}/_attributes.adoc (100%)
copy {mavendeps/_adoc/modules/ROOT/examples => core/security/shiro/_adoc/modules/realm-ldap/assets/attachments}/.gitkeep (100%)
rename core/security/{_adoc/modules/ROOT/assets/images/configuration/configuring-shiro/ldap => shiro/_adoc/modules/realm-ldap/assets/images}/activeds-ldap-groups.png (100%)
rename core/security/{_adoc/modules/ROOT/assets/images/configuration/configuring-shiro/ldap => shiro/_adoc/modules/realm-ldap/assets/images}/activeds-ldap-mojo-partition.png (100%)
rename core/security/{_adoc/modules/ROOT/assets/images/configuration/configuring-shiro/ldap => shiro/_adoc/modules/realm-ldap/assets/images}/activeds-ldap-mojo-root-dse.png (100%)
rename core/security/{_adoc/modules/ROOT/assets/images/configuration/configuring-shiro/ldap => shiro/_adoc/modules/realm-ldap/assets/images}/activeds-ldap-sasl-authentication.png (100%)
rename core/security/{_adoc/modules/ROOT/assets/images/configuration/configuring-shiro/ldap => shiro/_adoc/modules/realm-ldap/assets/images}/activeds-ldap-users.png (100%)
rename core/security/{_adoc/modules/ROOT/assets/images/security/security-apis-impl => shiro/_adoc/modules/realm-ldap/assets/images}/configure-shiro-to-use-isis-ldap-realm.PNG (100%)
copy {mavendeps/_adoc/modules/ROOT => core/security/shiro/_adoc/modules/realm-ldap}/examples/.gitkeep (100%)
create mode 100644 core/security/shiro/_adoc/modules/realm-ldap/nav.adoc
copy {mavendeps/_adoc/modules/ROOT => core/security/shiro/_adoc/modules/realm-ldap}/pages/_attributes.adoc (100%)
rename core/security/{_adoc/modules/ROOT/pages/shiro-realm-implementations/isis-ldap-realm.adoc => shiro/_adoc/modules/realm-ldap/pages/about.adoc} (82%)
rename core/security/{_adoc/modules/ROOT/pages/hints-and-tips => shiro/_adoc/modules/realm-ldap/partials}/_attributes.adoc (100%)
copy {mavendeps => core/security/shiro}/_adoc/sync_examples.sh (100%)
rename core/security/{plugins => }/shiro/pom.xml (99%)
rename core/security/{plugins => }/shiro/src/main/appended-resources/supplemental-models.xml (100%)
rename core/security/{plugins => }/shiro/src/main/java/org/apache/isis/security/shiro/IsisBootSecurityShiro.java (100%)
rename core/security/{plugins => }/shiro/src/main/java/org/apache/isis/security/shiro/IsisLdapContextFactory.java (100%)
rename core/security/{plugins => }/shiro/src/main/java/org/apache/isis/security/shiro/IsisLdapRealm.java (100%)
rename core/security/{plugins => }/shiro/src/main/java/org/apache/isis/security/shiro/ShiroSecurityContext.java (100%)
rename core/security/{plugins => }/shiro/src/main/java/org/apache/isis/security/shiro/WebModuleShiro.java (100%)
rename core/security/{plugins => }/shiro/src/main/java/org/apache/isis/security/shiro/authentication/ShiroAuthenticator.java (100%)
rename core/security/{plugins => }/shiro/src/main/java/org/apache/isis/security/shiro/authorization/IsisPermission.java (100%)
rename core/security/{plugins => }/shiro/src/main/java/org/apache/isis/security/shiro/authorization/IsisPermissionResolver.java (100%)
rename core/security/{plugins => }/shiro/src/main/java/org/apache/isis/security/shiro/authorization/ShiroAuthorizor.java (100%)
rename core/security/{plugins => }/shiro/src/main/java/org/apache/isis/security/shiro/permrolemapper/PermissionToRoleMapper.java (100%)
rename core/security/{plugins => }/shiro/src/main/java/org/apache/isis/security/shiro/permrolemapper/PermissionToRoleMapperFromIni.java (100%)
rename core/security/{plugins => }/shiro/src/main/java/org/apache/isis/security/shiro/permrolemapper/PermissionToRoleMapperFromString.java (100%)
rename core/security/{plugins => }/shiro/src/main/java/org/apache/isis/security/shiro/permrolemapper/Util.java (100%)
rename core/security/{plugins => }/shiro/src/test/java/org/apache/isis/security/shiro/IsisPermissionTest_setParts.java (100%)
rename core/security/{plugins => }/shiro/src/test/java/org/apache/isis/security/shiro/IsisPermissionTest_typicalUsage.java (100%)
rename core/security/{plugins => }/shiro/src/test/java/org/apache/isis/security/shiro/ShiroAuthenticatorOrAuthorizorTest_authenticate.java (100%)
rename core/security/{plugins => }/shiro/src/test/java/org/apache/isis/security/shiro/ShiroAuthenticatorOrAuthorizorTest_isVisibleInAnyRole.java (100%)
rename core/security/{plugins => }/shiro/src/test/java/org/apache/isis/security/shiro/authorization/IsisPermissionTest_equals.java (100%)
rename core/security/{plugins => }/shiro/src/test/java/org/apache/isis/security/shiro/permrolemapper/PermissionToRoleMapperFromIniTest.java (100%)
rename core/security/{plugins => }/shiro/src/test/java/org/apache/isis/security/shiro/permrolemapper/PermissionToRoleMapperFromStringTest.java (100%)
rename core/security/{plugins => }/shiro/src/test/java/org/apache/isis/security/shiro/permrolemapper/UtilTest_parse.java (100%)
rename core/security/{plugins => }/shiro/src/test/resources/org/apache/isis/security/shiro/permrolemapper/my.ini (100%)
rename core/security/{plugins => }/shiro/src/test/resources/shiro.ini (100%)
copy {mavendeps/_adoc/modules/ROOT => core/viewer-restfulobjects/_adoc/modules/security}/_attributes.adoc (100%)
copy {mavendeps/_adoc/modules/ROOT/examples => core/viewer-restfulobjects/_adoc/modules/security/assets/attachments}/.gitkeep (100%)
copy {mavendeps/_adoc/modules/ROOT/examples => core/viewer-restfulobjects/_adoc/modules/security/assets/images}/.gitkeep (100%)
copy {mavendeps/_adoc/modules/ROOT => core/viewer-restfulobjects/_adoc/modules/security}/examples/.gitkeep (100%)
create mode 100644 core/viewer-restfulobjects/_adoc/modules/security/nav.adoc
copy {mavendeps/_adoc/modules/ROOT => core/viewer-restfulobjects/_adoc/modules/security}/pages/_attributes.adoc (100%)
rename core/{security/_adoc/modules/ROOT/pages/hints-and-tips.adoc => viewer-restfulobjects/_adoc/modules/security/pages/about.adoc} (82%)
copy {mavendeps/_adoc/modules/ROOT/pages => core/viewer-restfulobjects/_adoc/modules/security/partials}/_attributes.adoc (100%)
rename core/{security/_adoc/modules/ROOT/pages/usage-by-isis-viewers.adoc => viewer-restfulobjects/_adoc/modules/security/partials/user-registration.adoc} (68%)
create mode 100644 core/viewer-restfulobjects/_adoc/modules/security/partials/web-xml.adoc
copy {mavendeps/_adoc/modules/ROOT => core/viewer-wicket/_adoc/modules/security}/_attributes.adoc (100%)
copy {mavendeps/_adoc/modules/ROOT/examples => core/viewer-wicket/_adoc/modules/security/assets/attachments}/.gitkeep (100%)
copy {mavendeps/_adoc/modules/ROOT/examples => core/viewer-wicket/_adoc/modules/security/assets/images}/.gitkeep (100%)
copy {mavendeps/_adoc/modules/ROOT => core/viewer-wicket/_adoc/modules/security}/examples/.gitkeep (100%)
create mode 100644 core/viewer-wicket/_adoc/modules/security/nav.adoc
copy {mavendeps/_adoc/modules/ROOT => core/viewer-wicket/_adoc/modules/security}/pages/_attributes.adoc (100%)
copy core/{security/_adoc/modules/ROOT/pages/shiro-realm-implementations.adoc => viewer-wicket/_adoc/modules/security/pages/about.adoc} (85%)
copy {mavendeps/_adoc/modules/ROOT/pages => core/viewer-wicket/_adoc/modules/security/partials}/_attributes.adoc (100%)
create mode 100644 core/viewer-wicket/_adoc/modules/security/partials/pages.adoc
create mode 100644 core/viewer-wicket/_adoc/modules/security/partials/user-registration.adoc
copy {mavendeps/_adoc/modules/ROOT/pages => extensions/secman/_adoc/modules/ROOT/partials}/_attributes.adoc (100%)
copy {mavendeps/_adoc/modules/ROOT => extensions/secman/_adoc/modules/api}/_attributes.adoc (100%)
copy {mavendeps/_adoc/modules/ROOT/examples => extensions/secman/_adoc/modules/api/assets/attachments}/.gitkeep (100%)
copy {mavendeps/_adoc/modules/ROOT/examples => extensions/secman/_adoc/modules/api/assets/images}/.gitkeep (100%)
copy {mavendeps/_adoc/modules/ROOT => extensions/secman/_adoc/modules/api}/examples/.gitkeep (100%)
create mode 100644 extensions/secman/_adoc/modules/api/nav.adoc
copy {mavendeps/_adoc/modules/ROOT => extensions/secman/_adoc/modules/api}/pages/_attributes.adoc (100%)
copy core/security/_adoc/modules/ROOT/pages/shiro-realm-implementations.adoc => extensions/secman/_adoc/modules/api/pages/about.adoc (95%)
copy {mavendeps/_adoc/modules/ROOT/pages => extensions/secman/_adoc/modules/api/partials}/_attributes.adoc (100%)
copy {mavendeps/_adoc/modules/ROOT => extensions/secman/_adoc/modules/encryption-jbcrypt}/_attributes.adoc (100%)
copy {mavendeps/_adoc/modules/ROOT/examples => extensions/secman/_adoc/modules/encryption-jbcrypt/assets/attachments}/.gitkeep (100%)
copy {mavendeps/_adoc/modules/ROOT/examples => extensions/secman/_adoc/modules/encryption-jbcrypt/assets/images}/.gitkeep (100%)
copy {mavendeps/_adoc/modules/ROOT => extensions/secman/_adoc/modules/encryption-jbcrypt}/examples/.gitkeep (100%)
create mode 100644 extensions/secman/_adoc/modules/encryption-jbcrypt/nav.adoc
copy {mavendeps/_adoc/modules/ROOT => extensions/secman/_adoc/modules/encryption-jbcrypt}/pages/_attributes.adoc (100%)
copy core/security/_adoc/modules/ROOT/pages/shiro-realm-implementations.adoc => extensions/secman/_adoc/modules/encryption-jbcrypt/pages/about.adoc (93%)
copy {mavendeps/_adoc/modules/ROOT/pages => extensions/secman/_adoc/modules/encryption-jbcrypt/partials}/_attributes.adoc (100%)
copy {mavendeps/_adoc/modules/ROOT => extensions/secman/_adoc/modules/model}/_attributes.adoc (100%)
copy {mavendeps/_adoc/modules/ROOT/examples => extensions/secman/_adoc/modules/model/assets/attachments}/.gitkeep (100%)
copy {mavendeps/_adoc/modules/ROOT/examples => extensions/secman/_adoc/modules/model/assets/images}/.gitkeep (100%)
copy {mavendeps/_adoc/modules/ROOT => extensions/secman/_adoc/modules/model}/examples/.gitkeep (100%)
create mode 100644 extensions/secman/_adoc/modules/model/nav.adoc
copy {mavendeps/_adoc/modules/ROOT => extensions/secman/_adoc/modules/model}/pages/_attributes.adoc (100%)
copy core/security/_adoc/modules/ROOT/pages/shiro-realm-implementations.adoc => extensions/secman/_adoc/modules/model/pages/about.adoc (95%)
copy {mavendeps/_adoc/modules/ROOT/pages => extensions/secman/_adoc/modules/model/partials}/_attributes.adoc (100%)
copy {mavendeps/_adoc/modules/ROOT => extensions/secman/_adoc/modules/persistence-jdo}/_attributes.adoc (100%)
copy {mavendeps/_adoc/modules/ROOT/examples => extensions/secman/_adoc/modules/persistence-jdo/assets/attachments}/.gitkeep (100%)
copy {mavendeps/_adoc/modules/ROOT/examples => extensions/secman/_adoc/modules/persistence-jdo/assets/images}/.gitkeep (100%)
copy {mavendeps/_adoc/modules/ROOT => extensions/secman/_adoc/modules/persistence-jdo}/examples/.gitkeep (100%)
create mode 100644 extensions/secman/_adoc/modules/persistence-jdo/nav.adoc
copy {mavendeps/_adoc/modules/ROOT => extensions/secman/_adoc/modules/persistence-jdo}/pages/_attributes.adoc (100%)
rename core/security/_adoc/modules/ROOT/pages/shiro-realm-implementations.adoc => extensions/secman/_adoc/modules/persistence-jdo/pages/about.adoc (94%)
copy {mavendeps/_adoc/modules/ROOT/pages => extensions/secman/_adoc/modules/persistence-jdo/partials}/_attributes.adoc (100%)
copy {mavendeps/_adoc/modules/ROOT => extensions/secman/_adoc/modules/realm-shiro}/_attributes.adoc (100%)
copy {mavendeps/_adoc/modules/ROOT/examples => extensions/secman/_adoc/modules/realm-shiro/assets/attachments}/.gitkeep (100%)
copy {mavendeps/_adoc/modules/ROOT/examples => extensions/secman/_adoc/modules/realm-shiro/assets/images}/.gitkeep (100%)
rename {core/security/_adoc/modules/ROOT/assets/images/security/security-apis-impl => extensions/secman/_adoc/modules/realm-shiro/assets/images}/configure-shiro-to-use-isisaddons-security-module-realm-with-delegate-realm.PNG (100%)
rename {core/security/_adoc/modules/ROOT/assets/images/security/security-apis-impl => extensions/secman/_adoc/modules/realm-shiro/assets/images}/configure-shiro-to-use-isisaddons-security-module-realm.PNG (100%)
copy {mavendeps/_adoc/modules/ROOT => extensions/secman/_adoc/modules/realm-shiro}/examples/.gitkeep (100%)
create mode 100644 extensions/secman/_adoc/modules/realm-shiro/nav.adoc
copy {mavendeps/_adoc/modules/ROOT => extensions/secman/_adoc/modules/realm-shiro}/pages/_attributes.adoc (100%)
create mode 100644 extensions/secman/_adoc/modules/realm-shiro/pages/about.adoc
copy {mavendeps/_adoc/modules/ROOT/pages => extensions/secman/_adoc/modules/realm-shiro/partials}/_attributes.adoc (100%)
[isis] 01/03: ISIS-2062: moves shiro docs to
isis-plugins-security-shiro
Posted by da...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
danhaywood pushed a commit to branch v2
in repository https://gitbox.apache.org/repos/asf/isis.git
commit 43c7a2c4231bf75c9ff502da153b2972651629a5
Author: danhaywood <da...@haywood-associates.co.uk>
AuthorDate: Wed Sep 25 17:50:16 2019 +0100
ISIS-2062: moves shiro docs to isis-plugins-security-shiro
---
.../archdesign/modules/ROOT/pages/about.adoc | 10 +++++-
.../deployment/externalized-configuration.adoc | 2 +-
core/_adoc-ug/modules/btb/pages/web-xml.adoc | 2 +-
core/security/_adoc/modules/ROOT/nav.adoc | 28 +--------------
core/security/_adoc/modules/ROOT/pages/about.adoc | 2 ++
.../modules/ROOT/pages/api-for-applications.adoc | 2 ++
.../configuring-isis-to-use-bypass.adoc | 5 +--
.../modules/ROOT/pages/usage-by-isis-viewers.adoc | 2 ++
.../{pages/_partials => partials}/_attributes.adoc | 2 +-
core/security/_adoc/modules/ROOT/partials/nav.adoc | 19 ++++++++++
core/security/plugins/shiro/_adoc/antora.yml | 6 ++++
core/security/plugins/shiro/_adoc/examples.csv | 1 +
.../shiro/_adoc/modules/ROOT/_attributes.adoc | 6 ++++
.../_adoc/modules/ROOT/assets/attachments/.gitkeep | 0
.../ldap/activeds-ldap-groups.png | Bin
.../ldap/activeds-ldap-mojo-partition.png | Bin
.../ldap/activeds-ldap-mojo-root-dse.png | Bin
.../ldap/activeds-ldap-sasl-authentication.png | Bin
.../configuring-shiro/ldap/activeds-ldap-users.png | Bin
.../configure-isis-to-use-shiro.png | Bin
.../configure-shiro-to-use-custom-jdbc-realm.png | Bin
.../configure-shiro-to-use-ini-realm.PNG | Bin
.../configure-shiro-to-use-isis-ldap-realm.PNG | Bin
...s-security-module-realm-with-delegate-realm.PNG | Bin
...iro-to-use-isisaddons-security-module-realm.PNG | Bin
.../shiro/_adoc/modules/ROOT/examples/.gitkeep | 0
.../plugins/shiro/_adoc/modules/ROOT/nav.adoc | 1 +
.../_adoc/modules/ROOT/pages}/_attributes.adoc | 2 +-
.../shiro/_adoc/modules/ROOT/pages/about.adoc} | 6 ++--
.../ROOT/pages/configuring-isis-to-use-shiro.adoc | 2 ++
.../shiro/_adoc/modules/ROOT/pages}/run-as.adoc | 5 +--
.../_adoc/modules/ROOT/pages}/shiro-caching.adoc | 4 ++-
.../shiro-isis-enhanced-wildcard-permission.adoc | 4 ++-
.../ROOT/pages/shiro-realm-implementations.adoc} | 14 ++++----
.../shiro-realm-implementations/_attributes.adoc | 0
.../shiro-realm-implementations/ini-realm.adoc | 2 ++
.../isis-ldap-realm.adoc | 2 ++
.../isisaddons-security-module-realm.adoc | 3 +-
.../shiro-realm-implementations/jdbc-realm.adoc | 3 +-
.../_adoc/modules/ROOT/partials}/_attributes.adoc | 0
core/security/plugins/shiro/_adoc/sync_examples.sh | 39 +++++++++++++++++++++
site.yml | 9 +++++
42 files changed, 132 insertions(+), 51 deletions(-)
diff --git a/antora/components/archdesign/modules/ROOT/pages/about.adoc b/antora/components/archdesign/modules/ROOT/pages/about.adoc
index 606f09c..a80f21e 100644
--- a/antora/components/archdesign/modules/ROOT/pages/about.adoc
+++ b/antora/components/archdesign/modules/ROOT/pages/about.adoc
@@ -6,4 +6,12 @@ This guide describes the internal architecture and design of the framework.
[CAUTION]
====
This material is out-of-date.
-====
\ No newline at end of file
+====
+
+
+to discuss:
+
+* our plugin architecture (using ServiceLoader)
+* webmodule architecture (programmatic web.xml)
+* use of Spring Boot & our modules for classpath scanning
+* configuration
diff --git a/core/_adoc-ug/modules/btb/pages/deployment/externalized-configuration.adoc b/core/_adoc-ug/modules/btb/pages/deployment/externalized-configuration.adoc
index 38ab67c..5d2362d 100644
--- a/core/_adoc-ug/modules/btb/pages/deployment/externalized-configuration.adoc
+++ b/core/_adoc-ug/modules/btb/pages/deployment/externalized-configuration.adoc
@@ -75,7 +75,7 @@ Note that running the app using Apache Isis' `org.apache.isis.WebServer` bootstr
== Shiro Config
-If using Apache Isis' xref:security:ROOT:configuring-isis-to-use-shiro.adoc[Shiro integration] for authentication and/or authorization, note that it reads from the `shiro.ini` configuration file.
+If using Apache Isis' xref:security-shiro:ROOT:configuring-isis-to-use-shiro.adoc[Shiro integration] for authentication and/or authorization, note that it reads from the `shiro.ini` configuration file.
By default this also resides in `WEB-INF`.
Similar to Apache Isis, Shiro lets this configuration directory be altered, by specifying the `shiroConfigLocations` context parameter.
diff --git a/core/_adoc-ug/modules/btb/pages/web-xml.adoc b/core/_adoc-ug/modules/btb/pages/web-xml.adoc
index e02bded..1b55595 100644
--- a/core/_adoc-ug/modules/btb/pages/web-xml.adoc
+++ b/core/_adoc-ug/modules/btb/pages/web-xml.adoc
@@ -13,7 +13,7 @@ You can deploy both of these concurrently, or deploy just the Wicket viewer, or
The configuration in `web.xml` varies accordingly, both in terms of the servlet context listeners, filters and servlets.
If you are using Apache Isis' integration with Apache Shiro (for security) then this also needs configuring in `web.xml`.
-See the xref:security:ROOT:configuring-isis-to-use-shiro.adoc[security chapter] for full details on this topic.
+See the xref:security-shiro:ROOT:configuring-isis-to-use-shiro.adoc[security guide] for full details on this topic.
The servlets and filters are mapped to three main pipelines:
diff --git a/core/security/_adoc/modules/ROOT/nav.adoc b/core/security/_adoc/modules/ROOT/nav.adoc
index ce44809..47365c7 100644
--- a/core/security/_adoc/modules/ROOT/nav.adoc
+++ b/core/security/_adoc/modules/ROOT/nav.adoc
@@ -1,27 +1 @@
-* xref:about.adoc[Security]
-
-
-** xref:configuring-isis-to-use-shiro.adoc[Configuring Isis to use Shiro]
-
-
-** xref:shiro-realm-implementations.adoc[Shiro Realm Implementations]
-*** xref:shiro-realm-implementations/ini-realm.adoc[INI Realm]
-*** xref:shiro-realm-implementations/isis-ldap-realm.adoc[Isis LDAP Realm]
-*** xref:shiro-realm-implementations/isisaddons-security-module-realm.adoc[Isis Addons Security Module Realm]
-*** xref:shiro-realm-implementations/jdbc-realm.adoc[JDBC Realm]
-
-
-** xref:shiro-isis-enhanced-wildcard-permission.adoc[Shiro Isis Enhanced Wildcard Permission]
-
-
-** xref:hints-and-tips.adoc[Hints-n-Tips]
-*** xref:hints-and-tips/configuring-isis-to-use-bypass.adoc[Configuring Isis to use Bypass]
-*** xref:hints-and-tips/run-as.adoc[Run As]
-*** xref:hints-and-tips/shiro-caching.adoc[Shiro Caching]
-
-
-** xref:api-for-applications.adoc[API for Applications]
-
-
-** xref:usage-by-isis-viewers.adoc[Usage by Isis Viewers]
-
+include::security:ROOT:partial$nav.adoc[]
\ No newline at end of file
diff --git a/core/security/_adoc/modules/ROOT/pages/about.adoc b/core/security/_adoc/modules/ROOT/pages/about.adoc
index 26a2e2c..448e869 100644
--- a/core/security/_adoc/modules/ROOT/pages/about.adoc
+++ b/core/security/_adoc/modules/ROOT/pages/about.adoc
@@ -1,5 +1,7 @@
= Security
+:Notice: Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at. http://www.apache.org/licenses/LICENSE-2.0 . Unless required by applicable law or ag [...]
include::_attributes.adoc[]
+:page-partial:
This guide describes the authentication and authorization features available to secure your Apache Isis application.
diff --git a/core/security/_adoc/modules/ROOT/pages/api-for-applications.adoc b/core/security/_adoc/modules/ROOT/pages/api-for-applications.adoc
index d57d6ca..dcf93ce 100644
--- a/core/security/_adoc/modules/ROOT/pages/api-for-applications.adoc
+++ b/core/security/_adoc/modules/ROOT/pages/api-for-applications.adoc
@@ -1,6 +1,8 @@
+[[api-for-applications]]
= API for Applications
:Notice: Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at. http://www.apache.org/licenses/LICENSE-2.0 . Unless required by applicable law or ag [...]
include::_attributes.adoc[]
+:page-partial:
diff --git a/core/security/_adoc/modules/ROOT/pages/hints-and-tips/configuring-isis-to-use-bypass.adoc b/core/security/_adoc/modules/ROOT/pages/configuring-isis-to-use-bypass.adoc
similarity index 97%
rename from core/security/_adoc/modules/ROOT/pages/hints-and-tips/configuring-isis-to-use-bypass.adoc
rename to core/security/_adoc/modules/ROOT/pages/configuring-isis-to-use-bypass.adoc
index 8518727..8ee713e 100644
--- a/core/security/_adoc/modules/ROOT/pages/hints-and-tips/configuring-isis-to-use-bypass.adoc
+++ b/core/security/_adoc/modules/ROOT/pages/configuring-isis-to-use-bypass.adoc
@@ -1,7 +1,8 @@
-include::_attributes.adoc[]
+[[configuring-isis-to-use-bypass]]
= Bypassing security
:Notice: Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at. http://www.apache.org/licenses/LICENSE-2.0 . Unless required by applicable law or ag [...]
-
+include::_attributes.adoc[]
+:page-partial:
The bypass security component consists of an implementation of both the `AuthenticationManager` and `AuthorizationManager` APIs, and are intended for prototyping use only.
diff --git a/core/security/_adoc/modules/ROOT/pages/usage-by-isis-viewers.adoc b/core/security/_adoc/modules/ROOT/pages/usage-by-isis-viewers.adoc
index bf5c8f3..ed53ad1 100644
--- a/core/security/_adoc/modules/ROOT/pages/usage-by-isis-viewers.adoc
+++ b/core/security/_adoc/modules/ROOT/pages/usage-by-isis-viewers.adoc
@@ -1,6 +1,8 @@
+[[usage-by-isis-viewers]]
= Usage by Apache Isis' Viewers
:Notice: Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at. http://www.apache.org/licenses/LICENSE-2.0 . Unless required by applicable law or ag [...]
include::_attributes.adoc[]
+:page-partial:
diff --git a/core/security/_adoc/modules/ROOT/pages/_partials/_attributes.adoc b/core/security/_adoc/modules/ROOT/partials/_attributes.adoc
similarity index 81%
copy from core/security/_adoc/modules/ROOT/pages/_partials/_attributes.adoc
copy to core/security/_adoc/modules/ROOT/partials/_attributes.adoc
index d011536..e8ada7c 100644
--- a/core/security/_adoc/modules/ROOT/pages/_partials/_attributes.adoc
+++ b/core/security/_adoc/modules/ROOT/partials/_attributes.adoc
@@ -1,4 +1,4 @@
ifndef::env-site,env-github[]
-:moduledir: ../..
+:moduledir: ..
include::{moduledir}/_attributes.adoc[]
endif::[]
diff --git a/core/security/_adoc/modules/ROOT/partials/nav.adoc b/core/security/_adoc/modules/ROOT/partials/nav.adoc
new file mode 100644
index 0000000..4c0892e
--- /dev/null
+++ b/core/security/_adoc/modules/ROOT/partials/nav.adoc
@@ -0,0 +1,19 @@
+* xref:security:ROOT:about.adoc[Security]
+
+** xref:security:ROOT:configuring-isis-to-use-bypass.adoc[Configuring Isis to use Bypass]
+
+** Shiro
+*** xref:security-shiro:ROOT:configuring-isis-to-use-shiro.adoc[Configuring Isis to use Shiro]
+*** xref:security-shiro:ROOT:shiro-realm-implementations.adoc[Shiro Realm Implementations]
+**** xref:security-shiro:ROOT:shiro-realm-implementations/ini-realm.adoc[INI Realm]
+**** xref:security-shiro:ROOT:shiro-realm-implementations/isis-ldap-realm.adoc[Isis LDAP Realm]
+**** xref:security-shiro:ROOT:shiro-realm-implementations/isisaddons-security-module-realm.adoc[Isis Addons Security Module Realm]
+**** xref:security-shiro:ROOT:shiro-realm-implementations/jdbc-realm.adoc[JDBC Realm]
+*** xref:security-shiro:ROOT:shiro-isis-enhanced-wildcard-permission.adoc[Shiro Isis Enhanced Wildcard Permission]
+*** xref:security-shiro:ROOT:run-as.adoc[Run As]
+*** xref:security-shiro:ROOT:shiro-caching.adoc[Shiro Caching]
+
+** xref:security:ROOT:api-for-applications.adoc[API for Applications]
+
+** xref:security:ROOT:usage-by-isis-viewers.adoc[Usage by Isis Viewers]
+
diff --git a/core/security/plugins/shiro/_adoc/antora.yml b/core/security/plugins/shiro/_adoc/antora.yml
new file mode 100644
index 0000000..87adb67
--- /dev/null
+++ b/core/security/plugins/shiro/_adoc/antora.yml
@@ -0,0 +1,6 @@
+name: security-shiro
+title: "Security - Shiro"
+version: master
+start_page: ROOT:about.adoc
+nav:
+- modules/ROOT/nav.adoc
diff --git a/core/security/plugins/shiro/_adoc/examples.csv b/core/security/plugins/shiro/_adoc/examples.csv
new file mode 100644
index 0000000..5d5804b
--- /dev/null
+++ b/core/security/plugins/shiro/_adoc/examples.csv
@@ -0,0 +1 @@
+#file,source,target
diff --git a/core/security/plugins/shiro/_adoc/modules/ROOT/_attributes.adoc b/core/security/plugins/shiro/_adoc/modules/ROOT/_attributes.adoc
new file mode 100644
index 0000000..787e5c4
--- /dev/null
+++ b/core/security/plugins/shiro/_adoc/modules/ROOT/_attributes.adoc
@@ -0,0 +1,6 @@
+ifndef::env-site,env-github[]
+:attachmentsdir: {moduledir}/assets/attachments
+:examplesdir: {moduledir}/examples
+:imagesdir: {moduledir}/assets/images
+:partialsdir: {moduledir}/pages/_partials
+endif::[]
diff --git a/core/security/plugins/shiro/_adoc/modules/ROOT/assets/attachments/.gitkeep b/core/security/plugins/shiro/_adoc/modules/ROOT/assets/attachments/.gitkeep
new file mode 100644
index 0000000..e69de29
diff --git a/core/security/_adoc/modules/ROOT/assets/images/configuration/configuring-shiro/ldap/activeds-ldap-groups.png b/core/security/plugins/shiro/_adoc/modules/ROOT/assets/images/configuration/configuring-shiro/ldap/activeds-ldap-groups.png
similarity index 100%
rename from core/security/_adoc/modules/ROOT/assets/images/configuration/configuring-shiro/ldap/activeds-ldap-groups.png
rename to core/security/plugins/shiro/_adoc/modules/ROOT/assets/images/configuration/configuring-shiro/ldap/activeds-ldap-groups.png
diff --git a/core/security/_adoc/modules/ROOT/assets/images/configuration/configuring-shiro/ldap/activeds-ldap-mojo-partition.png b/core/security/plugins/shiro/_adoc/modules/ROOT/assets/images/configuration/configuring-shiro/ldap/activeds-ldap-mojo-partition.png
similarity index 100%
rename from core/security/_adoc/modules/ROOT/assets/images/configuration/configuring-shiro/ldap/activeds-ldap-mojo-partition.png
rename to core/security/plugins/shiro/_adoc/modules/ROOT/assets/images/configuration/configuring-shiro/ldap/activeds-ldap-mojo-partition.png
diff --git a/core/security/_adoc/modules/ROOT/assets/images/configuration/configuring-shiro/ldap/activeds-ldap-mojo-root-dse.png b/core/security/plugins/shiro/_adoc/modules/ROOT/assets/images/configuration/configuring-shiro/ldap/activeds-ldap-mojo-root-dse.png
similarity index 100%
rename from core/security/_adoc/modules/ROOT/assets/images/configuration/configuring-shiro/ldap/activeds-ldap-mojo-root-dse.png
rename to core/security/plugins/shiro/_adoc/modules/ROOT/assets/images/configuration/configuring-shiro/ldap/activeds-ldap-mojo-root-dse.png
diff --git a/core/security/_adoc/modules/ROOT/assets/images/configuration/configuring-shiro/ldap/activeds-ldap-sasl-authentication.png b/core/security/plugins/shiro/_adoc/modules/ROOT/assets/images/configuration/configuring-shiro/ldap/activeds-ldap-sasl-authentication.png
similarity index 100%
rename from core/security/_adoc/modules/ROOT/assets/images/configuration/configuring-shiro/ldap/activeds-ldap-sasl-authentication.png
rename to core/security/plugins/shiro/_adoc/modules/ROOT/assets/images/configuration/configuring-shiro/ldap/activeds-ldap-sasl-authentication.png
diff --git a/core/security/_adoc/modules/ROOT/assets/images/configuration/configuring-shiro/ldap/activeds-ldap-users.png b/core/security/plugins/shiro/_adoc/modules/ROOT/assets/images/configuration/configuring-shiro/ldap/activeds-ldap-users.png
similarity index 100%
rename from core/security/_adoc/modules/ROOT/assets/images/configuration/configuring-shiro/ldap/activeds-ldap-users.png
rename to core/security/plugins/shiro/_adoc/modules/ROOT/assets/images/configuration/configuring-shiro/ldap/activeds-ldap-users.png
diff --git a/core/security/_adoc/modules/ROOT/assets/images/security/security-apis-impl/configure-isis-to-use-shiro.png b/core/security/plugins/shiro/_adoc/modules/ROOT/assets/images/security/security-apis-impl/configure-isis-to-use-shiro.png
similarity index 100%
rename from core/security/_adoc/modules/ROOT/assets/images/security/security-apis-impl/configure-isis-to-use-shiro.png
rename to core/security/plugins/shiro/_adoc/modules/ROOT/assets/images/security/security-apis-impl/configure-isis-to-use-shiro.png
diff --git a/core/security/_adoc/modules/ROOT/assets/images/security/security-apis-impl/configure-shiro-to-use-custom-jdbc-realm.png b/core/security/plugins/shiro/_adoc/modules/ROOT/assets/images/security/security-apis-impl/configure-shiro-to-use-custom-jdbc-realm.png
similarity index 100%
rename from core/security/_adoc/modules/ROOT/assets/images/security/security-apis-impl/configure-shiro-to-use-custom-jdbc-realm.png
rename to core/security/plugins/shiro/_adoc/modules/ROOT/assets/images/security/security-apis-impl/configure-shiro-to-use-custom-jdbc-realm.png
diff --git a/core/security/_adoc/modules/ROOT/assets/images/security/security-apis-impl/configure-shiro-to-use-ini-realm.PNG b/core/security/plugins/shiro/_adoc/modules/ROOT/assets/images/security/security-apis-impl/configure-shiro-to-use-ini-realm.PNG
similarity index 100%
rename from core/security/_adoc/modules/ROOT/assets/images/security/security-apis-impl/configure-shiro-to-use-ini-realm.PNG
rename to core/security/plugins/shiro/_adoc/modules/ROOT/assets/images/security/security-apis-impl/configure-shiro-to-use-ini-realm.PNG
diff --git a/core/security/_adoc/modules/ROOT/assets/images/security/security-apis-impl/configure-shiro-to-use-isis-ldap-realm.PNG b/core/security/plugins/shiro/_adoc/modules/ROOT/assets/images/security/security-apis-impl/configure-shiro-to-use-isis-ldap-realm.PNG
similarity index 100%
rename from core/security/_adoc/modules/ROOT/assets/images/security/security-apis-impl/configure-shiro-to-use-isis-ldap-realm.PNG
rename to core/security/plugins/shiro/_adoc/modules/ROOT/assets/images/security/security-apis-impl/configure-shiro-to-use-isis-ldap-realm.PNG
diff --git a/core/security/_adoc/modules/ROOT/assets/images/security/security-apis-impl/configure-shiro-to-use-isisaddons-security-module-realm-with-delegate-realm.PNG b/core/security/plugins/shiro/_adoc/modules/ROOT/assets/images/security/security-apis-impl/configure-shiro-to-use-isisaddons-security-module-realm-with-delegate-realm.PNG
similarity index 100%
rename from core/security/_adoc/modules/ROOT/assets/images/security/security-apis-impl/configure-shiro-to-use-isisaddons-security-module-realm-with-delegate-realm.PNG
rename to core/security/plugins/shiro/_adoc/modules/ROOT/assets/images/security/security-apis-impl/configure-shiro-to-use-isisaddons-security-module-realm-with-delegate-realm.PNG
diff --git a/core/security/_adoc/modules/ROOT/assets/images/security/security-apis-impl/configure-shiro-to-use-isisaddons-security-module-realm.PNG b/core/security/plugins/shiro/_adoc/modules/ROOT/assets/images/security/security-apis-impl/configure-shiro-to-use-isisaddons-security-module-realm.PNG
similarity index 100%
rename from core/security/_adoc/modules/ROOT/assets/images/security/security-apis-impl/configure-shiro-to-use-isisaddons-security-module-realm.PNG
rename to core/security/plugins/shiro/_adoc/modules/ROOT/assets/images/security/security-apis-impl/configure-shiro-to-use-isisaddons-security-module-realm.PNG
diff --git a/core/security/plugins/shiro/_adoc/modules/ROOT/examples/.gitkeep b/core/security/plugins/shiro/_adoc/modules/ROOT/examples/.gitkeep
new file mode 100644
index 0000000..e69de29
diff --git a/core/security/plugins/shiro/_adoc/modules/ROOT/nav.adoc b/core/security/plugins/shiro/_adoc/modules/ROOT/nav.adoc
new file mode 100644
index 0000000..47365c7
--- /dev/null
+++ b/core/security/plugins/shiro/_adoc/modules/ROOT/nav.adoc
@@ -0,0 +1 @@
+include::security:ROOT:partial$nav.adoc[]
\ No newline at end of file
diff --git a/core/security/_adoc/modules/ROOT/pages/_partials/_attributes.adoc b/core/security/plugins/shiro/_adoc/modules/ROOT/pages/_attributes.adoc
similarity index 81%
rename from core/security/_adoc/modules/ROOT/pages/_partials/_attributes.adoc
rename to core/security/plugins/shiro/_adoc/modules/ROOT/pages/_attributes.adoc
index d011536..e8ada7c 100644
--- a/core/security/_adoc/modules/ROOT/pages/_partials/_attributes.adoc
+++ b/core/security/plugins/shiro/_adoc/modules/ROOT/pages/_attributes.adoc
@@ -1,4 +1,4 @@
ifndef::env-site,env-github[]
-:moduledir: ../..
+:moduledir: ..
include::{moduledir}/_attributes.adoc[]
endif::[]
diff --git a/core/security/_adoc/modules/ROOT/pages/shiro-realm-implementations.adoc b/core/security/plugins/shiro/_adoc/modules/ROOT/pages/about.adoc
similarity index 83%
rename from core/security/_adoc/modules/ROOT/pages/shiro-realm-implementations.adoc
rename to core/security/plugins/shiro/_adoc/modules/ROOT/pages/about.adoc
index 57cfa90..54d76c5 100644
--- a/core/security/_adoc/modules/ROOT/pages/shiro-realm-implementations.adoc
+++ b/core/security/plugins/shiro/_adoc/modules/ROOT/pages/about.adoc
@@ -1,6 +1,6 @@
-= Shiro Realm Implementations
+= Shiro Security
:Notice: Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at. http://www.apache.org/licenses/LICENSE-2.0 . Unless required by applicable law or ag [...]
include::_attributes.adoc[]
+:page-partial:
-
-
+This guide describes the configuration of the Shiro implementation of Apache Isis' `Authenticator and `Authorizor` APIs.
diff --git a/core/security/_adoc/modules/ROOT/pages/configuring-isis-to-use-shiro.adoc b/core/security/plugins/shiro/_adoc/modules/ROOT/pages/configuring-isis-to-use-shiro.adoc
similarity index 98%
rename from core/security/_adoc/modules/ROOT/pages/configuring-isis-to-use-shiro.adoc
rename to core/security/plugins/shiro/_adoc/modules/ROOT/pages/configuring-isis-to-use-shiro.adoc
index 406ad2a..7310e1a 100644
--- a/core/security/_adoc/modules/ROOT/pages/configuring-isis-to-use-shiro.adoc
+++ b/core/security/plugins/shiro/_adoc/modules/ROOT/pages/configuring-isis-to-use-shiro.adoc
@@ -1,6 +1,8 @@
+[[configuring-isis-to-use-shiro]]
= Configuring to use Shiro
:Notice: Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at. http://www.apache.org/licenses/LICENSE-2.0 . Unless required by applicable law or ag [...]
include::_attributes.adoc[]
+:page-partial:
Apache Isis' security mechanism is configurable, specifying an `Authenticator` and an `Authorizor` (non-public) APIs.
diff --git a/core/security/_adoc/modules/ROOT/pages/hints-and-tips/run-as.adoc b/core/security/plugins/shiro/_adoc/modules/ROOT/pages/run-as.adoc
similarity index 99%
rename from core/security/_adoc/modules/ROOT/pages/hints-and-tips/run-as.adoc
rename to core/security/plugins/shiro/_adoc/modules/ROOT/pages/run-as.adoc
index 0512b74..7d1e488 100644
--- a/core/security/_adoc/modules/ROOT/pages/hints-and-tips/run-as.adoc
+++ b/core/security/plugins/shiro/_adoc/modules/ROOT/pages/run-as.adoc
@@ -1,7 +1,8 @@
-include::_attributes.adoc[]
+[[run-as]]
= Run-as
:Notice: Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at. http://www.apache.org/licenses/LICENSE-2.0 . Unless required by applicable law or ag [...]
-
+include::_attributes.adoc[]
+:page-partial:
This hint shows how to temporarily change the current user as reported by Shiro.
diff --git a/core/security/_adoc/modules/ROOT/pages/hints-and-tips/shiro-caching.adoc b/core/security/plugins/shiro/_adoc/modules/ROOT/pages/shiro-caching.adoc
similarity index 98%
rename from core/security/_adoc/modules/ROOT/pages/hints-and-tips/shiro-caching.adoc
rename to core/security/plugins/shiro/_adoc/modules/ROOT/pages/shiro-caching.adoc
index 675ec3d..b4454c0 100644
--- a/core/security/_adoc/modules/ROOT/pages/hints-and-tips/shiro-caching.adoc
+++ b/core/security/plugins/shiro/_adoc/modules/ROOT/pages/shiro-caching.adoc
@@ -1,6 +1,8 @@
-include::_attributes.adoc[]
+[[shiro-caching]]
= Caching and other Shiro Features
:Notice: Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at. http://www.apache.org/licenses/LICENSE-2.0 . Unless required by applicable law or ag [...]
+include::_attributes.adoc[]
+:page-partial:
We don't want to repeat the entire link:http://shiro.apache.org/documentation.html[Shiro documentation set] here, but we should flag a number of other features that are worth checking out.
diff --git a/core/security/_adoc/modules/ROOT/pages/shiro-isis-enhanced-wildcard-permission.adoc b/core/security/plugins/shiro/_adoc/modules/ROOT/pages/shiro-isis-enhanced-wildcard-permission.adoc
similarity index 86%
rename from core/security/_adoc/modules/ROOT/pages/shiro-isis-enhanced-wildcard-permission.adoc
rename to core/security/plugins/shiro/_adoc/modules/ROOT/pages/shiro-isis-enhanced-wildcard-permission.adoc
index db9165d..2364823 100644
--- a/core/security/_adoc/modules/ROOT/pages/shiro-isis-enhanced-wildcard-permission.adoc
+++ b/core/security/plugins/shiro/_adoc/modules/ROOT/pages/shiro-isis-enhanced-wildcard-permission.adoc
@@ -1,9 +1,11 @@
+[[shiro-isis-enhanced-wildcard-permission]]
= Enhanced Wildcard Permission
:Notice: Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at. http://www.apache.org/licenses/LICENSE-2.0 . Unless required by applicable law or ag [...]
include::_attributes.adoc[]
+:page-partial:
-If using the text-based xref:security:ROOT:shiro-realm-implementations/ini-realm.adoc[`IniRealm`] or xref:security:ROOT:shiro-realm-implementations/isis-ldap-realm.adoc[Isis' LDAP realm], then note that Shiro also allows the string representation of the permissions to be mapped (resolved) to alternative `Permission` instances. Apache Isis provides its own `IsisPermission` which introduces the concept of a "veto".
+If using the text-based xref:security-shiro:ROOT:shiro-realm-implementations/ini-realm.adoc[`IniRealm`] or xref:security-shiro:ROOT:shiro-realm-implementations/isis-ldap-realm.adoc[Isis' LDAP realm], then note that Shiro also allows the string representation of the permissions to be mapped (resolved) to alternative `Permission` instances. Apache Isis provides its own `IsisPermission` which introduces the concept of a "veto".
A vetoing permission is one that prevents access to a feature, rather than grants it. This is useful in some situations where most users have access to most features, and only a small number of features are particularly sensitive. The configuration can therefore be set up to grant fairly broad-brush permissions and then veto permission for the sensitive features for those users that do not have access.
diff --git a/core/security/_adoc/modules/ROOT/pages/hints-and-tips.adoc b/core/security/plugins/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations.adoc
similarity index 73%
rename from core/security/_adoc/modules/ROOT/pages/hints-and-tips.adoc
rename to core/security/plugins/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations.adoc
index 55c432e..2d7d90f 100644
--- a/core/security/_adoc/modules/ROOT/pages/hints-and-tips.adoc
+++ b/core/security/plugins/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations.adoc
@@ -1,14 +1,12 @@
-[[hints-and-tips]]
-= Hints and Tips
+[[shiro-realm-implementations]]
+= Shiro Realm Implementations
:Notice: Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at. http://www.apache.org/licenses/LICENSE-2.0 . Unless required by applicable law or ag [...]
include::_attributes.adoc[]
+:page-partial:
+The Shiro concept of a `Realm` allows different implementations of both the authentication and authorisation mechanism to be plugged in.
+This chapter lists some of these
-
-
-This chapter provides some solutions for problems we've encountered ourselves or have been raised on the Apache Isis mailing lists.
-
-
-
+supports the pluggable realm implementations
diff --git a/core/security/_adoc/modules/ROOT/pages/shiro-realm-implementations/_attributes.adoc b/core/security/plugins/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations/_attributes.adoc
similarity index 100%
rename from core/security/_adoc/modules/ROOT/pages/shiro-realm-implementations/_attributes.adoc
rename to core/security/plugins/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations/_attributes.adoc
diff --git a/core/security/_adoc/modules/ROOT/pages/shiro-realm-implementations/ini-realm.adoc b/core/security/plugins/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations/ini-realm.adoc
similarity index 99%
rename from core/security/_adoc/modules/ROOT/pages/shiro-realm-implementations/ini-realm.adoc
rename to core/security/plugins/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations/ini-realm.adoc
index 36796e6..1140470 100644
--- a/core/security/_adoc/modules/ROOT/pages/shiro-realm-implementations/ini-realm.adoc
+++ b/core/security/plugins/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations/ini-realm.adoc
@@ -1,6 +1,8 @@
+[[ini-realm]]
= Shiro Ini Realm
:Notice: Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at. http://www.apache.org/licenses/LICENSE-2.0 . Unless required by applicable law or ag [...]
include::_attributes.adoc[]
+:page-partial:
Probably the simplest realm to use is Shiro's built-in `IniRealm`, which reads from the (same) `WEB-INF/shiro.ini` file.
diff --git a/core/security/_adoc/modules/ROOT/pages/shiro-realm-implementations/isis-ldap-realm.adoc b/core/security/plugins/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations/isis-ldap-realm.adoc
similarity index 99%
rename from core/security/_adoc/modules/ROOT/pages/shiro-realm-implementations/isis-ldap-realm.adoc
rename to core/security/plugins/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations/isis-ldap-realm.adoc
index ba8d98a..62cee92 100644
--- a/core/security/_adoc/modules/ROOT/pages/shiro-realm-implementations/isis-ldap-realm.adoc
+++ b/core/security/plugins/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations/isis-ldap-realm.adoc
@@ -1,6 +1,8 @@
+[[isis-ldap-realm]]
= Isis Ldap Realm
:Notice: Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at. http://www.apache.org/licenses/LICENSE-2.0 . Unless required by applicable law or ag [...]
include::_attributes.adoc[]
+:page-partial:
Isis ships with an implementation of http://shiro.apache.org[Apache Shiro]'s `Realm` class that allows user authentication and authorization to be performed against an LDAP server.
diff --git a/core/security/_adoc/modules/ROOT/pages/shiro-realm-implementations/isisaddons-security-module-realm.adoc b/core/security/plugins/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations/isisaddons-security-module-realm.adoc
similarity index 98%
rename from core/security/_adoc/modules/ROOT/pages/shiro-realm-implementations/isisaddons-security-module-realm.adoc
rename to core/security/plugins/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations/isisaddons-security-module-realm.adoc
index 49618e5..d33be37 100644
--- a/core/security/_adoc/modules/ROOT/pages/shiro-realm-implementations/isisaddons-security-module-realm.adoc
+++ b/core/security/plugins/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations/isisaddons-security-module-realm.adoc
@@ -1,7 +1,8 @@
+[[isisaddons-security-module-realm]]
= Security Module Realm
:Notice: Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at. http://www.apache.org/licenses/LICENSE-2.0 . Unless required by applicable law or ag [...]
include::_attributes.adoc[]
-
+:page-partial:
The (non-ASF) link:https://platform.incode.org[Incode Platform^]'s security module provides a complete security subdomain for users, roles, permissions; all are persisted as domain entities.
diff --git a/core/security/_adoc/modules/ROOT/pages/shiro-realm-implementations/jdbc-realm.adoc b/core/security/plugins/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations/jdbc-realm.adoc
similarity index 99%
rename from core/security/_adoc/modules/ROOT/pages/shiro-realm-implementations/jdbc-realm.adoc
rename to core/security/plugins/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations/jdbc-realm.adoc
index e180f34..4f62d07 100644
--- a/core/security/_adoc/modules/ROOT/pages/shiro-realm-implementations/jdbc-realm.adoc
+++ b/core/security/plugins/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations/jdbc-realm.adoc
@@ -1,7 +1,8 @@
+[[jdbc-realm]]
= Shiro JDBC Realm
:Notice: Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at. http://www.apache.org/licenses/LICENSE-2.0 . Unless required by applicable law or ag [...]
include::_attributes.adoc[]
-
+:page-partial:
There is nothing to stop you from using some other `Realm` implementation (or indeed writing one yourself). For example, you could use Shiro's own JDBC realm that loads user/password details from a database.
diff --git a/core/security/_adoc/modules/ROOT/pages/hints-and-tips/_attributes.adoc b/core/security/plugins/shiro/_adoc/modules/ROOT/partials/_attributes.adoc
similarity index 100%
rename from core/security/_adoc/modules/ROOT/pages/hints-and-tips/_attributes.adoc
rename to core/security/plugins/shiro/_adoc/modules/ROOT/partials/_attributes.adoc
diff --git a/core/security/plugins/shiro/_adoc/sync_examples.sh b/core/security/plugins/shiro/_adoc/sync_examples.sh
new file mode 100644
index 0000000..5260cd7
--- /dev/null
+++ b/core/security/plugins/shiro/_adoc/sync_examples.sh
@@ -0,0 +1,39 @@
+#!/usr/bin/env bash
+SCRIPT=$(readlink -f "$0")
+SCRIPTPATH=$(dirname "$SCRIPT")
+if [ $# -ne 1 ]; then
+ FILELIST=$SCRIPTPATH/examples.csv
+else
+ FILELIST=$1
+fi
+FILELISTFQN=$(readlink -f $FILELIST)
+DIRNAME=$(dirname $FILELISTFQN)
+BASENAME=$(basename $FILELISTFQN)
+
+cd $DIRNAME >/dev/null 2>&1
+cat $BASENAME | tail +2 | grep -v ^# | while read LINE
+do
+ FILE=$(echo $LINE | awk -F, '{print $1}' | awk '{$1=$1;print}')
+ F2=$(echo $LINE | awk -F, '{print $2}' | awk '{$1=$1;print}')
+ F3=$(echo $LINE | awk -F, '{print $3}' | awk '{$1=$1;print}')
+ SOURCEFQN=$DIRNAME/$F2/$FILE
+ TARGETDIR=$DIRNAME/$F3
+ TARGETFQN=$DIRNAME/$F3/$FILE
+
+ echo "SOURCEFQN: $SOURCEFQN"
+
+ if [ -f "$SOURCEFQN" ]
+ then
+
+ if [ -f "$TARGETFQN" ]
+ then
+ rm $TARGETFQN
+ fi
+ mkdir -p $TARGETDIR
+ cp $SOURCEFQN $TARGETFQN
+ else
+ echo "- does not exist ($SOURCEFQN) " >&2
+ exit 1
+ fi
+done
+cd - >/dev/null 2>&1
\ No newline at end of file
diff --git a/site.yml b/site.yml
index f0cf799..efc4208 100644
--- a/site.yml
+++ b/site.yml
@@ -43,6 +43,12 @@ content:
start_path: core/testsupport/_adoc
branches: HEAD
- url: .
+ start_path: core/testsupport/unittestsupport/_adoc
+ branches: HEAD
+ - url: .
+ start_path: core/testsupport/integtestsupport/_adoc
+ branches: HEAD
+ - url: .
branches: HEAD
start_path: extensions/fixtures/_adoc
- url: .
@@ -74,6 +80,9 @@ content:
start_path: core/security/_adoc
branches: HEAD
- url: .
+ start_path: core/security/plugins/shiro/_adoc
+ branches: HEAD
+ - url: .
branches: HEAD
start_path: extensions/secman/_adoc
[isis] 02/03: ISIS-2062: factors out isis-security-bypass.
Posted by da...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
danhaywood pushed a commit to branch v2
in repository https://gitbox.apache.org/repos/asf/isis.git
commit 3998aba4fb200b670d04eb29f9f6fae5c42607b2
Author: danhaywood <da...@haywood-associates.co.uk>
AuthorDate: Wed Sep 25 20:25:32 2019 +0100
ISIS-2062: factors out isis-security-bypass.
---
core/pom.xml | 11 +++++++++--
core/security/{ => api}/_adoc/antora.yml | 0
core/security/{plugins/shiro => api}/_adoc/examples.csv | 0
.../shiro => api}/_adoc/modules/ROOT/_attributes.adoc | 0
.../_adoc/modules/ROOT/assets/attachments}/.gitkeep | 0
.../security/security-apis-impl/security-apis-impl.pptx | Bin
.../_adoc/modules/ROOT/examples}/.gitkeep | 0
.../{plugins/shiro => api}/_adoc/modules/ROOT/nav.adoc | 0
.../_adoc/modules/ROOT/pages/_attributes.adoc | 0
.../{ => api}/_adoc/modules/ROOT/pages/about.adoc | 0
.../_adoc/modules/ROOT/pages/api-for-applications.adoc | 0
.../_adoc/modules/ROOT/pages/usage-by-isis-viewers.adoc | 0
.../_adoc/modules/ROOT/partials/_attributes.adoc | 0
.../{ => api}/_adoc/modules/ROOT/partials/nav.adoc | 8 +++++---
.../{plugins/shiro => api}/_adoc/sync_examples.sh | 0
core/security/{api-and-bypass => api}/pom.xml | 0
.../security/authentication/AuthenticationRequest.java | 0
.../authentication/AuthenticationRequestAbstract.java | 0
.../authentication/AuthenticationRequestPassword.java | 0
.../security/authentication/AuthenticationSession.java | 0
.../authentication/AuthenticationSessionAbstract.java | 0
.../authentication/AuthenticationSessionProvider.java | 0
.../isis/security/authentication/MessageBroker.java | 0
.../fixtures/AuthenticationRequestLogonFixture.java | 0
.../fixtures/LogonFixtureAuthenticator.java | 0
.../security/authentication/health/HealthAuthSession.java | 0
.../authentication/manager/AuthenticationManager.java | 0
.../manager/AuthorizationManagerStandard.java | 0
.../authentication/manager/RegistrationDetails.java | 0
.../apache/isis/security/authentication/package-info.java | 0
.../singleuser/AuthenticationRequestSingleUser.java | 0
.../authentication/singleuser/SingleUserSession.java | 0
.../standard/AuthenticationManagerStandard.java | 0
.../security/authentication/standard/Authenticator.java | 0
.../authentication/standard/AuthenticatorAbstract.java | 0
.../authentication/standard/AuthenticatorDefault.java | 0
.../authentication/standard/NoAuthenticatorException.java | 0
.../standard/PasswordRequestAuthenticatorAbstract.java | 0
.../authentication/standard/RandomCodeGenerator.java | 0
.../standard/RandomCodeGenerator10Chars.java | 0
.../authentication/standard/RandomCodeGeneratorUUID.java | 0
.../isis/security/authentication/standard/Registrar.java | 0
.../standard/RegistrationDetailsPassword.java | 0
.../security/authentication/standard/SimpleSession.java | 0
.../authorization/manager/AuthorizationManager.java | 0
.../authorization/standard/AuthorizationConstants.java | 0
.../isis/security/authorization/standard/Authorizor.java | 0
.../apache/isis/security/EncodabilityContractTest.java | 0
.../fixture/LogonFixtureAuthenticatorTest.java | 0
.../authentication/standard/AuthenticatorDefaultTest.java | 0
.../standard/SimpleSessionEncodabilityNoRolesTest.java | 0
.../standard/SimpleSessionEncodabilityTestAbstract.java | 0
.../standard/SimpleSessionEncodabilityWithRolesTest.java | 0
.../StandardAuthenticationManager_AuthenticationTest.java | 0
.../StandardAuthenticationManager_AuthenticatorsTest.java | 0
core/security/{plugins/shiro => bypass}/_adoc/antora.yml | 4 ++--
core/security/{ => bypass}/_adoc/examples.csv | 0
.../{ => bypass}/_adoc/modules/ROOT/_attributes.adoc | 0
.../_adoc/modules/ROOT/assets/attachments}/.gitkeep | 0
.../security-apis-impl/configure-isis-to-use-bypass.PNG | Bin
.../_adoc/modules/ROOT/examples}/.gitkeep | 0
core/security/{ => bypass}/_adoc/modules/ROOT/nav.adoc | 0
.../_adoc/modules/ROOT/pages/_attributes.adoc | 0
.../shiro => bypass}/_adoc/modules/ROOT/pages/about.adoc | 7 +++++--
.../ROOT/pages/configuring-isis-to-use-bypass.adoc | 0
.../_adoc/modules/ROOT/partials}/_attributes.adoc | 0
core/security/{ => bypass}/_adoc/sync_examples.sh | 0
core/security/{api-and-bypass => bypass}/pom.xml | 14 +++++---------
.../org/apache/isis/security/IsisBootSecurityBypass.java | 0
.../authentication/bypass/AuthenticatorBypass.java | 0
.../security/authorization/bypass/AuthorizorBypass.java | 0
core/security/{plugins => }/shiro/NOTICE | 0
core/security/{plugins => }/shiro/_adoc/antora.yml | 0
core/security/{plugins => }/shiro/_adoc/examples.csv | 0
.../shiro/_adoc/modules/ROOT/_attributes.adoc | 0
.../_adoc/modules/ROOT/assets/attachments}/.gitkeep | 0
.../configuring-shiro/ldap/activeds-ldap-groups.png | Bin
.../ldap/activeds-ldap-mojo-partition.png | Bin
.../ldap/activeds-ldap-mojo-root-dse.png | Bin
.../ldap/activeds-ldap-sasl-authentication.png | Bin
.../configuring-shiro/ldap/activeds-ldap-users.png | Bin
.../security-apis-impl/configure-isis-to-use-shiro.png | Bin
.../configure-shiro-to-use-custom-jdbc-realm.png | Bin
.../configure-shiro-to-use-ini-realm.PNG | Bin
.../configure-shiro-to-use-isis-ldap-realm.PNG | Bin
...isaddons-security-module-realm-with-delegate-realm.PNG | Bin
...gure-shiro-to-use-isisaddons-security-module-realm.PNG | Bin
.../shiro/_adoc/modules/ROOT/examples/.gitkeep | 0
.../{plugins => }/shiro/_adoc/modules/ROOT/nav.adoc | 0
.../shiro/_adoc/modules/ROOT/pages/_attributes.adoc | 0
.../shiro/_adoc/modules/ROOT/pages/about.adoc | 0
.../modules/ROOT/pages/configuring-isis-to-use-shiro.adoc | 0
.../shiro/_adoc/modules/ROOT/pages/run-as.adoc | 0
.../shiro/_adoc/modules/ROOT/pages/shiro-caching.adoc | 0
.../pages/shiro-isis-enhanced-wildcard-permission.adoc | 0
.../modules/ROOT/pages/shiro-realm-implementations.adoc | 6 +-----
.../pages/shiro-realm-implementations}/_attributes.adoc | 0
.../ROOT/pages/shiro-realm-implementations/ini-realm.adoc | 0
.../shiro-realm-implementations/isis-ldap-realm.adoc | 0
.../isisaddons-security-module-realm.adoc | 0
.../pages/shiro-realm-implementations/jdbc-realm.adoc | 0
.../_adoc/modules/ROOT/partials}/_attributes.adoc | 0
core/security/{plugins => }/shiro/_adoc/sync_examples.sh | 0
core/security/{plugins => }/shiro/pom.xml | 2 +-
.../src/main/appended-resources/supplemental-models.xml | 0
.../apache/isis/security/shiro/IsisBootSecurityShiro.java | 0
.../isis/security/shiro/IsisLdapContextFactory.java | 0
.../org/apache/isis/security/shiro/IsisLdapRealm.java | 0
.../apache/isis/security/shiro/ShiroSecurityContext.java | 0
.../org/apache/isis/security/shiro/WebModuleShiro.java | 0
.../security/shiro/authentication/ShiroAuthenticator.java | 0
.../isis/security/shiro/authorization/IsisPermission.java | 0
.../shiro/authorization/IsisPermissionResolver.java | 0
.../security/shiro/authorization/ShiroAuthorizor.java | 0
.../shiro/permrolemapper/PermissionToRoleMapper.java | 0
.../permrolemapper/PermissionToRoleMapperFromIni.java | 0
.../permrolemapper/PermissionToRoleMapperFromString.java | 0
.../apache/isis/security/shiro/permrolemapper/Util.java | 0
.../isis/security/shiro/IsisPermissionTest_setParts.java | 0
.../security/shiro/IsisPermissionTest_typicalUsage.java | 0
.../ShiroAuthenticatorOrAuthorizorTest_authenticate.java | 0
...oAuthenticatorOrAuthorizorTest_isVisibleInAnyRole.java | 0
.../shiro/authorization/IsisPermissionTest_equals.java | 0
.../permrolemapper/PermissionToRoleMapperFromIniTest.java | 0
.../PermissionToRoleMapperFromStringTest.java | 0
.../security/shiro/permrolemapper/UtilTest_parse.java | 0
.../org/apache/isis/security/shiro/permrolemapper/my.ini | 0
.../{plugins => }/shiro/src/test/resources/shiro.ini | 0
examples/apps/simpleapp/module-simple/pom.xml | 5 +++++
examples/smoketests/pom.xml | 5 +++++
.../apache/isis/testdomain/jdo/JdoTestDomainPersona.java | 6 +++---
.../isis/testdomain/auditing/AuditerServiceTest.java | 7 +++++--
.../bootstrapping/JdoBootstrappingTest_usingFixtures.java | 5 +++--
.../commandexecution/BackgroundExecutionTest.java | 5 +++--
.../isis/testdomain/commandexecution/WrapperTest.java | 5 +++--
.../domainmodel/DomainModelTest_usingGoodDomain.java | 2 +-
.../isis/testdomain/publishing/PublisherServiceTest.java | 5 +++--
.../apache/isis/testdomain/shiro/ShiroSecmanLdapTest.java | 3 ++-
.../shiro/ShiroSecmanLdap_restfulStressTest.java | 3 ++-
.../isis/testdomain/timestamping/TimestampingTest.java | 5 +++--
.../testdomain/transactions/TransactionRollbackTest.java | 7 ++++---
.../TransactionRollbackTest_withTransactional.java | 5 +++--
site.yml | 7 +++++--
143 files changed, 78 insertions(+), 49 deletions(-)
diff --git a/core/pom.xml b/core/pom.xml
index 89e99e8..f86a70c 100644
--- a/core/pom.xml
+++ b/core/pom.xml
@@ -1367,6 +1367,12 @@
<artifactId>isis-security</artifactId>
<version>${isis.version}</version>
</dependency>
+ <dependency>
+ <groupId>org.apache.isis.core</groupId>
+ <artifactId>isis-security-bypass</artifactId>
+ <version>${isis.version}</version>
+ </dependency>
+
<!-- core plugins -->
@@ -2465,7 +2471,8 @@
<module>runtime-extensions</module>
<module>runtime-web</module>
- <module>security/api-and-bypass</module>
+ <module>security/api</module>
+ <module>security/bypass</module>
<module>testsupport/unittestsupport</module>
<module>testsupport/integtestsupport</module>
@@ -2482,7 +2489,7 @@
<module>plugins/jaxrs-resteasy-4</module>
<module>plugins/jdo/common</module>
<module>plugins/jdo/datanucleus-5</module>
- <module>security/plugins/shiro</module>
+ <module>security/shiro</module>
<!-- to break cyclic dependencies some tests needed to be moved to their
own modules -->
diff --git a/core/security/_adoc/antora.yml b/core/security/api/_adoc/antora.yml
similarity index 100%
rename from core/security/_adoc/antora.yml
rename to core/security/api/_adoc/antora.yml
diff --git a/core/security/plugins/shiro/_adoc/examples.csv b/core/security/api/_adoc/examples.csv
similarity index 100%
copy from core/security/plugins/shiro/_adoc/examples.csv
copy to core/security/api/_adoc/examples.csv
diff --git a/core/security/plugins/shiro/_adoc/modules/ROOT/_attributes.adoc b/core/security/api/_adoc/modules/ROOT/_attributes.adoc
similarity index 100%
copy from core/security/plugins/shiro/_adoc/modules/ROOT/_attributes.adoc
copy to core/security/api/_adoc/modules/ROOT/_attributes.adoc
diff --git a/core/security/plugins/shiro/_adoc/modules/ROOT/examples/.gitkeep b/core/security/api/_adoc/modules/ROOT/assets/attachments/.gitkeep
similarity index 100%
copy from core/security/plugins/shiro/_adoc/modules/ROOT/examples/.gitkeep
copy to core/security/api/_adoc/modules/ROOT/assets/attachments/.gitkeep
diff --git a/core/security/_adoc/modules/ROOT/assets/images/security/security-apis-impl/security-apis-impl.pptx b/core/security/api/_adoc/modules/ROOT/assets/images/security/security-apis-impl/security-apis-impl.pptx
similarity index 100%
rename from core/security/_adoc/modules/ROOT/assets/images/security/security-apis-impl/security-apis-impl.pptx
rename to core/security/api/_adoc/modules/ROOT/assets/images/security/security-apis-impl/security-apis-impl.pptx
diff --git a/core/security/plugins/shiro/_adoc/modules/ROOT/assets/attachments/.gitkeep b/core/security/api/_adoc/modules/ROOT/examples/.gitkeep
similarity index 100%
rename from core/security/plugins/shiro/_adoc/modules/ROOT/assets/attachments/.gitkeep
rename to core/security/api/_adoc/modules/ROOT/examples/.gitkeep
diff --git a/core/security/plugins/shiro/_adoc/modules/ROOT/nav.adoc b/core/security/api/_adoc/modules/ROOT/nav.adoc
similarity index 100%
copy from core/security/plugins/shiro/_adoc/modules/ROOT/nav.adoc
copy to core/security/api/_adoc/modules/ROOT/nav.adoc
diff --git a/core/security/plugins/shiro/_adoc/modules/ROOT/pages/_attributes.adoc b/core/security/api/_adoc/modules/ROOT/pages/_attributes.adoc
similarity index 100%
copy from core/security/plugins/shiro/_adoc/modules/ROOT/pages/_attributes.adoc
copy to core/security/api/_adoc/modules/ROOT/pages/_attributes.adoc
diff --git a/core/security/_adoc/modules/ROOT/pages/about.adoc b/core/security/api/_adoc/modules/ROOT/pages/about.adoc
similarity index 100%
rename from core/security/_adoc/modules/ROOT/pages/about.adoc
rename to core/security/api/_adoc/modules/ROOT/pages/about.adoc
diff --git a/core/security/_adoc/modules/ROOT/pages/api-for-applications.adoc b/core/security/api/_adoc/modules/ROOT/pages/api-for-applications.adoc
similarity index 100%
rename from core/security/_adoc/modules/ROOT/pages/api-for-applications.adoc
rename to core/security/api/_adoc/modules/ROOT/pages/api-for-applications.adoc
diff --git a/core/security/_adoc/modules/ROOT/pages/usage-by-isis-viewers.adoc b/core/security/api/_adoc/modules/ROOT/pages/usage-by-isis-viewers.adoc
similarity index 100%
rename from core/security/_adoc/modules/ROOT/pages/usage-by-isis-viewers.adoc
rename to core/security/api/_adoc/modules/ROOT/pages/usage-by-isis-viewers.adoc
diff --git a/core/security/_adoc/modules/ROOT/partials/_attributes.adoc b/core/security/api/_adoc/modules/ROOT/partials/_attributes.adoc
similarity index 100%
rename from core/security/_adoc/modules/ROOT/partials/_attributes.adoc
rename to core/security/api/_adoc/modules/ROOT/partials/_attributes.adoc
diff --git a/core/security/_adoc/modules/ROOT/partials/nav.adoc b/core/security/api/_adoc/modules/ROOT/partials/nav.adoc
similarity index 88%
rename from core/security/_adoc/modules/ROOT/partials/nav.adoc
rename to core/security/api/_adoc/modules/ROOT/partials/nav.adoc
index 4c0892e..4b41f61 100644
--- a/core/security/_adoc/modules/ROOT/partials/nav.adoc
+++ b/core/security/api/_adoc/modules/ROOT/partials/nav.adoc
@@ -1,9 +1,12 @@
* xref:security:ROOT:about.adoc[Security]
-** xref:security:ROOT:configuring-isis-to-use-bypass.adoc[Configuring Isis to use Bypass]
+** xref:security:ROOT:api-for-applications.adoc[API for Applications]
+
+** Bypass
+*** xref:security-bypass:ROOT:configuring-isis-to-use-bypass.adoc[Configuring to use Bypass]
** Shiro
-*** xref:security-shiro:ROOT:configuring-isis-to-use-shiro.adoc[Configuring Isis to use Shiro]
+*** xref:security-shiro:ROOT:configuring-isis-to-use-shiro.adoc[Configuring to use Shiro]
*** xref:security-shiro:ROOT:shiro-realm-implementations.adoc[Shiro Realm Implementations]
**** xref:security-shiro:ROOT:shiro-realm-implementations/ini-realm.adoc[INI Realm]
**** xref:security-shiro:ROOT:shiro-realm-implementations/isis-ldap-realm.adoc[Isis LDAP Realm]
@@ -13,7 +16,6 @@
*** xref:security-shiro:ROOT:run-as.adoc[Run As]
*** xref:security-shiro:ROOT:shiro-caching.adoc[Shiro Caching]
-** xref:security:ROOT:api-for-applications.adoc[API for Applications]
** xref:security:ROOT:usage-by-isis-viewers.adoc[Usage by Isis Viewers]
diff --git a/core/security/plugins/shiro/_adoc/sync_examples.sh b/core/security/api/_adoc/sync_examples.sh
similarity index 100%
copy from core/security/plugins/shiro/_adoc/sync_examples.sh
copy to core/security/api/_adoc/sync_examples.sh
diff --git a/core/security/api-and-bypass/pom.xml b/core/security/api/pom.xml
similarity index 100%
copy from core/security/api-and-bypass/pom.xml
copy to core/security/api/pom.xml
diff --git a/core/security/api-and-bypass/src/main/java/org/apache/isis/security/authentication/AuthenticationRequest.java b/core/security/api/src/main/java/org/apache/isis/security/authentication/AuthenticationRequest.java
similarity index 100%
rename from core/security/api-and-bypass/src/main/java/org/apache/isis/security/authentication/AuthenticationRequest.java
rename to core/security/api/src/main/java/org/apache/isis/security/authentication/AuthenticationRequest.java
diff --git a/core/security/api-and-bypass/src/main/java/org/apache/isis/security/authentication/AuthenticationRequestAbstract.java b/core/security/api/src/main/java/org/apache/isis/security/authentication/AuthenticationRequestAbstract.java
similarity index 100%
rename from core/security/api-and-bypass/src/main/java/org/apache/isis/security/authentication/AuthenticationRequestAbstract.java
rename to core/security/api/src/main/java/org/apache/isis/security/authentication/AuthenticationRequestAbstract.java
diff --git a/core/security/api-and-bypass/src/main/java/org/apache/isis/security/authentication/AuthenticationRequestPassword.java b/core/security/api/src/main/java/org/apache/isis/security/authentication/AuthenticationRequestPassword.java
similarity index 100%
rename from core/security/api-and-bypass/src/main/java/org/apache/isis/security/authentication/AuthenticationRequestPassword.java
rename to core/security/api/src/main/java/org/apache/isis/security/authentication/AuthenticationRequestPassword.java
diff --git a/core/security/api-and-bypass/src/main/java/org/apache/isis/security/authentication/AuthenticationSession.java b/core/security/api/src/main/java/org/apache/isis/security/authentication/AuthenticationSession.java
similarity index 100%
rename from core/security/api-and-bypass/src/main/java/org/apache/isis/security/authentication/AuthenticationSession.java
rename to core/security/api/src/main/java/org/apache/isis/security/authentication/AuthenticationSession.java
diff --git a/core/security/api-and-bypass/src/main/java/org/apache/isis/security/authentication/AuthenticationSessionAbstract.java b/core/security/api/src/main/java/org/apache/isis/security/authentication/AuthenticationSessionAbstract.java
similarity index 100%
rename from core/security/api-and-bypass/src/main/java/org/apache/isis/security/authentication/AuthenticationSessionAbstract.java
rename to core/security/api/src/main/java/org/apache/isis/security/authentication/AuthenticationSessionAbstract.java
diff --git a/core/security/api-and-bypass/src/main/java/org/apache/isis/security/authentication/AuthenticationSessionProvider.java b/core/security/api/src/main/java/org/apache/isis/security/authentication/AuthenticationSessionProvider.java
similarity index 100%
rename from core/security/api-and-bypass/src/main/java/org/apache/isis/security/authentication/AuthenticationSessionProvider.java
rename to core/security/api/src/main/java/org/apache/isis/security/authentication/AuthenticationSessionProvider.java
diff --git a/core/security/api-and-bypass/src/main/java/org/apache/isis/security/authentication/MessageBroker.java b/core/security/api/src/main/java/org/apache/isis/security/authentication/MessageBroker.java
similarity index 100%
rename from core/security/api-and-bypass/src/main/java/org/apache/isis/security/authentication/MessageBroker.java
rename to core/security/api/src/main/java/org/apache/isis/security/authentication/MessageBroker.java
diff --git a/core/security/api-and-bypass/src/main/java/org/apache/isis/security/authentication/fixtures/AuthenticationRequestLogonFixture.java b/core/security/api/src/main/java/org/apache/isis/security/authentication/fixtures/AuthenticationRequestLogonFixture.java
similarity index 100%
rename from core/security/api-and-bypass/src/main/java/org/apache/isis/security/authentication/fixtures/AuthenticationRequestLogonFixture.java
rename to core/security/api/src/main/java/org/apache/isis/security/authentication/fixtures/AuthenticationRequestLogonFixture.java
diff --git a/core/security/api-and-bypass/src/main/java/org/apache/isis/security/authentication/fixtures/LogonFixtureAuthenticator.java b/core/security/api/src/main/java/org/apache/isis/security/authentication/fixtures/LogonFixtureAuthenticator.java
similarity index 100%
rename from core/security/api-and-bypass/src/main/java/org/apache/isis/security/authentication/fixtures/LogonFixtureAuthenticator.java
rename to core/security/api/src/main/java/org/apache/isis/security/authentication/fixtures/LogonFixtureAuthenticator.java
diff --git a/core/security/api-and-bypass/src/main/java/org/apache/isis/security/authentication/health/HealthAuthSession.java b/core/security/api/src/main/java/org/apache/isis/security/authentication/health/HealthAuthSession.java
similarity index 100%
rename from core/security/api-and-bypass/src/main/java/org/apache/isis/security/authentication/health/HealthAuthSession.java
rename to core/security/api/src/main/java/org/apache/isis/security/authentication/health/HealthAuthSession.java
diff --git a/core/security/api-and-bypass/src/main/java/org/apache/isis/security/authentication/manager/AuthenticationManager.java b/core/security/api/src/main/java/org/apache/isis/security/authentication/manager/AuthenticationManager.java
similarity index 100%
rename from core/security/api-and-bypass/src/main/java/org/apache/isis/security/authentication/manager/AuthenticationManager.java
rename to core/security/api/src/main/java/org/apache/isis/security/authentication/manager/AuthenticationManager.java
diff --git a/core/security/api-and-bypass/src/main/java/org/apache/isis/security/authentication/manager/AuthorizationManagerStandard.java b/core/security/api/src/main/java/org/apache/isis/security/authentication/manager/AuthorizationManagerStandard.java
similarity index 100%
rename from core/security/api-and-bypass/src/main/java/org/apache/isis/security/authentication/manager/AuthorizationManagerStandard.java
rename to core/security/api/src/main/java/org/apache/isis/security/authentication/manager/AuthorizationManagerStandard.java
diff --git a/core/security/api-and-bypass/src/main/java/org/apache/isis/security/authentication/manager/RegistrationDetails.java b/core/security/api/src/main/java/org/apache/isis/security/authentication/manager/RegistrationDetails.java
similarity index 100%
rename from core/security/api-and-bypass/src/main/java/org/apache/isis/security/authentication/manager/RegistrationDetails.java
rename to core/security/api/src/main/java/org/apache/isis/security/authentication/manager/RegistrationDetails.java
diff --git a/core/security/api-and-bypass/src/main/java/org/apache/isis/security/authentication/package-info.java b/core/security/api/src/main/java/org/apache/isis/security/authentication/package-info.java
similarity index 100%
rename from core/security/api-and-bypass/src/main/java/org/apache/isis/security/authentication/package-info.java
rename to core/security/api/src/main/java/org/apache/isis/security/authentication/package-info.java
diff --git a/core/security/api-and-bypass/src/main/java/org/apache/isis/security/authentication/singleuser/AuthenticationRequestSingleUser.java b/core/security/api/src/main/java/org/apache/isis/security/authentication/singleuser/AuthenticationRequestSingleUser.java
similarity index 100%
rename from core/security/api-and-bypass/src/main/java/org/apache/isis/security/authentication/singleuser/AuthenticationRequestSingleUser.java
rename to core/security/api/src/main/java/org/apache/isis/security/authentication/singleuser/AuthenticationRequestSingleUser.java
diff --git a/core/security/api-and-bypass/src/main/java/org/apache/isis/security/authentication/singleuser/SingleUserSession.java b/core/security/api/src/main/java/org/apache/isis/security/authentication/singleuser/SingleUserSession.java
similarity index 100%
rename from core/security/api-and-bypass/src/main/java/org/apache/isis/security/authentication/singleuser/SingleUserSession.java
rename to core/security/api/src/main/java/org/apache/isis/security/authentication/singleuser/SingleUserSession.java
diff --git a/core/security/api-and-bypass/src/main/java/org/apache/isis/security/authentication/standard/AuthenticationManagerStandard.java b/core/security/api/src/main/java/org/apache/isis/security/authentication/standard/AuthenticationManagerStandard.java
similarity index 100%
rename from core/security/api-and-bypass/src/main/java/org/apache/isis/security/authentication/standard/AuthenticationManagerStandard.java
rename to core/security/api/src/main/java/org/apache/isis/security/authentication/standard/AuthenticationManagerStandard.java
diff --git a/core/security/api-and-bypass/src/main/java/org/apache/isis/security/authentication/standard/Authenticator.java b/core/security/api/src/main/java/org/apache/isis/security/authentication/standard/Authenticator.java
similarity index 100%
rename from core/security/api-and-bypass/src/main/java/org/apache/isis/security/authentication/standard/Authenticator.java
rename to core/security/api/src/main/java/org/apache/isis/security/authentication/standard/Authenticator.java
diff --git a/core/security/api-and-bypass/src/main/java/org/apache/isis/security/authentication/standard/AuthenticatorAbstract.java b/core/security/api/src/main/java/org/apache/isis/security/authentication/standard/AuthenticatorAbstract.java
similarity index 100%
rename from core/security/api-and-bypass/src/main/java/org/apache/isis/security/authentication/standard/AuthenticatorAbstract.java
rename to core/security/api/src/main/java/org/apache/isis/security/authentication/standard/AuthenticatorAbstract.java
diff --git a/core/security/api-and-bypass/src/main/java/org/apache/isis/security/authentication/standard/AuthenticatorDefault.java b/core/security/api/src/main/java/org/apache/isis/security/authentication/standard/AuthenticatorDefault.java
similarity index 100%
rename from core/security/api-and-bypass/src/main/java/org/apache/isis/security/authentication/standard/AuthenticatorDefault.java
rename to core/security/api/src/main/java/org/apache/isis/security/authentication/standard/AuthenticatorDefault.java
diff --git a/core/security/api-and-bypass/src/main/java/org/apache/isis/security/authentication/standard/NoAuthenticatorException.java b/core/security/api/src/main/java/org/apache/isis/security/authentication/standard/NoAuthenticatorException.java
similarity index 100%
rename from core/security/api-and-bypass/src/main/java/org/apache/isis/security/authentication/standard/NoAuthenticatorException.java
rename to core/security/api/src/main/java/org/apache/isis/security/authentication/standard/NoAuthenticatorException.java
diff --git a/core/security/api-and-bypass/src/main/java/org/apache/isis/security/authentication/standard/PasswordRequestAuthenticatorAbstract.java b/core/security/api/src/main/java/org/apache/isis/security/authentication/standard/PasswordRequestAuthenticatorAbstract.java
similarity index 100%
rename from core/security/api-and-bypass/src/main/java/org/apache/isis/security/authentication/standard/PasswordRequestAuthenticatorAbstract.java
rename to core/security/api/src/main/java/org/apache/isis/security/authentication/standard/PasswordRequestAuthenticatorAbstract.java
diff --git a/core/security/api-and-bypass/src/main/java/org/apache/isis/security/authentication/standard/RandomCodeGenerator.java b/core/security/api/src/main/java/org/apache/isis/security/authentication/standard/RandomCodeGenerator.java
similarity index 100%
rename from core/security/api-and-bypass/src/main/java/org/apache/isis/security/authentication/standard/RandomCodeGenerator.java
rename to core/security/api/src/main/java/org/apache/isis/security/authentication/standard/RandomCodeGenerator.java
diff --git a/core/security/api-and-bypass/src/main/java/org/apache/isis/security/authentication/standard/RandomCodeGenerator10Chars.java b/core/security/api/src/main/java/org/apache/isis/security/authentication/standard/RandomCodeGenerator10Chars.java
similarity index 100%
rename from core/security/api-and-bypass/src/main/java/org/apache/isis/security/authentication/standard/RandomCodeGenerator10Chars.java
rename to core/security/api/src/main/java/org/apache/isis/security/authentication/standard/RandomCodeGenerator10Chars.java
diff --git a/core/security/api-and-bypass/src/main/java/org/apache/isis/security/authentication/standard/RandomCodeGeneratorUUID.java b/core/security/api/src/main/java/org/apache/isis/security/authentication/standard/RandomCodeGeneratorUUID.java
similarity index 100%
rename from core/security/api-and-bypass/src/main/java/org/apache/isis/security/authentication/standard/RandomCodeGeneratorUUID.java
rename to core/security/api/src/main/java/org/apache/isis/security/authentication/standard/RandomCodeGeneratorUUID.java
diff --git a/core/security/api-and-bypass/src/main/java/org/apache/isis/security/authentication/standard/Registrar.java b/core/security/api/src/main/java/org/apache/isis/security/authentication/standard/Registrar.java
similarity index 100%
rename from core/security/api-and-bypass/src/main/java/org/apache/isis/security/authentication/standard/Registrar.java
rename to core/security/api/src/main/java/org/apache/isis/security/authentication/standard/Registrar.java
diff --git a/core/security/api-and-bypass/src/main/java/org/apache/isis/security/authentication/standard/RegistrationDetailsPassword.java b/core/security/api/src/main/java/org/apache/isis/security/authentication/standard/RegistrationDetailsPassword.java
similarity index 100%
rename from core/security/api-and-bypass/src/main/java/org/apache/isis/security/authentication/standard/RegistrationDetailsPassword.java
rename to core/security/api/src/main/java/org/apache/isis/security/authentication/standard/RegistrationDetailsPassword.java
diff --git a/core/security/api-and-bypass/src/main/java/org/apache/isis/security/authentication/standard/SimpleSession.java b/core/security/api/src/main/java/org/apache/isis/security/authentication/standard/SimpleSession.java
similarity index 100%
rename from core/security/api-and-bypass/src/main/java/org/apache/isis/security/authentication/standard/SimpleSession.java
rename to core/security/api/src/main/java/org/apache/isis/security/authentication/standard/SimpleSession.java
diff --git a/core/security/api-and-bypass/src/main/java/org/apache/isis/security/authorization/manager/AuthorizationManager.java b/core/security/api/src/main/java/org/apache/isis/security/authorization/manager/AuthorizationManager.java
similarity index 100%
rename from core/security/api-and-bypass/src/main/java/org/apache/isis/security/authorization/manager/AuthorizationManager.java
rename to core/security/api/src/main/java/org/apache/isis/security/authorization/manager/AuthorizationManager.java
diff --git a/core/security/api-and-bypass/src/main/java/org/apache/isis/security/authorization/standard/AuthorizationConstants.java b/core/security/api/src/main/java/org/apache/isis/security/authorization/standard/AuthorizationConstants.java
similarity index 100%
rename from core/security/api-and-bypass/src/main/java/org/apache/isis/security/authorization/standard/AuthorizationConstants.java
rename to core/security/api/src/main/java/org/apache/isis/security/authorization/standard/AuthorizationConstants.java
diff --git a/core/security/api-and-bypass/src/main/java/org/apache/isis/security/authorization/standard/Authorizor.java b/core/security/api/src/main/java/org/apache/isis/security/authorization/standard/Authorizor.java
similarity index 100%
rename from core/security/api-and-bypass/src/main/java/org/apache/isis/security/authorization/standard/Authorizor.java
rename to core/security/api/src/main/java/org/apache/isis/security/authorization/standard/Authorizor.java
diff --git a/core/security/api-and-bypass/src/test/java/org/apache/isis/security/EncodabilityContractTest.java b/core/security/api/src/test/java/org/apache/isis/security/EncodabilityContractTest.java
similarity index 100%
rename from core/security/api-and-bypass/src/test/java/org/apache/isis/security/EncodabilityContractTest.java
rename to core/security/api/src/test/java/org/apache/isis/security/EncodabilityContractTest.java
diff --git a/core/security/api-and-bypass/src/test/java/org/apache/isis/security/authentication/fixture/LogonFixtureAuthenticatorTest.java b/core/security/api/src/test/java/org/apache/isis/security/authentication/fixture/LogonFixtureAuthenticatorTest.java
similarity index 100%
rename from core/security/api-and-bypass/src/test/java/org/apache/isis/security/authentication/fixture/LogonFixtureAuthenticatorTest.java
rename to core/security/api/src/test/java/org/apache/isis/security/authentication/fixture/LogonFixtureAuthenticatorTest.java
diff --git a/core/security/api-and-bypass/src/test/java/org/apache/isis/security/authentication/standard/AuthenticatorDefaultTest.java b/core/security/api/src/test/java/org/apache/isis/security/authentication/standard/AuthenticatorDefaultTest.java
similarity index 100%
rename from core/security/api-and-bypass/src/test/java/org/apache/isis/security/authentication/standard/AuthenticatorDefaultTest.java
rename to core/security/api/src/test/java/org/apache/isis/security/authentication/standard/AuthenticatorDefaultTest.java
diff --git a/core/security/api-and-bypass/src/test/java/org/apache/isis/security/authentication/standard/SimpleSessionEncodabilityNoRolesTest.java b/core/security/api/src/test/java/org/apache/isis/security/authentication/standard/SimpleSessionEncodabilityNoRolesTest.java
similarity index 100%
rename from core/security/api-and-bypass/src/test/java/org/apache/isis/security/authentication/standard/SimpleSessionEncodabilityNoRolesTest.java
rename to core/security/api/src/test/java/org/apache/isis/security/authentication/standard/SimpleSessionEncodabilityNoRolesTest.java
diff --git a/core/security/api-and-bypass/src/test/java/org/apache/isis/security/authentication/standard/SimpleSessionEncodabilityTestAbstract.java b/core/security/api/src/test/java/org/apache/isis/security/authentication/standard/SimpleSessionEncodabilityTestAbstract.java
similarity index 100%
rename from core/security/api-and-bypass/src/test/java/org/apache/isis/security/authentication/standard/SimpleSessionEncodabilityTestAbstract.java
rename to core/security/api/src/test/java/org/apache/isis/security/authentication/standard/SimpleSessionEncodabilityTestAbstract.java
diff --git a/core/security/api-and-bypass/src/test/java/org/apache/isis/security/authentication/standard/SimpleSessionEncodabilityWithRolesTest.java b/core/security/api/src/test/java/org/apache/isis/security/authentication/standard/SimpleSessionEncodabilityWithRolesTest.java
similarity index 100%
rename from core/security/api-and-bypass/src/test/java/org/apache/isis/security/authentication/standard/SimpleSessionEncodabilityWithRolesTest.java
rename to core/security/api/src/test/java/org/apache/isis/security/authentication/standard/SimpleSessionEncodabilityWithRolesTest.java
diff --git a/core/security/api-and-bypass/src/test/java/org/apache/isis/security/authentication/standard/StandardAuthenticationManager_AuthenticationTest.java b/core/security/api/src/test/java/org/apache/isis/security/authentication/standard/StandardAuthenticationManager_AuthenticationTest.java
similarity index 100%
rename from core/security/api-and-bypass/src/test/java/org/apache/isis/security/authentication/standard/StandardAuthenticationManager_AuthenticationTest.java
rename to core/security/api/src/test/java/org/apache/isis/security/authentication/standard/StandardAuthenticationManager_AuthenticationTest.java
diff --git a/core/security/api-and-bypass/src/test/java/org/apache/isis/security/authentication/standard/StandardAuthenticationManager_AuthenticatorsTest.java b/core/security/api/src/test/java/org/apache/isis/security/authentication/standard/StandardAuthenticationManager_AuthenticatorsTest.java
similarity index 100%
rename from core/security/api-and-bypass/src/test/java/org/apache/isis/security/authentication/standard/StandardAuthenticationManager_AuthenticatorsTest.java
rename to core/security/api/src/test/java/org/apache/isis/security/authentication/standard/StandardAuthenticationManager_AuthenticatorsTest.java
diff --git a/core/security/plugins/shiro/_adoc/antora.yml b/core/security/bypass/_adoc/antora.yml
similarity index 59%
copy from core/security/plugins/shiro/_adoc/antora.yml
copy to core/security/bypass/_adoc/antora.yml
index 87adb67..9a49270 100644
--- a/core/security/plugins/shiro/_adoc/antora.yml
+++ b/core/security/bypass/_adoc/antora.yml
@@ -1,5 +1,5 @@
-name: security-shiro
-title: "Security - Shiro"
+name: security-bypass
+title: "Security - Bypass"
version: master
start_page: ROOT:about.adoc
nav:
diff --git a/core/security/_adoc/examples.csv b/core/security/bypass/_adoc/examples.csv
similarity index 100%
rename from core/security/_adoc/examples.csv
rename to core/security/bypass/_adoc/examples.csv
diff --git a/core/security/_adoc/modules/ROOT/_attributes.adoc b/core/security/bypass/_adoc/modules/ROOT/_attributes.adoc
similarity index 100%
rename from core/security/_adoc/modules/ROOT/_attributes.adoc
rename to core/security/bypass/_adoc/modules/ROOT/_attributes.adoc
diff --git a/core/security/_adoc/modules/ROOT/examples/.gitkeep b/core/security/bypass/_adoc/modules/ROOT/assets/attachments/.gitkeep
similarity index 100%
rename from core/security/_adoc/modules/ROOT/examples/.gitkeep
rename to core/security/bypass/_adoc/modules/ROOT/assets/attachments/.gitkeep
diff --git a/core/security/_adoc/modules/ROOT/assets/images/security/security-apis-impl/configure-isis-to-use-bypass.PNG b/core/security/bypass/_adoc/modules/ROOT/assets/images/security/security-apis-impl/configure-isis-to-use-bypass.PNG
similarity index 100%
rename from core/security/_adoc/modules/ROOT/assets/images/security/security-apis-impl/configure-isis-to-use-bypass.PNG
rename to core/security/bypass/_adoc/modules/ROOT/assets/images/security/security-apis-impl/configure-isis-to-use-bypass.PNG
diff --git a/core/security/_adoc/modules/ROOT/assets/attachments/.gitkeep b/core/security/bypass/_adoc/modules/ROOT/examples/.gitkeep
similarity index 100%
rename from core/security/_adoc/modules/ROOT/assets/attachments/.gitkeep
rename to core/security/bypass/_adoc/modules/ROOT/examples/.gitkeep
diff --git a/core/security/_adoc/modules/ROOT/nav.adoc b/core/security/bypass/_adoc/modules/ROOT/nav.adoc
similarity index 100%
rename from core/security/_adoc/modules/ROOT/nav.adoc
rename to core/security/bypass/_adoc/modules/ROOT/nav.adoc
diff --git a/core/security/_adoc/modules/ROOT/pages/_attributes.adoc b/core/security/bypass/_adoc/modules/ROOT/pages/_attributes.adoc
similarity index 100%
rename from core/security/_adoc/modules/ROOT/pages/_attributes.adoc
rename to core/security/bypass/_adoc/modules/ROOT/pages/_attributes.adoc
diff --git a/core/security/plugins/shiro/_adoc/modules/ROOT/pages/about.adoc b/core/security/bypass/_adoc/modules/ROOT/pages/about.adoc
similarity index 81%
copy from core/security/plugins/shiro/_adoc/modules/ROOT/pages/about.adoc
copy to core/security/bypass/_adoc/modules/ROOT/pages/about.adoc
index 54d76c5..d72ade5 100644
--- a/core/security/plugins/shiro/_adoc/modules/ROOT/pages/about.adoc
+++ b/core/security/bypass/_adoc/modules/ROOT/pages/about.adoc
@@ -1,6 +1,9 @@
-= Shiro Security
+= Bypass
:Notice: Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at. http://www.apache.org/licenses/LICENSE-2.0 . Unless required by applicable law or ag [...]
include::_attributes.adoc[]
:page-partial:
-This guide describes the configuration of the Shiro implementation of Apache Isis' `Authenticator and `Authorizor` APIs.
+The bypass implementation, as its name suggests, allows both authentication and authorization to be bypassed.
+
+This is typically used for integration tests or for prototyping.
+
diff --git a/core/security/_adoc/modules/ROOT/pages/configuring-isis-to-use-bypass.adoc b/core/security/bypass/_adoc/modules/ROOT/pages/configuring-isis-to-use-bypass.adoc
similarity index 100%
rename from core/security/_adoc/modules/ROOT/pages/configuring-isis-to-use-bypass.adoc
rename to core/security/bypass/_adoc/modules/ROOT/pages/configuring-isis-to-use-bypass.adoc
diff --git a/core/security/plugins/shiro/_adoc/modules/ROOT/pages/_attributes.adoc b/core/security/bypass/_adoc/modules/ROOT/partials/_attributes.adoc
similarity index 100%
copy from core/security/plugins/shiro/_adoc/modules/ROOT/pages/_attributes.adoc
copy to core/security/bypass/_adoc/modules/ROOT/partials/_attributes.adoc
diff --git a/core/security/_adoc/sync_examples.sh b/core/security/bypass/_adoc/sync_examples.sh
similarity index 100%
rename from core/security/_adoc/sync_examples.sh
rename to core/security/bypass/_adoc/sync_examples.sh
diff --git a/core/security/api-and-bypass/pom.xml b/core/security/bypass/pom.xml
similarity index 89%
rename from core/security/api-and-bypass/pom.xml
rename to core/security/bypass/pom.xml
index 03fdb4c..0dd8869 100644
--- a/core/security/api-and-bypass/pom.xml
+++ b/core/security/bypass/pom.xml
@@ -27,22 +27,18 @@
<relativePath>../../pom.xml</relativePath>
</parent>
- <artifactId>isis-security</artifactId>
- <name>Apache Isis Security + Bypass</name>
+ <artifactId>isis-security-bypass</artifactId>
+ <name>Apache Isis Security - Bypass Implementation</name>
<properties>
- <jar-plugin.automaticModuleName>org.apache.isis.security</jar-plugin.automaticModuleName>
- <git-plugin.propertiesDir>org/apache/isis/security</git-plugin.propertiesDir>
+ <jar-plugin.automaticModuleName>org.apache.isis.security.bypass</jar-plugin.automaticModuleName>
+ <git-plugin.propertiesDir>org/apache/isis/security/bypass</git-plugin.propertiesDir>
</properties>
<dependencies>
<dependency>
<groupId>org.apache.isis.core</groupId>
- <artifactId>isis-applib</artifactId>
- </dependency>
- <dependency>
- <groupId>org.apache.isis.core</groupId>
- <artifactId>isis-config</artifactId>
+ <artifactId>isis-security</artifactId>
</dependency>
</dependencies>
diff --git a/core/security/api-and-bypass/src/main/java/org/apache/isis/security/IsisBootSecurityBypass.java b/core/security/bypass/src/main/java/org/apache/isis/security/IsisBootSecurityBypass.java
similarity index 100%
rename from core/security/api-and-bypass/src/main/java/org/apache/isis/security/IsisBootSecurityBypass.java
rename to core/security/bypass/src/main/java/org/apache/isis/security/IsisBootSecurityBypass.java
diff --git a/core/security/api-and-bypass/src/main/java/org/apache/isis/security/authentication/bypass/AuthenticatorBypass.java b/core/security/bypass/src/main/java/org/apache/isis/security/authentication/bypass/AuthenticatorBypass.java
similarity index 100%
rename from core/security/api-and-bypass/src/main/java/org/apache/isis/security/authentication/bypass/AuthenticatorBypass.java
rename to core/security/bypass/src/main/java/org/apache/isis/security/authentication/bypass/AuthenticatorBypass.java
diff --git a/core/security/api-and-bypass/src/main/java/org/apache/isis/security/authorization/bypass/AuthorizorBypass.java b/core/security/bypass/src/main/java/org/apache/isis/security/authorization/bypass/AuthorizorBypass.java
similarity index 100%
rename from core/security/api-and-bypass/src/main/java/org/apache/isis/security/authorization/bypass/AuthorizorBypass.java
rename to core/security/bypass/src/main/java/org/apache/isis/security/authorization/bypass/AuthorizorBypass.java
diff --git a/core/security/plugins/shiro/NOTICE b/core/security/shiro/NOTICE
similarity index 100%
rename from core/security/plugins/shiro/NOTICE
rename to core/security/shiro/NOTICE
diff --git a/core/security/plugins/shiro/_adoc/antora.yml b/core/security/shiro/_adoc/antora.yml
similarity index 100%
rename from core/security/plugins/shiro/_adoc/antora.yml
rename to core/security/shiro/_adoc/antora.yml
diff --git a/core/security/plugins/shiro/_adoc/examples.csv b/core/security/shiro/_adoc/examples.csv
similarity index 100%
rename from core/security/plugins/shiro/_adoc/examples.csv
rename to core/security/shiro/_adoc/examples.csv
diff --git a/core/security/plugins/shiro/_adoc/modules/ROOT/_attributes.adoc b/core/security/shiro/_adoc/modules/ROOT/_attributes.adoc
similarity index 100%
rename from core/security/plugins/shiro/_adoc/modules/ROOT/_attributes.adoc
rename to core/security/shiro/_adoc/modules/ROOT/_attributes.adoc
diff --git a/core/security/plugins/shiro/_adoc/modules/ROOT/examples/.gitkeep b/core/security/shiro/_adoc/modules/ROOT/assets/attachments/.gitkeep
similarity index 100%
copy from core/security/plugins/shiro/_adoc/modules/ROOT/examples/.gitkeep
copy to core/security/shiro/_adoc/modules/ROOT/assets/attachments/.gitkeep
diff --git a/core/security/plugins/shiro/_adoc/modules/ROOT/assets/images/configuration/configuring-shiro/ldap/activeds-ldap-groups.png b/core/security/shiro/_adoc/modules/ROOT/assets/images/configuration/configuring-shiro/ldap/activeds-ldap-groups.png
similarity index 100%
rename from core/security/plugins/shiro/_adoc/modules/ROOT/assets/images/configuration/configuring-shiro/ldap/activeds-ldap-groups.png
rename to core/security/shiro/_adoc/modules/ROOT/assets/images/configuration/configuring-shiro/ldap/activeds-ldap-groups.png
diff --git a/core/security/plugins/shiro/_adoc/modules/ROOT/assets/images/configuration/configuring-shiro/ldap/activeds-ldap-mojo-partition.png b/core/security/shiro/_adoc/modules/ROOT/assets/images/configuration/configuring-shiro/ldap/activeds-ldap-mojo-partition.png
similarity index 100%
rename from core/security/plugins/shiro/_adoc/modules/ROOT/assets/images/configuration/configuring-shiro/ldap/activeds-ldap-mojo-partition.png
rename to core/security/shiro/_adoc/modules/ROOT/assets/images/configuration/configuring-shiro/ldap/activeds-ldap-mojo-partition.png
diff --git a/core/security/plugins/shiro/_adoc/modules/ROOT/assets/images/configuration/configuring-shiro/ldap/activeds-ldap-mojo-root-dse.png b/core/security/shiro/_adoc/modules/ROOT/assets/images/configuration/configuring-shiro/ldap/activeds-ldap-mojo-root-dse.png
similarity index 100%
rename from core/security/plugins/shiro/_adoc/modules/ROOT/assets/images/configuration/configuring-shiro/ldap/activeds-ldap-mojo-root-dse.png
rename to core/security/shiro/_adoc/modules/ROOT/assets/images/configuration/configuring-shiro/ldap/activeds-ldap-mojo-root-dse.png
diff --git a/core/security/plugins/shiro/_adoc/modules/ROOT/assets/images/configuration/configuring-shiro/ldap/activeds-ldap-sasl-authentication.png b/core/security/shiro/_adoc/modules/ROOT/assets/images/configuration/configuring-shiro/ldap/activeds-ldap-sasl-authentication.png
similarity index 100%
rename from core/security/plugins/shiro/_adoc/modules/ROOT/assets/images/configuration/configuring-shiro/ldap/activeds-ldap-sasl-authentication.png
rename to core/security/shiro/_adoc/modules/ROOT/assets/images/configuration/configuring-shiro/ldap/activeds-ldap-sasl-authentication.png
diff --git a/core/security/plugins/shiro/_adoc/modules/ROOT/assets/images/configuration/configuring-shiro/ldap/activeds-ldap-users.png b/core/security/shiro/_adoc/modules/ROOT/assets/images/configuration/configuring-shiro/ldap/activeds-ldap-users.png
similarity index 100%
rename from core/security/plugins/shiro/_adoc/modules/ROOT/assets/images/configuration/configuring-shiro/ldap/activeds-ldap-users.png
rename to core/security/shiro/_adoc/modules/ROOT/assets/images/configuration/configuring-shiro/ldap/activeds-ldap-users.png
diff --git a/core/security/plugins/shiro/_adoc/modules/ROOT/assets/images/security/security-apis-impl/configure-isis-to-use-shiro.png b/core/security/shiro/_adoc/modules/ROOT/assets/images/security/security-apis-impl/configure-isis-to-use-shiro.png
similarity index 100%
rename from core/security/plugins/shiro/_adoc/modules/ROOT/assets/images/security/security-apis-impl/configure-isis-to-use-shiro.png
rename to core/security/shiro/_adoc/modules/ROOT/assets/images/security/security-apis-impl/configure-isis-to-use-shiro.png
diff --git a/core/security/plugins/shiro/_adoc/modules/ROOT/assets/images/security/security-apis-impl/configure-shiro-to-use-custom-jdbc-realm.png b/core/security/shiro/_adoc/modules/ROOT/assets/images/security/security-apis-impl/configure-shiro-to-use-custom-jdbc-realm.png
similarity index 100%
rename from core/security/plugins/shiro/_adoc/modules/ROOT/assets/images/security/security-apis-impl/configure-shiro-to-use-custom-jdbc-realm.png
rename to core/security/shiro/_adoc/modules/ROOT/assets/images/security/security-apis-impl/configure-shiro-to-use-custom-jdbc-realm.png
diff --git a/core/security/plugins/shiro/_adoc/modules/ROOT/assets/images/security/security-apis-impl/configure-shiro-to-use-ini-realm.PNG b/core/security/shiro/_adoc/modules/ROOT/assets/images/security/security-apis-impl/configure-shiro-to-use-ini-realm.PNG
similarity index 100%
rename from core/security/plugins/shiro/_adoc/modules/ROOT/assets/images/security/security-apis-impl/configure-shiro-to-use-ini-realm.PNG
rename to core/security/shiro/_adoc/modules/ROOT/assets/images/security/security-apis-impl/configure-shiro-to-use-ini-realm.PNG
diff --git a/core/security/plugins/shiro/_adoc/modules/ROOT/assets/images/security/security-apis-impl/configure-shiro-to-use-isis-ldap-realm.PNG b/core/security/shiro/_adoc/modules/ROOT/assets/images/security/security-apis-impl/configure-shiro-to-use-isis-ldap-realm.PNG
similarity index 100%
rename from core/security/plugins/shiro/_adoc/modules/ROOT/assets/images/security/security-apis-impl/configure-shiro-to-use-isis-ldap-realm.PNG
rename to core/security/shiro/_adoc/modules/ROOT/assets/images/security/security-apis-impl/configure-shiro-to-use-isis-ldap-realm.PNG
diff --git a/core/security/plugins/shiro/_adoc/modules/ROOT/assets/images/security/security-apis-impl/configure-shiro-to-use-isisaddons-security-module-realm-with-delegate-realm.PNG b/core/security/shiro/_adoc/modules/ROOT/assets/images/security/security-apis-impl/configure-shiro-to-use-isisaddons-security-module-realm-with-delegate-realm.PNG
similarity index 100%
rename from core/security/plugins/shiro/_adoc/modules/ROOT/assets/images/security/security-apis-impl/configure-shiro-to-use-isisaddons-security-module-realm-with-delegate-realm.PNG
rename to core/security/shiro/_adoc/modules/ROOT/assets/images/security/security-apis-impl/configure-shiro-to-use-isisaddons-security-module-realm-with-delegate-realm.PNG
diff --git a/core/security/plugins/shiro/_adoc/modules/ROOT/assets/images/security/security-apis-impl/configure-shiro-to-use-isisaddons-security-module-realm.PNG b/core/security/shiro/_adoc/modules/ROOT/assets/images/security/security-apis-impl/configure-shiro-to-use-isisaddons-security-module-realm.PNG
similarity index 100%
rename from core/security/plugins/shiro/_adoc/modules/ROOT/assets/images/security/security-apis-impl/configure-shiro-to-use-isisaddons-security-module-realm.PNG
rename to core/security/shiro/_adoc/modules/ROOT/assets/images/security/security-apis-impl/configure-shiro-to-use-isisaddons-security-module-realm.PNG
diff --git a/core/security/plugins/shiro/_adoc/modules/ROOT/examples/.gitkeep b/core/security/shiro/_adoc/modules/ROOT/examples/.gitkeep
similarity index 100%
rename from core/security/plugins/shiro/_adoc/modules/ROOT/examples/.gitkeep
rename to core/security/shiro/_adoc/modules/ROOT/examples/.gitkeep
diff --git a/core/security/plugins/shiro/_adoc/modules/ROOT/nav.adoc b/core/security/shiro/_adoc/modules/ROOT/nav.adoc
similarity index 100%
rename from core/security/plugins/shiro/_adoc/modules/ROOT/nav.adoc
rename to core/security/shiro/_adoc/modules/ROOT/nav.adoc
diff --git a/core/security/plugins/shiro/_adoc/modules/ROOT/pages/_attributes.adoc b/core/security/shiro/_adoc/modules/ROOT/pages/_attributes.adoc
similarity index 100%
rename from core/security/plugins/shiro/_adoc/modules/ROOT/pages/_attributes.adoc
rename to core/security/shiro/_adoc/modules/ROOT/pages/_attributes.adoc
diff --git a/core/security/plugins/shiro/_adoc/modules/ROOT/pages/about.adoc b/core/security/shiro/_adoc/modules/ROOT/pages/about.adoc
similarity index 100%
rename from core/security/plugins/shiro/_adoc/modules/ROOT/pages/about.adoc
rename to core/security/shiro/_adoc/modules/ROOT/pages/about.adoc
diff --git a/core/security/plugins/shiro/_adoc/modules/ROOT/pages/configuring-isis-to-use-shiro.adoc b/core/security/shiro/_adoc/modules/ROOT/pages/configuring-isis-to-use-shiro.adoc
similarity index 100%
rename from core/security/plugins/shiro/_adoc/modules/ROOT/pages/configuring-isis-to-use-shiro.adoc
rename to core/security/shiro/_adoc/modules/ROOT/pages/configuring-isis-to-use-shiro.adoc
diff --git a/core/security/plugins/shiro/_adoc/modules/ROOT/pages/run-as.adoc b/core/security/shiro/_adoc/modules/ROOT/pages/run-as.adoc
similarity index 100%
rename from core/security/plugins/shiro/_adoc/modules/ROOT/pages/run-as.adoc
rename to core/security/shiro/_adoc/modules/ROOT/pages/run-as.adoc
diff --git a/core/security/plugins/shiro/_adoc/modules/ROOT/pages/shiro-caching.adoc b/core/security/shiro/_adoc/modules/ROOT/pages/shiro-caching.adoc
similarity index 100%
rename from core/security/plugins/shiro/_adoc/modules/ROOT/pages/shiro-caching.adoc
rename to core/security/shiro/_adoc/modules/ROOT/pages/shiro-caching.adoc
diff --git a/core/security/plugins/shiro/_adoc/modules/ROOT/pages/shiro-isis-enhanced-wildcard-permission.adoc b/core/security/shiro/_adoc/modules/ROOT/pages/shiro-isis-enhanced-wildcard-permission.adoc
similarity index 100%
rename from core/security/plugins/shiro/_adoc/modules/ROOT/pages/shiro-isis-enhanced-wildcard-permission.adoc
rename to core/security/shiro/_adoc/modules/ROOT/pages/shiro-isis-enhanced-wildcard-permission.adoc
diff --git a/core/security/plugins/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations.adoc b/core/security/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations.adoc
similarity index 92%
rename from core/security/plugins/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations.adoc
rename to core/security/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations.adoc
index 2d7d90f..704923a 100644
--- a/core/security/plugins/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations.adoc
+++ b/core/security/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations.adoc
@@ -5,8 +5,4 @@ include::_attributes.adoc[]
:page-partial:
The Shiro concept of a `Realm` allows different implementations of both the authentication and authorisation mechanism to be plugged in.
-This chapter lists some of these
-
-supports the pluggable realm implementations
-
-
+This chapter describes a number of these implementations.
diff --git a/core/security/plugins/shiro/_adoc/modules/ROOT/partials/_attributes.adoc b/core/security/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations/_attributes.adoc
similarity index 100%
rename from core/security/plugins/shiro/_adoc/modules/ROOT/partials/_attributes.adoc
rename to core/security/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations/_attributes.adoc
diff --git a/core/security/plugins/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations/ini-realm.adoc b/core/security/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations/ini-realm.adoc
similarity index 100%
rename from core/security/plugins/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations/ini-realm.adoc
rename to core/security/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations/ini-realm.adoc
diff --git a/core/security/plugins/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations/isis-ldap-realm.adoc b/core/security/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations/isis-ldap-realm.adoc
similarity index 100%
rename from core/security/plugins/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations/isis-ldap-realm.adoc
rename to core/security/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations/isis-ldap-realm.adoc
diff --git a/core/security/plugins/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations/isisaddons-security-module-realm.adoc b/core/security/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations/isisaddons-security-module-realm.adoc
similarity index 100%
rename from core/security/plugins/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations/isisaddons-security-module-realm.adoc
rename to core/security/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations/isisaddons-security-module-realm.adoc
diff --git a/core/security/plugins/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations/jdbc-realm.adoc b/core/security/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations/jdbc-realm.adoc
similarity index 100%
rename from core/security/plugins/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations/jdbc-realm.adoc
rename to core/security/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations/jdbc-realm.adoc
diff --git a/core/security/plugins/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations/_attributes.adoc b/core/security/shiro/_adoc/modules/ROOT/partials/_attributes.adoc
similarity index 100%
rename from core/security/plugins/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations/_attributes.adoc
rename to core/security/shiro/_adoc/modules/ROOT/partials/_attributes.adoc
diff --git a/core/security/plugins/shiro/_adoc/sync_examples.sh b/core/security/shiro/_adoc/sync_examples.sh
similarity index 100%
rename from core/security/plugins/shiro/_adoc/sync_examples.sh
rename to core/security/shiro/_adoc/sync_examples.sh
diff --git a/core/security/plugins/shiro/pom.xml b/core/security/shiro/pom.xml
similarity index 99%
rename from core/security/plugins/shiro/pom.xml
rename to core/security/shiro/pom.xml
index 933442e..f939626 100644
--- a/core/security/plugins/shiro/pom.xml
+++ b/core/security/shiro/pom.xml
@@ -24,7 +24,7 @@
<groupId>org.apache.isis.core</groupId>
<artifactId>isis</artifactId>
<version>${revision}</version>
- <relativePath>../../../pom.xml</relativePath>
+ <relativePath>../../pom.xml</relativePath>
</parent>
<artifactId>isis-plugins-security-shiro</artifactId>
diff --git a/core/security/plugins/shiro/src/main/appended-resources/supplemental-models.xml b/core/security/shiro/src/main/appended-resources/supplemental-models.xml
similarity index 100%
rename from core/security/plugins/shiro/src/main/appended-resources/supplemental-models.xml
rename to core/security/shiro/src/main/appended-resources/supplemental-models.xml
diff --git a/core/security/plugins/shiro/src/main/java/org/apache/isis/security/shiro/IsisBootSecurityShiro.java b/core/security/shiro/src/main/java/org/apache/isis/security/shiro/IsisBootSecurityShiro.java
similarity index 100%
rename from core/security/plugins/shiro/src/main/java/org/apache/isis/security/shiro/IsisBootSecurityShiro.java
rename to core/security/shiro/src/main/java/org/apache/isis/security/shiro/IsisBootSecurityShiro.java
diff --git a/core/security/plugins/shiro/src/main/java/org/apache/isis/security/shiro/IsisLdapContextFactory.java b/core/security/shiro/src/main/java/org/apache/isis/security/shiro/IsisLdapContextFactory.java
similarity index 100%
rename from core/security/plugins/shiro/src/main/java/org/apache/isis/security/shiro/IsisLdapContextFactory.java
rename to core/security/shiro/src/main/java/org/apache/isis/security/shiro/IsisLdapContextFactory.java
diff --git a/core/security/plugins/shiro/src/main/java/org/apache/isis/security/shiro/IsisLdapRealm.java b/core/security/shiro/src/main/java/org/apache/isis/security/shiro/IsisLdapRealm.java
similarity index 100%
rename from core/security/plugins/shiro/src/main/java/org/apache/isis/security/shiro/IsisLdapRealm.java
rename to core/security/shiro/src/main/java/org/apache/isis/security/shiro/IsisLdapRealm.java
diff --git a/core/security/plugins/shiro/src/main/java/org/apache/isis/security/shiro/ShiroSecurityContext.java b/core/security/shiro/src/main/java/org/apache/isis/security/shiro/ShiroSecurityContext.java
similarity index 100%
rename from core/security/plugins/shiro/src/main/java/org/apache/isis/security/shiro/ShiroSecurityContext.java
rename to core/security/shiro/src/main/java/org/apache/isis/security/shiro/ShiroSecurityContext.java
diff --git a/core/security/plugins/shiro/src/main/java/org/apache/isis/security/shiro/WebModuleShiro.java b/core/security/shiro/src/main/java/org/apache/isis/security/shiro/WebModuleShiro.java
similarity index 100%
rename from core/security/plugins/shiro/src/main/java/org/apache/isis/security/shiro/WebModuleShiro.java
rename to core/security/shiro/src/main/java/org/apache/isis/security/shiro/WebModuleShiro.java
diff --git a/core/security/plugins/shiro/src/main/java/org/apache/isis/security/shiro/authentication/ShiroAuthenticator.java b/core/security/shiro/src/main/java/org/apache/isis/security/shiro/authentication/ShiroAuthenticator.java
similarity index 100%
rename from core/security/plugins/shiro/src/main/java/org/apache/isis/security/shiro/authentication/ShiroAuthenticator.java
rename to core/security/shiro/src/main/java/org/apache/isis/security/shiro/authentication/ShiroAuthenticator.java
diff --git a/core/security/plugins/shiro/src/main/java/org/apache/isis/security/shiro/authorization/IsisPermission.java b/core/security/shiro/src/main/java/org/apache/isis/security/shiro/authorization/IsisPermission.java
similarity index 100%
rename from core/security/plugins/shiro/src/main/java/org/apache/isis/security/shiro/authorization/IsisPermission.java
rename to core/security/shiro/src/main/java/org/apache/isis/security/shiro/authorization/IsisPermission.java
diff --git a/core/security/plugins/shiro/src/main/java/org/apache/isis/security/shiro/authorization/IsisPermissionResolver.java b/core/security/shiro/src/main/java/org/apache/isis/security/shiro/authorization/IsisPermissionResolver.java
similarity index 100%
rename from core/security/plugins/shiro/src/main/java/org/apache/isis/security/shiro/authorization/IsisPermissionResolver.java
rename to core/security/shiro/src/main/java/org/apache/isis/security/shiro/authorization/IsisPermissionResolver.java
diff --git a/core/security/plugins/shiro/src/main/java/org/apache/isis/security/shiro/authorization/ShiroAuthorizor.java b/core/security/shiro/src/main/java/org/apache/isis/security/shiro/authorization/ShiroAuthorizor.java
similarity index 100%
rename from core/security/plugins/shiro/src/main/java/org/apache/isis/security/shiro/authorization/ShiroAuthorizor.java
rename to core/security/shiro/src/main/java/org/apache/isis/security/shiro/authorization/ShiroAuthorizor.java
diff --git a/core/security/plugins/shiro/src/main/java/org/apache/isis/security/shiro/permrolemapper/PermissionToRoleMapper.java b/core/security/shiro/src/main/java/org/apache/isis/security/shiro/permrolemapper/PermissionToRoleMapper.java
similarity index 100%
rename from core/security/plugins/shiro/src/main/java/org/apache/isis/security/shiro/permrolemapper/PermissionToRoleMapper.java
rename to core/security/shiro/src/main/java/org/apache/isis/security/shiro/permrolemapper/PermissionToRoleMapper.java
diff --git a/core/security/plugins/shiro/src/main/java/org/apache/isis/security/shiro/permrolemapper/PermissionToRoleMapperFromIni.java b/core/security/shiro/src/main/java/org/apache/isis/security/shiro/permrolemapper/PermissionToRoleMapperFromIni.java
similarity index 100%
rename from core/security/plugins/shiro/src/main/java/org/apache/isis/security/shiro/permrolemapper/PermissionToRoleMapperFromIni.java
rename to core/security/shiro/src/main/java/org/apache/isis/security/shiro/permrolemapper/PermissionToRoleMapperFromIni.java
diff --git a/core/security/plugins/shiro/src/main/java/org/apache/isis/security/shiro/permrolemapper/PermissionToRoleMapperFromString.java b/core/security/shiro/src/main/java/org/apache/isis/security/shiro/permrolemapper/PermissionToRoleMapperFromString.java
similarity index 100%
rename from core/security/plugins/shiro/src/main/java/org/apache/isis/security/shiro/permrolemapper/PermissionToRoleMapperFromString.java
rename to core/security/shiro/src/main/java/org/apache/isis/security/shiro/permrolemapper/PermissionToRoleMapperFromString.java
diff --git a/core/security/plugins/shiro/src/main/java/org/apache/isis/security/shiro/permrolemapper/Util.java b/core/security/shiro/src/main/java/org/apache/isis/security/shiro/permrolemapper/Util.java
similarity index 100%
rename from core/security/plugins/shiro/src/main/java/org/apache/isis/security/shiro/permrolemapper/Util.java
rename to core/security/shiro/src/main/java/org/apache/isis/security/shiro/permrolemapper/Util.java
diff --git a/core/security/plugins/shiro/src/test/java/org/apache/isis/security/shiro/IsisPermissionTest_setParts.java b/core/security/shiro/src/test/java/org/apache/isis/security/shiro/IsisPermissionTest_setParts.java
similarity index 100%
rename from core/security/plugins/shiro/src/test/java/org/apache/isis/security/shiro/IsisPermissionTest_setParts.java
rename to core/security/shiro/src/test/java/org/apache/isis/security/shiro/IsisPermissionTest_setParts.java
diff --git a/core/security/plugins/shiro/src/test/java/org/apache/isis/security/shiro/IsisPermissionTest_typicalUsage.java b/core/security/shiro/src/test/java/org/apache/isis/security/shiro/IsisPermissionTest_typicalUsage.java
similarity index 100%
rename from core/security/plugins/shiro/src/test/java/org/apache/isis/security/shiro/IsisPermissionTest_typicalUsage.java
rename to core/security/shiro/src/test/java/org/apache/isis/security/shiro/IsisPermissionTest_typicalUsage.java
diff --git a/core/security/plugins/shiro/src/test/java/org/apache/isis/security/shiro/ShiroAuthenticatorOrAuthorizorTest_authenticate.java b/core/security/shiro/src/test/java/org/apache/isis/security/shiro/ShiroAuthenticatorOrAuthorizorTest_authenticate.java
similarity index 100%
rename from core/security/plugins/shiro/src/test/java/org/apache/isis/security/shiro/ShiroAuthenticatorOrAuthorizorTest_authenticate.java
rename to core/security/shiro/src/test/java/org/apache/isis/security/shiro/ShiroAuthenticatorOrAuthorizorTest_authenticate.java
diff --git a/core/security/plugins/shiro/src/test/java/org/apache/isis/security/shiro/ShiroAuthenticatorOrAuthorizorTest_isVisibleInAnyRole.java b/core/security/shiro/src/test/java/org/apache/isis/security/shiro/ShiroAuthenticatorOrAuthorizorTest_isVisibleInAnyRole.java
similarity index 100%
rename from core/security/plugins/shiro/src/test/java/org/apache/isis/security/shiro/ShiroAuthenticatorOrAuthorizorTest_isVisibleInAnyRole.java
rename to core/security/shiro/src/test/java/org/apache/isis/security/shiro/ShiroAuthenticatorOrAuthorizorTest_isVisibleInAnyRole.java
diff --git a/core/security/plugins/shiro/src/test/java/org/apache/isis/security/shiro/authorization/IsisPermissionTest_equals.java b/core/security/shiro/src/test/java/org/apache/isis/security/shiro/authorization/IsisPermissionTest_equals.java
similarity index 100%
rename from core/security/plugins/shiro/src/test/java/org/apache/isis/security/shiro/authorization/IsisPermissionTest_equals.java
rename to core/security/shiro/src/test/java/org/apache/isis/security/shiro/authorization/IsisPermissionTest_equals.java
diff --git a/core/security/plugins/shiro/src/test/java/org/apache/isis/security/shiro/permrolemapper/PermissionToRoleMapperFromIniTest.java b/core/security/shiro/src/test/java/org/apache/isis/security/shiro/permrolemapper/PermissionToRoleMapperFromIniTest.java
similarity index 100%
rename from core/security/plugins/shiro/src/test/java/org/apache/isis/security/shiro/permrolemapper/PermissionToRoleMapperFromIniTest.java
rename to core/security/shiro/src/test/java/org/apache/isis/security/shiro/permrolemapper/PermissionToRoleMapperFromIniTest.java
diff --git a/core/security/plugins/shiro/src/test/java/org/apache/isis/security/shiro/permrolemapper/PermissionToRoleMapperFromStringTest.java b/core/security/shiro/src/test/java/org/apache/isis/security/shiro/permrolemapper/PermissionToRoleMapperFromStringTest.java
similarity index 100%
rename from core/security/plugins/shiro/src/test/java/org/apache/isis/security/shiro/permrolemapper/PermissionToRoleMapperFromStringTest.java
rename to core/security/shiro/src/test/java/org/apache/isis/security/shiro/permrolemapper/PermissionToRoleMapperFromStringTest.java
diff --git a/core/security/plugins/shiro/src/test/java/org/apache/isis/security/shiro/permrolemapper/UtilTest_parse.java b/core/security/shiro/src/test/java/org/apache/isis/security/shiro/permrolemapper/UtilTest_parse.java
similarity index 100%
rename from core/security/plugins/shiro/src/test/java/org/apache/isis/security/shiro/permrolemapper/UtilTest_parse.java
rename to core/security/shiro/src/test/java/org/apache/isis/security/shiro/permrolemapper/UtilTest_parse.java
diff --git a/core/security/plugins/shiro/src/test/resources/org/apache/isis/security/shiro/permrolemapper/my.ini b/core/security/shiro/src/test/resources/org/apache/isis/security/shiro/permrolemapper/my.ini
similarity index 100%
rename from core/security/plugins/shiro/src/test/resources/org/apache/isis/security/shiro/permrolemapper/my.ini
rename to core/security/shiro/src/test/resources/org/apache/isis/security/shiro/permrolemapper/my.ini
diff --git a/core/security/plugins/shiro/src/test/resources/shiro.ini b/core/security/shiro/src/test/resources/shiro.ini
similarity index 100%
rename from core/security/plugins/shiro/src/test/resources/shiro.ini
rename to core/security/shiro/src/test/resources/shiro.ini
diff --git a/examples/apps/simpleapp/module-simple/pom.xml b/examples/apps/simpleapp/module-simple/pom.xml
index d6dbf16..c1bbec9 100644
--- a/examples/apps/simpleapp/module-simple/pom.xml
+++ b/examples/apps/simpleapp/module-simple/pom.xml
@@ -71,6 +71,11 @@
<!-- TESTS -->
<dependency>
+ <groupId>org.apache.isis.core</groupId>
+ <artifactId>isis-security-bypass</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
<groupId>org.apache.isis.mavendeps</groupId>
<artifactId>isis-mavendeps-testing</artifactId>
<type>pom</type>
diff --git a/examples/smoketests/pom.xml b/examples/smoketests/pom.xml
index a9f1fc3..0e939cd 100644
--- a/examples/smoketests/pom.xml
+++ b/examples/smoketests/pom.xml
@@ -39,6 +39,11 @@
<type>pom</type>
</dependency>
+ <dependency>
+ <groupId>org.apache.isis.core</groupId>
+ <artifactId>isis-security-bypass</artifactId>
+ </dependency>
+
<!-- ISIS CORE PLUGINS -->
<dependency>
diff --git a/examples/smoketests/src/main/java/org/apache/isis/testdomain/jdo/JdoTestDomainPersona.java b/examples/smoketests/src/main/java/org/apache/isis/testdomain/jdo/JdoTestDomainPersona.java
index 70f53f3..5e5bf6e 100644
--- a/examples/smoketests/src/main/java/org/apache/isis/testdomain/jdo/JdoTestDomainPersona.java
+++ b/examples/smoketests/src/main/java/org/apache/isis/testdomain/jdo/JdoTestDomainPersona.java
@@ -35,11 +35,11 @@ import org.apache.isis.testdomain.ldap.LdapConstants;
import lombok.val;
public enum JdoTestDomainPersona
-implements PersonaWithBuilderScript<BuilderScriptAbstract<? extends Object>> {
+implements PersonaWithBuilderScript<BuilderScriptAbstract<?>> {
PurgeAll {
@Override
- public BuilderScriptAbstract<?> builder() {
+ public BuilderScriptWithoutResult builder() {
return new BuilderScriptWithoutResult() {
@Override
@@ -64,7 +64,7 @@ implements PersonaWithBuilderScript<BuilderScriptAbstract<? extends Object>> {
InventoryWith1Book {
@Override
- public BuilderScriptAbstract<?> builder() {
+ public BuilderScriptWithResult<Inventory> builder() {
return new BuilderScriptWithResult<Inventory>() {
@Override
diff --git a/examples/smoketests/src/test/java/org/apache/isis/testdomain/auditing/AuditerServiceTest.java b/examples/smoketests/src/test/java/org/apache/isis/testdomain/auditing/AuditerServiceTest.java
index d27639e..20d2f1a 100644
--- a/examples/smoketests/src/test/java/org/apache/isis/testdomain/auditing/AuditerServiceTest.java
+++ b/examples/smoketests/src/test/java/org/apache/isis/testdomain/auditing/AuditerServiceTest.java
@@ -26,6 +26,9 @@ import java.util.UUID;
import javax.inject.Inject;
import javax.inject.Singleton;
+import org.apache.isis.extensions.fixtures.api.PersonaWithBuilderScript;
+import org.apache.isis.extensions.fixtures.fixturescripts.BuilderScriptAbstract;
+import org.apache.isis.testdomain.domainmodel.DomainModelTest_usingGoodDomain;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.springframework.boot.test.context.SpringBootTest;
@@ -70,10 +73,10 @@ class AuditerServiceTest {
void setUp() {
// cleanup
- fixtureScripts.runPersona(JdoTestDomainPersona.PurgeAll);
+ fixtureScripts.runPersona((PersonaWithBuilderScript) JdoTestDomainPersona.PurgeAll);
// given
- fixtureScripts.runPersona(JdoTestDomainPersona.InventoryWith1Book);
+ fixtureScripts.runPersona((PersonaWithBuilderScript) JdoTestDomainPersona.InventoryWith1Book);
}
diff --git a/examples/smoketests/src/test/java/org/apache/isis/testdomain/bootstrapping/JdoBootstrappingTest_usingFixtures.java b/examples/smoketests/src/test/java/org/apache/isis/testdomain/bootstrapping/JdoBootstrappingTest_usingFixtures.java
index 228c93f..72efc33 100644
--- a/examples/smoketests/src/test/java/org/apache/isis/testdomain/bootstrapping/JdoBootstrappingTest_usingFixtures.java
+++ b/examples/smoketests/src/test/java/org/apache/isis/testdomain/bootstrapping/JdoBootstrappingTest_usingFixtures.java
@@ -23,6 +23,7 @@ import static org.junit.jupiter.api.Assertions.assertEquals;
import javax.inject.Inject;
+import org.apache.isis.extensions.fixtures.api.PersonaWithBuilderScript;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.springframework.boot.test.context.SpringBootTest;
@@ -55,10 +56,10 @@ class JdoBootstrappingTest_usingFixtures {
void setUp() {
// cleanup
- fixtureScripts.runPersona(JdoTestDomainPersona.PurgeAll);
+ fixtureScripts.runPersona((PersonaWithBuilderScript) JdoTestDomainPersona.PurgeAll);
// given
- fixtureScripts.runPersona(JdoTestDomainPersona.InventoryWith1Book);
+ fixtureScripts.runPersona((PersonaWithBuilderScript) JdoTestDomainPersona.InventoryWith1Book);
}
@Test
diff --git a/examples/smoketests/src/test/java/org/apache/isis/testdomain/commandexecution/BackgroundExecutionTest.java b/examples/smoketests/src/test/java/org/apache/isis/testdomain/commandexecution/BackgroundExecutionTest.java
index f18bd22..c3b9539 100644
--- a/examples/smoketests/src/test/java/org/apache/isis/testdomain/commandexecution/BackgroundExecutionTest.java
+++ b/examples/smoketests/src/test/java/org/apache/isis/testdomain/commandexecution/BackgroundExecutionTest.java
@@ -27,6 +27,7 @@ import java.util.concurrent.TimeUnit;
import javax.inject.Inject;
+import org.apache.isis.extensions.fixtures.api.PersonaWithBuilderScript;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Disabled;
import org.junit.jupiter.api.Test;
@@ -71,10 +72,10 @@ class BackgroundExecutionTest {
@BeforeEach
void setUp() {
// cleanup
- fixtureScripts.runPersona(JdoTestDomainPersona.PurgeAll);
+ fixtureScripts.runPersona((PersonaWithBuilderScript) JdoTestDomainPersona.PurgeAll);
// given
- fixtureScripts.runPersona(JdoTestDomainPersona.InventoryWith1Book);
+ fixtureScripts.runPersona((PersonaWithBuilderScript) JdoTestDomainPersona.InventoryWith1Book);
}
@Test
diff --git a/examples/smoketests/src/test/java/org/apache/isis/testdomain/commandexecution/WrapperTest.java b/examples/smoketests/src/test/java/org/apache/isis/testdomain/commandexecution/WrapperTest.java
index 3d90d88..f86b562 100644
--- a/examples/smoketests/src/test/java/org/apache/isis/testdomain/commandexecution/WrapperTest.java
+++ b/examples/smoketests/src/test/java/org/apache/isis/testdomain/commandexecution/WrapperTest.java
@@ -27,6 +27,7 @@ import java.util.concurrent.TimeUnit;
import javax.inject.Inject;
+import org.apache.isis.extensions.fixtures.api.PersonaWithBuilderScript;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.springframework.boot.test.context.SpringBootTest;
@@ -71,10 +72,10 @@ class WrapperTest {
@BeforeEach
void setUp() {
// cleanup
- fixtureScripts.runPersona(JdoTestDomainPersona.PurgeAll);
+ fixtureScripts.runPersona((PersonaWithBuilderScript) JdoTestDomainPersona.PurgeAll);
// given
- fixtureScripts.runPersona(JdoTestDomainPersona.InventoryWith1Book);
+ fixtureScripts.runPersona((PersonaWithBuilderScript) JdoTestDomainPersona.InventoryWith1Book);
}
@Test
diff --git a/examples/smoketests/src/test/java/org/apache/isis/testdomain/domainmodel/DomainModelTest_usingGoodDomain.java b/examples/smoketests/src/test/java/org/apache/isis/testdomain/domainmodel/DomainModelTest_usingGoodDomain.java
index 0278d03..a4ed800 100644
--- a/examples/smoketests/src/test/java/org/apache/isis/testdomain/domainmodel/DomainModelTest_usingGoodDomain.java
+++ b/examples/smoketests/src/test/java/org/apache/isis/testdomain/domainmodel/DomainModelTest_usingGoodDomain.java
@@ -43,7 +43,7 @@ import lombok.val;
IsisPresets.DebugProgrammingModel,
})
-class DomainModelTest_usingGoodDomain {
+public class DomainModelTest_usingGoodDomain {
// @Inject private MetaModelService metaModelService;
// @Inject private JaxbService jaxbService;
diff --git a/examples/smoketests/src/test/java/org/apache/isis/testdomain/publishing/PublisherServiceTest.java b/examples/smoketests/src/test/java/org/apache/isis/testdomain/publishing/PublisherServiceTest.java
index a1b8fa4..3346305 100644
--- a/examples/smoketests/src/test/java/org/apache/isis/testdomain/publishing/PublisherServiceTest.java
+++ b/examples/smoketests/src/test/java/org/apache/isis/testdomain/publishing/PublisherServiceTest.java
@@ -23,6 +23,7 @@ import static org.junit.jupiter.api.Assertions.assertEquals;
import javax.inject.Inject;
import javax.inject.Singleton;
+import org.apache.isis.extensions.fixtures.api.PersonaWithBuilderScript;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.MethodOrderer;
import org.junit.jupiter.api.Order;
@@ -69,10 +70,10 @@ class PublisherServiceTest {
void setUp() {
// cleanup
- fixtureScripts.runPersona(JdoTestDomainPersona.PurgeAll);
+ fixtureScripts.runPersona((PersonaWithBuilderScript)JdoTestDomainPersona.PurgeAll);
// given
- fixtureScripts.runPersona(JdoTestDomainPersona.InventoryWith1Book);
+ fixtureScripts.runPersona((PersonaWithBuilderScript)JdoTestDomainPersona.InventoryWith1Book);
}
@Test @Order(1)
diff --git a/examples/smoketests/src/test/java/org/apache/isis/testdomain/shiro/ShiroSecmanLdapTest.java b/examples/smoketests/src/test/java/org/apache/isis/testdomain/shiro/ShiroSecmanLdapTest.java
index b7924dc..da7535a 100644
--- a/examples/smoketests/src/test/java/org/apache/isis/testdomain/shiro/ShiroSecmanLdapTest.java
+++ b/examples/smoketests/src/test/java/org/apache/isis/testdomain/shiro/ShiroSecmanLdapTest.java
@@ -26,6 +26,7 @@ import static org.junit.jupiter.api.Assertions.assertThrows;
import javax.inject.Inject;
+import org.apache.isis.extensions.fixtures.api.PersonaWithBuilderScript;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.CredentialsException;
@@ -99,7 +100,7 @@ class ShiroSecmanLdapTest extends AbstractShiroTest {
@BeforeEach
void setupSvenInDb() {
// given
- fixtureScripts.runPersona(JdoTestDomainPersona.SvenApplicationUser);
+ fixtureScripts.runPersona((PersonaWithBuilderScript)JdoTestDomainPersona.SvenApplicationUser);
}
diff --git a/examples/smoketests/src/test/java/org/apache/isis/testdomain/shiro/ShiroSecmanLdap_restfulStressTest.java b/examples/smoketests/src/test/java/org/apache/isis/testdomain/shiro/ShiroSecmanLdap_restfulStressTest.java
index 86fa5b0..8c926d9 100644
--- a/examples/smoketests/src/test/java/org/apache/isis/testdomain/shiro/ShiroSecmanLdap_restfulStressTest.java
+++ b/examples/smoketests/src/test/java/org/apache/isis/testdomain/shiro/ShiroSecmanLdap_restfulStressTest.java
@@ -26,6 +26,7 @@ import static org.junit.jupiter.api.Assertions.fail;
import javax.inject.Inject;
+import org.apache.isis.extensions.fixtures.api.PersonaWithBuilderScript;
import org.junit.jupiter.api.AfterAll;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.BeforeEach;
@@ -101,7 +102,7 @@ class ShiroSecmanLdap_restfulStressTest extends AbstractShiroTest {
@BeforeEach
void setupSvenInDb() {
// given
- fixtureScripts.runPersona(JdoTestDomainPersona.SvenApplicationUser);
+ fixtureScripts.runPersona((PersonaWithBuilderScript)JdoTestDomainPersona.SvenApplicationUser);
}
@Test
diff --git a/examples/smoketests/src/test/java/org/apache/isis/testdomain/timestamping/TimestampingTest.java b/examples/smoketests/src/test/java/org/apache/isis/testdomain/timestamping/TimestampingTest.java
index 9cf9f45..bd48b9a 100644
--- a/examples/smoketests/src/test/java/org/apache/isis/testdomain/timestamping/TimestampingTest.java
+++ b/examples/smoketests/src/test/java/org/apache/isis/testdomain/timestamping/TimestampingTest.java
@@ -20,6 +20,7 @@ package org.apache.isis.testdomain.timestamping;
import javax.inject.Inject;
+import org.apache.isis.extensions.fixtures.api.PersonaWithBuilderScript;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.springframework.boot.test.context.SpringBootTest;
@@ -54,10 +55,10 @@ class TimestampingTest {
void setUp() {
// cleanup
- fixtureScripts.runPersona(JdoTestDomainPersona.PurgeAll);
+ fixtureScripts.runPersona((PersonaWithBuilderScript)JdoTestDomainPersona.PurgeAll);
// given
- fixtureScripts.runPersona(JdoTestDomainPersona.InventoryWith1Book);
+ fixtureScripts.runPersona((PersonaWithBuilderScript)JdoTestDomainPersona.InventoryWith1Book);
}
@Test
diff --git a/examples/smoketests/src/test/java/org/apache/isis/testdomain/transactions/TransactionRollbackTest.java b/examples/smoketests/src/test/java/org/apache/isis/testdomain/transactions/TransactionRollbackTest.java
index 1a9d451..e17cb24 100644
--- a/examples/smoketests/src/test/java/org/apache/isis/testdomain/transactions/TransactionRollbackTest.java
+++ b/examples/smoketests/src/test/java/org/apache/isis/testdomain/transactions/TransactionRollbackTest.java
@@ -23,6 +23,7 @@ import static org.junit.jupiter.api.Assertions.assertThrows;
import javax.inject.Inject;
+import org.apache.isis.extensions.fixtures.api.PersonaWithBuilderScript;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.springframework.boot.test.context.SpringBootTest;
@@ -53,7 +54,7 @@ class TransactionRollbackTest {
@BeforeEach
void setUp() {
// cleanup
- fixtureScripts.runPersona(JdoTestDomainPersona.PurgeAll);
+ fixtureScripts.runPersona((PersonaWithBuilderScript)JdoTestDomainPersona.PurgeAll);
}
@@ -65,7 +66,7 @@ class TransactionRollbackTest {
transactionService.executeWithinTransaction(()->{
- fixtureScripts.runPersona(JdoTestDomainPersona.InventoryWith1Book);
+ fixtureScripts.runPersona((PersonaWithBuilderScript)JdoTestDomainPersona.InventoryWith1Book);
});
@@ -84,7 +85,7 @@ class TransactionRollbackTest {
transactionService.executeWithinTransaction(()->{
- fixtureScripts.runPersona(JdoTestDomainPersona.InventoryWith1Book);
+ fixtureScripts.runPersona((PersonaWithBuilderScript)JdoTestDomainPersona.InventoryWith1Book);
throw _Exceptions.unrecoverable("Test: force current tx to rollback");
diff --git a/examples/smoketests/src/test/java/org/apache/isis/testdomain/transactions/TransactionRollbackTest_withTransactional.java b/examples/smoketests/src/test/java/org/apache/isis/testdomain/transactions/TransactionRollbackTest_withTransactional.java
index 5fe95aa..c90e988 100644
--- a/examples/smoketests/src/test/java/org/apache/isis/testdomain/transactions/TransactionRollbackTest_withTransactional.java
+++ b/examples/smoketests/src/test/java/org/apache/isis/testdomain/transactions/TransactionRollbackTest_withTransactional.java
@@ -22,6 +22,7 @@ import static org.junit.jupiter.api.Assertions.assertEquals;
import javax.inject.Inject;
+import org.apache.isis.extensions.fixtures.api.PersonaWithBuilderScript;
import org.junit.jupiter.api.MethodOrderer;
import org.junit.jupiter.api.Order;
import org.junit.jupiter.api.Test;
@@ -62,12 +63,12 @@ class TransactionRollbackTest_withTransactional {
void happyCaseTx_shouldCommit() {
// cleanup just in case
- fixtureScripts.runPersona(JdoTestDomainPersona.PurgeAll);
+ fixtureScripts.runPersona((PersonaWithBuilderScript)JdoTestDomainPersona.PurgeAll);
// expected pre condition
assertEquals(0, repository.allInstances(Book.class).size());
- fixtureScripts.runPersona(JdoTestDomainPersona.InventoryWith1Book);
+ fixtureScripts.runPersona((PersonaWithBuilderScript)JdoTestDomainPersona.InventoryWith1Book);
// expected post condition
assertEquals(1, repository.allInstances(Book.class).size());
diff --git a/site.yml b/site.yml
index efc4208..a33386a 100644
--- a/site.yml
+++ b/site.yml
@@ -77,10 +77,13 @@ content:
branches: HEAD
- url: .
- start_path: core/security/_adoc
+ start_path: core/security/api/_adoc
branches: HEAD
- url: .
- start_path: core/security/plugins/shiro/_adoc
+ start_path: core/security/bypass/_adoc
+ branches: HEAD
+ - url: .
+ start_path: core/security/shiro/_adoc
branches: HEAD
- url: .
branches: HEAD
[isis] 03/03: ISIS-2062: splitting out security docs
Posted by da...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
danhaywood pushed a commit to branch v2
in repository https://gitbox.apache.org/repos/asf/isis.git
commit 7a844b58e88087f07620246f2b45118d170b1f17
Author: danhaywood <da...@haywood-associates.co.uk>
AuthorDate: Thu Sep 26 00:06:16 2019 +0100
ISIS-2062: splitting out security docs
---
README.adoc | 12 +-
.../archdesign/modules/ROOT/pages/about.adoc | 3 +
.../relnotes/modules/ROOT/pages/rn-1.10.0.adoc | 3 +-
.../what-is-apache-isis/isis-in-pictures.adoc | 12 +-
.../modules/cfg/pages/configuring-core.adoc | 2 +-
.../pages/classes/AppManifest-bootstrapping.adoc | 2 +-
.../cms/pages/classes/contributee/HasUserName.adoc | 4 +-
.../pages/classes/super/AbstractSubscriber.adoc | 2 +-
.../svc/pages/core-domain-api/EventBusService.adoc | 2 +-
.../metadata-api/ApplicationFeatureRepository.adoc | 4 -
.../UserRegistrationService.adoc | 2 +-
.../btb/pages/hints-and-tips/multi-tenancy.adoc | 6 +-
.../apache-isis-vs/mvc-server-side.adoc | 2 +-
.../fun/pages/core-concepts/philosophy/aop.adoc | 2 +-
.../security-apis-impl.pptx | Bin
.../ROOT/assets/{attachments => images}/.gitkeep | 0
.../api/_adoc/modules/ROOT/pages/about.adoc | 6 +-
.../modules/ROOT/pages/usage-by-isis-viewers.adoc | 206 +--------------------
.../api/_adoc/modules/ROOT/partials/nav.adoc | 22 ++-
...sion.adoc => enhanced-wildcard-permission.adoc} | 15 +-
.../ini-realm.adoc | 4 +-
.../isisaddons-security-module-realm.adoc | 36 ----
.../_adoc/modules/realm-jdbc/_attributes.adoc | 6 +
.../realm-jdbc}/assets/attachments/.gitkeep | 0
.../configure-shiro-to-use-custom-jdbc-realm.png | Bin 0 -> 33149 bytes
.../_adoc/modules/realm-jdbc/examples}/.gitkeep | 0
.../shiro/_adoc/modules/realm-jdbc/nav.adoc | 1 +
.../pages}/_attributes.adoc | 2 +-
.../pages/about.adoc} | 5 +-
.../modules/realm-jdbc/partials}/_attributes.adoc | 0
.../_adoc/modules/realm-ldap/_attributes.adoc | 6 +
.../realm-ldap}/assets/attachments/.gitkeep | 0
.../assets/images/activeds-ldap-groups.png | Bin 0 -> 128224 bytes
.../assets/images/activeds-ldap-mojo-partition.png | Bin 0 -> 123256 bytes
.../assets/images/activeds-ldap-mojo-root-dse.png | Bin 0 -> 113723 bytes
.../images/activeds-ldap-sasl-authentication.png | Bin 0 -> 119544 bytes
.../assets/images/activeds-ldap-users.png | Bin 0 -> 123030 bytes
.../configure-shiro-to-use-isis-ldap-realm.PNG | Bin 0 -> 32310 bytes
.../_adoc/modules/realm-ldap/examples}/.gitkeep | 0
.../shiro/_adoc/modules/realm-ldap/nav.adoc | 1 +
.../pages}/_attributes.adoc | 2 +-
.../pages/about.adoc} | 17 +-
.../partials}/_attributes.adoc | 0
core/viewer-restfulobjects/_adoc/antora.yml | 1 +
.../_adoc/modules/security/_attributes.adoc | 6 +
.../modules/security}/assets/attachments/.gitkeep | 0
.../_adoc/modules/security/assets/images}/.gitkeep | 0
.../_adoc/modules/security/examples}/.gitkeep | 0
.../_adoc/modules/security/nav.adoc | 1 +
.../_adoc/modules/security/pages}/_attributes.adoc | 2 +-
.../_adoc/modules/security}/pages/about.adoc | 8 +-
.../modules/security/partials}/_attributes.adoc | 2 +-
.../security/partials/user-registration.adoc} | 64 +------
.../_adoc/modules/security/partials/web-xml.adoc | 95 ++++++++++
core/viewer-wicket/_adoc/antora.yml | 1 +
.../ROOT/pages/features/user-registration.adoc | 3 +-
.../_adoc/modules/security/_attributes.adoc | 6 +
.../modules/security}/assets/attachments/.gitkeep | 0
.../_adoc/modules/security/assets/images}/.gitkeep | 0
.../_adoc/modules/security/examples}/.gitkeep | 0
core/viewer-wicket/_adoc/modules/security/nav.adoc | 1 +
.../_adoc/modules/security/pages}/_attributes.adoc | 2 +-
.../_adoc/modules/security}/pages/about.adoc | 8 +-
.../modules/security/partials}/_attributes.adoc | 2 +-
.../_adoc/modules/security/partials/pages.adoc | 43 +++++
.../security/partials/user-registration.adoc | 25 +++
extensions/secman/_adoc/modules/ROOT/nav.adoc | 3 +-
.../secman/_adoc/modules/ROOT/pages/about.adoc | 6 +-
.../_adoc/modules/ROOT/partials}/_attributes.adoc | 2 +-
.../secman/_adoc/modules/api/_attributes.adoc | 6 +
.../_adoc/modules/api}/assets/attachments/.gitkeep | 0
.../_adoc/modules/api/assets/images}/.gitkeep | 0
.../secman/_adoc/modules/api/examples}/.gitkeep | 0
extensions/secman/_adoc/modules/api/nav.adoc | 1 +
.../_adoc/modules/api/pages}/_attributes.adoc | 2 +-
.../secman/_adoc/modules/api/pages/about.adoc | 7 +-
.../_adoc/modules/api/partials}/_attributes.adoc | 2 +-
.../modules/encryption-jbcrypt/_attributes.adoc | 6 +
.../assets/attachments/.gitkeep | 0
.../encryption-jbcrypt/assets/images}/.gitkeep | 0
.../modules/encryption-jbcrypt/examples}/.gitkeep | 0
.../_adoc/modules/encryption-jbcrypt/nav.adoc | 1 +
.../encryption-jbcrypt/pages}/_attributes.adoc | 2 +-
.../{ROOT => encryption-jbcrypt}/pages/about.adoc | 5 +-
.../encryption-jbcrypt/partials}/_attributes.adoc | 2 +-
.../secman/_adoc/modules/model/_attributes.adoc | 6 +
.../modules/model}/assets/attachments/.gitkeep | 0
.../_adoc/modules/model/assets/images}/.gitkeep | 0
.../secman/_adoc/modules/model/examples}/.gitkeep | 0
extensions/secman/_adoc/modules/model/nav.adoc | 1 +
.../_adoc/modules/model/pages}/_attributes.adoc | 2 +-
.../_adoc/modules/{ROOT => model}/pages/about.adoc | 5 +-
.../_adoc/modules/model/partials}/_attributes.adoc | 2 +-
.../_adoc/modules/persistence-jdo/_attributes.adoc | 6 +
.../persistence-jdo}/assets/attachments/.gitkeep | 0
.../persistence-jdo/assets/images}/.gitkeep | 0
.../modules/persistence-jdo/examples}/.gitkeep | 0
.../secman/_adoc/modules/persistence-jdo/nav.adoc | 1 +
.../persistence-jdo/pages}/_attributes.adoc | 2 +-
.../{ROOT => persistence-jdo}/pages/about.adoc | 5 +-
.../persistence-jdo/partials}/_attributes.adoc | 2 +-
.../_adoc/modules/realm-shiro/_attributes.adoc | 6 +
.../realm-shiro}/assets/attachments/.gitkeep | 0
.../modules/realm-shiro/assets/images}/.gitkeep | 0
...s-security-module-realm-with-delegate-realm.PNG | Bin
...iro-to-use-isisaddons-security-module-realm.PNG | Bin
.../_adoc/modules/realm-shiro/examples}/.gitkeep | 0
.../secman/_adoc/modules/realm-shiro/nav.adoc | 1 +
.../modules/realm-shiro/pages}/_attributes.adoc | 2 +-
.../_adoc/modules/realm-shiro/pages/about.adoc | 31 ++++
.../modules/realm-shiro/partials}/_attributes.adoc | 2 +-
111 files changed, 387 insertions(+), 389 deletions(-)
diff --git a/README.adoc b/README.adoc
index f892589..4855bc1 100644
--- a/README.adoc
+++ b/README.adoc
@@ -25,8 +25,7 @@ Please note that these modules are not part of ASF, but they *are* all licensed
=== Sign-in
Apache Isis integrates with http://shiro.apache.org[Apache Shiro].
-The core framework supports file-based realms, while the (non-ASF) link:https://platform.incode.org[Incode Platform]'s link:https://platform.incode.org/modules/spi/security/spi-security.html[security module] provides a well-features subdomain of users, roles and permissions against features derived from the Isis metamodel.
-The example todoapp integrates with the security module.
+The core framework supports file-based realms, while the xref:ext-secman:ROOT:about.adoc[SecMan extension] provides a well-features subdomain of users, roles and permissions against features derived from the Apache Isis metamodel.
image::https://raw.github.com/apache/isis/master/adocs/documentation/src/main/asciidoc/pages/isis-in-pictures/images/isis-in-pictures/010-login.png[link="https://raw.github.com/apache/isis/master/adocs/documentation/src/main/asciidoc/images/isis-in-pictures/010-login.png"]
@@ -138,7 +137,7 @@ Under the activity menu are four sets of services which provide support for link
image::https://raw.github.com/apache/isis/master/adocs/documentation/src/main/asciidoc/pages/isis-in-pictures/images/isis-in-pictures/120-auditing.png[link="https://raw.github.com/apache/isis/master/adocs/documentation/src/main/asciidoc/pages/isis-in-pictures/images/isis-in-pictures/120-auditing.png"]
-In the security menu is access to the rich set of functionality provided by the link:https://platform.incode.org/modules/spi/security/spi-security.html[security module]:
+In the security menu is access to the rich set of functionality provided by the xref:ext-secman:ROOT:about.adoc[SecMan extension]:
image::https://raw.github.com/apache/isis/master/adocs/documentation/src/main/asciidoc/pages/isis-in-pictures/images/isis-in-pictures/130-security.png[link="https://raw.github.com/apache/isis/master/adocs/documentation/src/main/asciidoc/pages/isis-in-pictures/images/isis-in-pictures/130-security.png"]
@@ -155,13 +154,16 @@ image::https://raw.github.com/apache/isis/master/adocs/documentation/src/main/as
=== Multi-tenancy support
Of the various modules in the Incode Platform, the link:https://platform.incode.org/modules/spi/security/spi-security.html[security module] has the most features.
-One significant feature is the ability to associate users and objects with a "tenancy".
+
+NOTE: this module has now been integrated into the Apache Isis framework itself, as the xref:ext-secman:ROOT:about.adoc[SecMan extension].
+
+One significant feature of the is the ability to associate users and objects with a "tenancy".
The todoapp uses this feature so that different users' list of todo items are kept separate from one another.
A user with administrator is able to switch their own "tenancy" to the tenancy of some other user, in order to access the objects in that tenancy:
image::https://raw.github.com/apache/isis/master/adocs/documentation/src/main/asciidoc/pages/isis-in-pictures/images/isis-in-pictures/160-switch-tenancy.png[link="https://raw.github.com/apache/isis/master/adocs/documentation/src/main/asciidoc/pages/isis-in-pictures/images/isis-in-pictures/160-switch-tenancy.png"]
-For more details, see the security module's link:https://platform.incode.org/modules/spi/security/spi-security.html[README].
+For more details, see the security module's link:https://platform.incode.org/modules/spi/security/spi-security.html[README] (or xref:ext-secman:ROOT:about.adoc[SecMan extension])..
=== Me
diff --git a/antora/components/archdesign/modules/ROOT/pages/about.adoc b/antora/components/archdesign/modules/ROOT/pages/about.adoc
index a80f21e..277429e 100644
--- a/antora/components/archdesign/modules/ROOT/pages/about.adoc
+++ b/antora/components/archdesign/modules/ROOT/pages/about.adoc
@@ -15,3 +15,6 @@ to discuss:
* webmodule architecture (programmatic web.xml)
* use of Spring Boot & our modules for classpath scanning
* configuration
+* extensions
+* log4j2
+* plugins
diff --git a/antora/components/relnotes/modules/ROOT/pages/rn-1.10.0.adoc b/antora/components/relnotes/modules/ROOT/pages/rn-1.10.0.adoc
index 5b6c62b..b35104d 100644
--- a/antora/components/relnotes/modules/ROOT/pages/rn-1.10.0.adoc
+++ b/antora/components/relnotes/modules/ROOT/pages/rn-1.10.0.adoc
@@ -5,7 +5,8 @@ include::_attributes.adoc[]
-Apache Isis 1.10.0 provides a couple of new domain services. Client-side filtering of objects (eg to support (non-ASF) link:https://platform.incode.org[Incode Platform^]'s security module's multi-tenancy support) is completed so that autocomplete//choices, summary totals and components such as (non-ASF) link:https://platform.incode.org[Incode Platform^]'s gmap3 wicket component show only filtered objects.
+Apache Isis 1.10.0 provides a couple of new domain services.
+Client-side filtering of objects (eg to support (non-ASF) link:https://platform.incode.org[Incode Platform^]'s security module's multi-tenancy support) is completed so that autocomplete//choices, summary totals and components such as (non-ASF) link:https://platform.incode.org[Incode Platform^]'s gmap3 wicket component show only filtered objects.
The "are you sure" semantic and corresponding UI is also available, as well as the ability to specify the default view for collections.
The release also introduces a new type of contribution service (mixins), as well as bringing in support for Project Lombok
diff --git a/antora/components/toc/modules/ROOT/pages/what-is-apache-isis/isis-in-pictures.adoc b/antora/components/toc/modules/ROOT/pages/what-is-apache-isis/isis-in-pictures.adoc
index 9ff918d..bec058c 100644
--- a/antora/components/toc/modules/ROOT/pages/what-is-apache-isis/isis-in-pictures.adoc
+++ b/antora/components/toc/modules/ROOT/pages/what-is-apache-isis/isis-in-pictures.adoc
@@ -27,8 +27,8 @@ Let's start with the basics...
=== Sign-in
Apache Isis integrates with http://shiro.apache.org[Apache Shiro].
-The core framework supports file-based realms, while the (non-ASF) link:https://platform.incode.org[Incode Platform^]'s security module provides a well-features subdomain of users, roles and permissions against features derived from the Apache Isis metamodel.
-The example todoapp integrates with the security module.
+The core framework supports file-based realms, while the xref:ext-secman:ROOT:about.adoc[SecMan extension] provides a well-features subdomain of users, roles and permissions against features derived from the Apache Isis metamodel.
+
image::what-is-apache-isis/isis-in-pictures/010-login.png[width="800px",link="{imagesdir}/what-is-apache-isis/isis-in-pictures/010-login.png"]
@@ -183,7 +183,7 @@ image::what-is-apache-isis/isis-in-pictures/120-auditing.png[width="800px",link=
-In the security menu is access to the rich set of functionality provided by the (non-ASF) link:https://platform.incode.org[Incode Platform^]'s security module:
+In the security menu is access to the rich set of functionality provided by the xref:ext-secman:ROOT:about.adoc[SecMan extension]:
image::what-is-apache-isis/isis-in-pictures/130-security.png[width="800px",link="{imagesdir}/what-is-apache-isis/isis-in-pictures/130-security.png"]
@@ -209,7 +209,7 @@ image::what-is-apache-isis/isis-in-pictures/150-appsettings.png[width="800px",li
=== Multi-tenancy support
-One significant feature of the (non-ASF) link:https://platform.incode.org[Incode Platform^]'s security module is the ability to associate users and objects with a "tenancy".
+One significant feature of the xref:ext-secman:ROOT:about.adoc[SecMan extension] is the ability to associate users and objects with a "tenancy".
The todoapp uses this feature so that different users' list of todo items are kept separate from one another.
A user with administrator is able to switch their own "tenancy" to the tenancy of some other user, in order to access the objects in that tenancy:
@@ -217,12 +217,12 @@ image::what-is-apache-isis/isis-in-pictures/160-switch-tenancy.png[width="800px"
-For more details, see the (non-ASF) link:https://platform.incode.org[Incode Platform^]'s security module README.
+For more details, see the xref:ext-secman:ROOT:about.adoc[SecMan extension].
=== Me
-Most of the (non-ASF) link:https://platform.incode.org[Incode Platform^]'s security module's services are on the security menu, which would normally be provided only to administrators.
+Most of the xref:ext-secman:ROOT:about.adoc[SecMan extension]'s services are on the security menu, which would normally be provided only to administrators.
Kept separate is the "me" action:
image::what-is-apache-isis/isis-in-pictures/170-me.png[width="800px",link="{imagesdir}/what-is-apache-isis/isis-in-pictures/170-me.png"]
diff --git a/core/_adoc-rg/modules/cfg/pages/configuring-core.adoc b/core/_adoc-rg/modules/cfg/pages/configuring-core.adoc
index aa7d332..5d9c10e 100644
--- a/core/_adoc-rg/modules/cfg/pages/configuring-core.adoc
+++ b/core/_adoc-rg/modules/cfg/pages/configuring-core.adoc
@@ -695,7 +695,7 @@ If an parent object has a (scalar) reference some other object to which the user
+
If an object is returned in a list of choices or within an auto-complete list, and the user does not have access, then it is excluded from the rendered list.
-The original motivation for this feature was to transparently support such features as multi-tenancy (as per the (non-ASF) link:https://platform.incode.org[Incode Platform^]'s security module).
+The original motivation for this feature was to transparently support such features as multi-tenancy (as per the xref:ext-secman:ROOT:about.adoc[SecMan extension]).
That is, if an entity is logically "owned" by a user, then the multi-tenancy support can be arranged to prevent some other user from viewing that object.
By default this configuration property is enabled. To disable the visibility filtering, set the appropriate configuration property to `false`:
diff --git a/core/_adoc-rg/modules/cms/pages/classes/AppManifest-bootstrapping.adoc b/core/_adoc-rg/modules/cms/pages/classes/AppManifest-bootstrapping.adoc
index 17ae7a8..971c610 100644
--- a/core/_adoc-rg/modules/cms/pages/classes/AppManifest-bootstrapping.adoc
+++ b/core/_adoc-rg/modules/cms/pages/classes/AppManifest-bootstrapping.adoc
@@ -94,7 +94,7 @@ As can be seen, the various (non-ASF) link:https://platform.incode.org[Incode Pl
We normally we recommend that services are defined exclusively through `getModules()`, and that this method should therefore return an empty list.
However, there are certain use cases where the a service must be explicitly specified either because the service required does not (for whatever reason) have a xref:rg:ant:DomainService.adoc[`@DomainService`] annotation.
-For example, the (non-ASF) link:https://platform.incode.org[Incode Platform^]'s security module allows the policy to evaluate conflicting permissions to be specified by explicitly registering either the `PermissionsEvaluationServiceAllowBeatsVeto` domain service or the `PermissionsEvaluationServiceVetoBeatsAllow` domain service:
+For example, the xref:ext-secman:ROOT:about.adoc[SecMan extension] allows the policy to evaluate conflicting permissions to be specified by explicitly registering either the `PermissionsEvaluationServiceAllowBeatsVeto` domain service or the `PermissionsEvaluationServiceVetoBeatsAllow` domain service:
[source,java]
----
diff --git a/core/_adoc-rg/modules/cms/pages/classes/contributee/HasUserName.adoc b/core/_adoc-rg/modules/cms/pages/classes/contributee/HasUserName.adoc
index bd2ad5c..cf4a5b5 100644
--- a/core/_adoc-rg/modules/cms/pages/classes/contributee/HasUserName.adoc
+++ b/core/_adoc-rg/modules/cms/pages/classes/contributee/HasUserName.adoc
@@ -17,9 +17,9 @@ public interface HasUsername {
}
----
-Modules in the (non-ASF) link:https://platform.incode.org[Incode Platform^] that either have domain entity that implement and/or services that contribute this interface are:
+Modules in the xref:ext-secman:ROOT:about.adoc[SecMan extension] and also the (non-ASF) link:https://platform.incode.org[Incode Platform^] that either have domain entity that implement and/or services that contribute this interface are:
-* security module: `ApplicationUser` entity, `HasUsernameContributions` service
+* xref:ext-secman:ROOT:about.adoc[SecMan extension]: `ApplicationUser` entity, `HasUsernameContributions` service
* audit module: `AuditEntry` entity
* command module: `CommandJdo` entity, `HasUsernameContributions` service
* sessionlogger module: `SessionLogEntry` entity, `HasUsernameContributions` service
diff --git a/core/_adoc-rg/modules/cms/pages/classes/super/AbstractSubscriber.adoc b/core/_adoc-rg/modules/cms/pages/classes/super/AbstractSubscriber.adoc
index 284597d..35dbf66 100644
--- a/core/_adoc-rg/modules/cms/pages/classes/super/AbstractSubscriber.adoc
+++ b/core/_adoc-rg/modules/cms/pages/classes/super/AbstractSubscriber.adoc
@@ -9,7 +9,7 @@ This is a convenience superclass for creating subscriber domain services on the
It uses xref:rg:ant:PostConstruct.adoc[`@PostConstruct`] and xref:rg:ant:PreDestroy.adoc[`@PreDestroy`] callbacks to automatically register/unregister itself with the `EventBusService`.
It's important that subscribers register before any domain services that might emit events on the xref:rg:svc:core-domain-api/EventBusService.adoc[`EventBusService`].
-For example, the (non-ASF) link:https://platform.incode.org[Incode Platform^] security module provides a domain service that automatically seeds certain domain entities; these will generate xref:rg:cms:classes/lifecycleevent.adoc[lifecycle events] and so any subscribers must be registered before such seed services.
+For example, the xref:ext-secman:ROOT:about.adoc[SecMan extension] provides a domain service that automatically seeds certain domain entities; these will generate xref:rg:cms:classes/lifecycleevent.adoc[lifecycle events] and so any subscribers must be registered before such seed services.
The easiest way to do this is to use the xref:rg:ant:DomainServiceLayout.adoc#menuOrder[`@DomainServiceLayout#menuOrder()`] attribute.
As a convenience, the `AbstractSubscriber` specifies this attribute.
\ No newline at end of file
diff --git a/core/_adoc-rg/modules/svc/pages/core-domain-api/EventBusService.adoc b/core/_adoc-rg/modules/svc/pages/core-domain-api/EventBusService.adoc
index 405ab28..7236b0c 100644
--- a/core/_adoc-rg/modules/svc/pages/core-domain-api/EventBusService.adoc
+++ b/core/_adoc-rg/modules/svc/pages/core-domain-api/EventBusService.adoc
@@ -84,7 +84,7 @@ public class MySubscribingDomainService {
----
<1> subscribers are typically not visible in the UI, so specify a `DOMAIN` nature
<2> It's important that subscribers register before any domain services that might emit events on the event bus service.
-For example, the (non-ASF) link:https://platform.incode.org[Incode Platform^]'s security module provides a domain service that automatically seeds certain domain entities; these will generate xref:rg:cms:classes/lifecycleevent.adoc[lifecycle events] and so any subscribers must be registered before such seed services.
+For example, the xref:ext-secman:ROOT:about.adoc[SecMan extension] provides a domain service that automatically seeds certain domain entities; these will generate xref:rg:cms:classes/lifecycleevent.adoc[lifecycle events] and so any subscribers must be registered before such seed services.
The easiest way to do this is to use the xref:rg:ant:DomainServiceLayout.adoc#menuOrder[`@DomainServiceLayout#menuOrder()`] attribute.
<3> register with the event bus service during xref:rg:ant:PostConstruct.adoc[`@PostConstruct`]
initialization
diff --git a/core/_adoc-rg/modules/svc/pages/metadata-api/ApplicationFeatureRepository.adoc b/core/_adoc-rg/modules/svc/pages/metadata-api/ApplicationFeatureRepository.adoc
index 1b938e9..b06f036 100644
--- a/core/_adoc-rg/modules/svc/pages/metadata-api/ApplicationFeatureRepository.adoc
+++ b/core/_adoc-rg/modules/svc/pages/metadata-api/ApplicationFeatureRepository.adoc
@@ -9,10 +9,6 @@ include::_attributes.adoc[]
The `ApplicationFeatureRepository` provides the access to string representations of the packages, classes and
class members (collectively: "application features") of the domain classes within the Apache Isis' internal metamodel.
-[TIP]
-====
-This functionality was originally implemented as part of (non-ASF) link:https://platform.incode.org[Incode Platform^] security module, where the string representations of the various features are used to represent permissions.
-====
== API
diff --git a/core/_adoc-rg/modules/svc/pages/persistence-layer-spi/UserRegistrationService.adoc b/core/_adoc-rg/modules/svc/pages/persistence-layer-spi/UserRegistrationService.adoc
index 81ea2bc..9b79ddd 100644
--- a/core/_adoc-rg/modules/svc/pages/persistence-layer-spi/UserRegistrationService.adoc
+++ b/core/_adoc-rg/modules/svc/pages/persistence-layer-spi/UserRegistrationService.adoc
@@ -55,7 +55,7 @@ The username and email address must both be unique (not being used by an existin
The core Apache Isis framework itself defines only an API; there is no default implementation.
Rather, the implementation will depend on the security mechanism being used.
-That said, if you have configured your app to use the (non-ASF) http://platform.incode.org/modules/spi/security/spi-security.html[Incode Platform's security module] then note that the security module does provide an abstract implementation (`SecurityModuleAppUserRegistrationServiceAbstract`) of the `UserRegistrationService`.
+That said, if you have configured your app to use the xref:ext-secman:ROOT:about.adoc[SecMan extension] then note that it _does_ provide an abstract implementation (`SecurityModuleAppUserRegistrationServiceAbstract`) of the `UserRegistrationService`.
You will need to extend that service and provide implementation for the two abstract methods: `getInitialRole()` and `getAdditionalInitialRoles()`.
For example:
diff --git a/core/_adoc-ug/modules/btb/pages/hints-and-tips/multi-tenancy.adoc b/core/_adoc-ug/modules/btb/pages/hints-and-tips/multi-tenancy.adoc
index 0f26349..afed353 100644
--- a/core/_adoc-ug/modules/btb/pages/hints-and-tips/multi-tenancy.adoc
+++ b/core/_adoc-ug/modules/btb/pages/hints-and-tips/multi-tenancy.adoc
@@ -5,10 +5,8 @@ include::_attributes.adoc[]
:page-partial:
-Of the various modules provided by the (non-ASF) link:https://platform.incode.org[Incode Platform^], the security module has the most features.
-One significant feature is the ability to associate users and objects with a "tenancy".
+One significant feature provided by the xref:ext-secman:ROOT:about.adoc[SecMan extension] is the ability to associate users and objects with a "tenancy".
-
-For more details, see the link:https://platform.incode.org[Incode Platform^]'s security module README.
+For more details, see the xref:ext-secman:ROOT:about.adoc[SecMan extension]'s documentation.
diff --git a/core/_adoc-ug/modules/fun/pages/core-concepts/apache-isis-vs/mvc-server-side.adoc b/core/_adoc-ug/modules/fun/pages/core-concepts/apache-isis-vs/mvc-server-side.adoc
index 666e91c..775afc4 100644
--- a/core/_adoc-ug/modules/fun/pages/core-concepts/apache-isis-vs/mvc-server-side.adoc
+++ b/core/_adoc-ug/modules/fun/pages/core-concepts/apache-isis-vs/mvc-server-side.adoc
@@ -18,7 +18,7 @@ More sophisticated UIs can be built either by xref:vw:ROOT:extending.adoc[extend
Other frameworks can also be used to implement REST APIs, of course, but generally they require a significant amount of development to get anywhere near the level of sophistication provided automatically by Apache Isis' REST API.
Although these frameworks all provide their own ecosystems of extensions, Apache Isis' equivalent link:https://platform.incode.org[Incode Platform^] modules (non-ASF) tend to work at a higher-level of abstraction.
-For example, each of these frameworks will integrate with various security mechanism, but the (non-ASF) link:https://platform.incode.org[Incode Platform^]'s security module provides a full subdomain of users, roles, features and permissions that can be plugged into any Apache Isis application.
+For example, each of these frameworks will integrate with various security mechanism, but the xref:ext-secman:ROOT:about.adoc[SecMan extension] provides a full subdomain of users, roles, features and permissions that can be plugged into any Apache Isis application.
Similarly, the link:https://platform.incode.org[Incode Platform^]'s command and audit modules in combination provide a support for auditing and traceability that can also be used for out of the box profiling.
Again, these addons can be plugged into any Isis app.
diff --git a/core/_adoc-ug/modules/fun/pages/core-concepts/philosophy/aop.adoc b/core/_adoc-ug/modules/fun/pages/core-concepts/philosophy/aop.adoc
index e0ded12..7b05642 100644
--- a/core/_adoc-ug/modules/fun/pages/core-concepts/philosophy/aop.adoc
+++ b/core/_adoc-ug/modules/fun/pages/core-concepts/philosophy/aop.adoc
@@ -40,7 +40,7 @@ That's a rather more interesting cross-cutting concern than boring old logging!
Apache Isis also draws heavily on the AOP concept of interceptors.
Whenever an object is rendered in the UI, it is filtered with respect to the user's permissions.
That is, if a user is not authorized to either view or perhaps modify an object, then this is applied transparently by the framework.
-The (non-ASF) link:https://platform.incode.org[Incode Platform^]'s security module, mentioned previously, provides a rich user/role/permissions subdomain to use out of the box; but you can integrate with a different security mechanism if you have one already.
+The xref:ext-secman:ROOT:about.adoc[SecMan extension] provides a rich user/role/permissions subdomain to use out of the box; but you can integrate with a different security mechanism if you have one already.
Another example of interceptors are the (non-ASF) link:https://platform.incode.org[Incode Platform^]'s command and audit modules.
The command module captures every user interaction that modifies the state of the system (the "cause" of a change) while the audit module captures every change to every object (the "effect" of a change).
diff --git a/core/security/api/_adoc/modules/ROOT/assets/images/security/security-apis-impl/security-apis-impl.pptx b/core/security/api/_adoc/modules/ROOT/assets/attachments/security-apis-impl.pptx
similarity index 100%
rename from core/security/api/_adoc/modules/ROOT/assets/images/security/security-apis-impl/security-apis-impl.pptx
rename to core/security/api/_adoc/modules/ROOT/assets/attachments/security-apis-impl.pptx
diff --git a/core/security/api/_adoc/modules/ROOT/assets/attachments/.gitkeep b/core/security/api/_adoc/modules/ROOT/assets/images/.gitkeep
similarity index 100%
copy from core/security/api/_adoc/modules/ROOT/assets/attachments/.gitkeep
copy to core/security/api/_adoc/modules/ROOT/assets/images/.gitkeep
diff --git a/core/security/api/_adoc/modules/ROOT/pages/about.adoc b/core/security/api/_adoc/modules/ROOT/pages/about.adoc
index 448e869..0e12f11 100644
--- a/core/security/api/_adoc/modules/ROOT/pages/about.adoc
+++ b/core/security/api/_adoc/modules/ROOT/pages/about.adoc
@@ -32,9 +32,9 @@ The xref:helloworld:ROOT:about.adoc[HelloWorld] and xref:simpleapp:ROOT:about.ad
Shiro also ships with an implementation of an LDAP-based realm; LDAP is often used to manage user/passwords and corresponding user groups.
Apache Isis in turn extends this with its `IsisLdapRealm`, which provides more flexibility for both group/role and role/permissions management.
-In addition, the (non-ASF) link:https://platform.incode.org[Incode Platform^] modules provides the security module, which also provides an implementation of the Shiro `Realm` API.
-However, the security module also represents users, roles and permissions as domain objects, allowing them to be administered through Apache Isis itself.
-Moreover, the security module can optionally delegate password management to a subsidiary (delegate) realm (usually LDAP as discussed above).
+In addition, the xref:ext-secman:ROOT:about.adoc[SecMan extension] provides an implementation of the Shiro `Realm` API.
+This extension also represents users, roles and permissions as domain objects, allowing them to be administered through Apache Isis itself.
+Moreover, it can also optionally delegate password management to a subsidiary (delegate) realm (usually LDAP as discussed above).
In addition to Apache Isis' Shiro-based implementation of its authentication and authorization APIs, Isis also provides a "bypass" implementation, useful for quick-n-dirty prototyping when you want to in effect disable (bypass) security completely.
diff --git a/core/security/api/_adoc/modules/ROOT/pages/usage-by-isis-viewers.adoc b/core/security/api/_adoc/modules/ROOT/pages/usage-by-isis-viewers.adoc
index ed53ad1..b2711d0 100644
--- a/core/security/api/_adoc/modules/ROOT/pages/usage-by-isis-viewers.adoc
+++ b/core/security/api/_adoc/modules/ROOT/pages/usage-by-isis-viewers.adoc
@@ -6,216 +6,30 @@ include::_attributes.adoc[]
-By and large the security mechanisms within Isis are transparent to the rest of the framework (the xref:vw:ROOT:about.adoc[Wicket Viewer] and xref:vro:ROOT:about.adoc[Restful Objects viewer], and the overall xref:rg:cfg:about[core runtime]).
-
-That said, it is the responsibility of the viewers to ensure that for each request there is a valid user session present. The sections below explain how this works.
+By and large the security mechanisms within Isis are transparent to the rest of the framework.
+That said, it is the responsibility of the viewers to ensure that for each request there is a valid user session present.
+The sections below explain how this works.
+NOTE: the content below also appears in the respective user guides for the xref:vw:ROOT:about.adoc[Wicket Viewer] and the xref:vro:ROOT:about.adoc[Restful Objects viewer].
== Wicket Viewer
-The xref:vw:ROOT:about.adoc[Wicket viewer] defines a relatively small number of pages (by which we mean subclasses of `org.apache.wicket.markup.html.WebPage`):
-
-* about page
-* entity page
-* error page
-* home page
-* standalone collection page
-* value page
-* void return page
-
-All of these (except about page) are annotated with the Wicket annotation:
-
-[source,java]
-----
-@AuthorizeInstantiation("org.apache.isis.viewer.wicket.roles.USER")
-----
-
-which means that they can only be accessed by a user with an authenticated session that has this special, reserved role. If not, Wicket will automatically redirect the user to the sign-in page.
-
-[TIP]
-====
-The sign-in page to render is pluggable; see xref:vw:ROOT:extending/custom-pages.adoc[extensions chapter] for details.
-====
-
-In the sign-in page the viewer calls to the Isis Authenticator API, and obtains back a user/role. It also adds in its special reserved role (per the annotation above) and then continues on to whichever page the user was attempting to access (usually the home page).
-
-And that's really all there is to it. When the viewer renders a domain object it queries the Apache Isis metamodel, and suppresses from the view any object members (properties, actions etc) that are invisible. These may be invisible because the user has no (read ) permission, or they may be invisible because of domain object logic (eg a `hideXxx()` method). The viewer neither knows nor cares.
-
-Similarly, for those object members that _are_ visible, the viewer also checks if they are enabled or disabled. Again, an object member will be disabled if the user does not have (write) permission, or it could be disabled because of domain object logic (eg a `disableXxx()` method).
-
+include::vw:security:partial$pages.adoc[]
+[[vw-user-registration]]
=== User-registration
-As well as providing a sign-in screen, the Wicket viewer also provides the ability for users to self-register.
-By and large this operates outside of Apache Isis' security mechanisms; indeed the various pages (sign-up, sign-up verification, password reset) are all rendered _without_ there being any current user session.
-These pages all "reach inside" Apache Isis framework using a mechanism similar to xref:ug:btb:headless-access.adoc[Headless access] in order to actually do their stuff.
-
-[TIP]
-====
-The sign-in verification page to render is pluggable; see xref:vw:ROOT:extending/custom-pages.adoc[extensions chapter] for details.
-====
-
-User registration is only available if the xref:rg:svc:persistence-layer-spi/UserRegistrationService.adoc[`UserRegistrationService`] is configured; this is used by the framework to actually create new instances of the user as accessed by the corresponding (Shiro) realm.
-
-Because Shiro realms are pluggable, the Apache Isis framework does not provide default implementations of this service. However, if you are using the (non-ASF) link:https://platform.incode.org[Incode Platform^]'s security module, then this module _does_ provide an implementation (that, as you might expect, creates new "user" domain entities).
-
-If you are using an LDAP realm and want to enable user-self registration then you'll need to write your own implementation of this service.
+include::vw:security:partial$user-registration.adoc[]
== Restful Objects Viewer
-Unlike the Wicket viewer, the xref:vro:ROOT:about.adoc[Restful Objects viewer] does *not* provide any sort of login page; rather it provides a pluggable authentication strategy, delegated to by the `IsisSessionFilter` filter (set up by the framework's web bootstrapping).
-The authentication strategy is responsible for ensuring that a session is available for the REST resource.
-
-The API of `AuthenticationSessionStrategy` is simply:
-
-[source,java]
-----
-package org.apache.isis.core.webapp.auth;
-...
-public interface AuthenticationSessionStrategy {
- AuthenticationSession lookupValid( // <1>
- ServletRequest servletRequest,
- ServletResponse servletResponse);
- void bind( // <2>
- ServletRequest servletRequest,
- ServletResponse servletResponse,
- AuthenticationSession authSession);
-}
-
-----
-<1> returns a valid `AuthenticationSession` for the specified request, response
-<2> binds (associates the provided `AuthenticationSession`) to the request and response
-
-Here `AuthenticationSession` is Apache Isis' internal API that represents a signed-on user.
-
-The framework provides a number of simple strategies:
-
-* `AuthenticationSessionStrategyBasicAuth` implements the HTTP basic auth protocol (the pop-up dialog box shown by the web browser)
-* `AuthenticationSessionStrategyHeader` that simply reads the user identity from an HTTP header
-* `AuthenticationSessionStrategyTrusted` that always logs in with a special "exploration" user
-
-As you can see, none of these should be considered production-quality.
-
-The strategy is configured in `web.xml`; for example:
-
-// TODO: v2: this has changed, I think, because we now use `WebModule_Xxx` instead of `web.xml`, ie set this stuff up programmatically.
-
-[source,xml]
-----
-<filter>
- <filter-name>IsisSessionFilterForRestfulObjects</filter-name>
- <filter-class>org.apache.isis.core.webapp.IsisSessionFilter</filter-class>
- <init-param>
- <param-name>authenticationSessionStrategy</param-name>
- <param-value> <!--1-->
- org.apache.isis.viewer.restfulobjects.server.authentication.AuthenticationSessionStrategyBasicAuth
- </param-value>
- </init-param>
- <init-param>
- <param-name>whenNoSession</param-name>
- <param-value>auto</param-value> <!--2-->
- </init-param>
- <init-param>
- <param-name>passThru</param-name>
- <param-value>/restful/swagger</param-value> <!--3-->
- </init-param>
-</filter>
-----
-<1> configure basic auth strategy
-<2> what to do if no session was found; we use `auto` so as to issue a 401 status code with basic authentication challenge if the request originated from a web browser. (Prior to `1.11.0` this parameter was set either to `basicAuthChallenge` (which works when requested from web browser) or to `unauthorized` (which works when requested from a suitably coded custom Javascript app).
-<3> which paths are allowed to be accessed directly, without a session. The `/restful/swagger` path provides access to the SwaggerResource that dynamically generates swagger schema definition files from the Apache Isis metamodel.
-
-
-
-The above filter must then be chained before the servlet that actually handles the REST requests:
-
-// TODO: v2: this has changed, I think, because we now use `WebModule_Xxx` instead of `web.xml`, ie set this stuff up programmatically.
-
-[source,xml]
-----
-<filter-mapping>
- <filter-name>IsisSessionFilterForRestfulObjects</filter-name>
- <servlet-name>RestfulObjectsRestEasyDispatcher</servlet-name>
-</filter-mapping>
-...
-<servlet>
- <servlet-name>RestfulObjectsRestEasyDispatcher</servlet-name>
- <servlet-class>org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher</servlet-class>
-</servlet>
-----
-
-[NOTE]
-====
-The above `web.xml` fragments do _not_ constitute the full configuration for the Restful Objects viewer, just those parts that pertain to security.
-====
-
-
+include::vro:security:partial$web-xml.adoc[]
+[[vro-user-registration]]
=== User-registration
-Isis currently does not have any out-of-the-box support for user-registration for applications using only the Restful viewer. However, in principal the pieces do exist to put together a solution.
-
-The general idea is similar to the design of the Wicket viewer; define some subsidiary resources that can operate _without_ a user session in place, and which "reach into" the framework using headless access in order to setup the user.
-
-[TIP]
-====
-An alternative approach, possibly less work and overall of more value, would be to implement `AuthenticationSessionStrategy` for oAuth, in other words allow users to use their existing Google or Facebook account.
-====
-
-The following steps sketch out the solution in a little more detail:
-
-* Define some new Restful resources (cf link:https://github.com/apache/isis/blob/master/core/viewer-restfulobjects-server/src/main/java/org/apache/isis/viewer/restfulobjects/server/resources/DomainObjectResourceServerside.java[`DomainServiceResourceServerside`] that correspond to sign-up/register page, eg `SignupResource` +
-+
-[source,java]
-----
-@Path("/signup")
-public class SignupResource {
- ...
-}
-----
-
-* Create a new subclass of `RestfulObjectsApplication`, eg "CustomRestfulObjectsApplication" and register your resources +
-+
-[source,java]
-----
-public class CustomRestfulObjectsApplication extends RestfulObjectsApplication {
- public CustomRestfulObjectsApplication() {
- addClass(SignupResource.class);
- }
-}
-----
-
-* Register your application class in `web.xml` instead of the default: +
-+
-// TODO: v2: this may have changed, because we now use `WebModule_Xxx` instead of `web.xml`, ie set this stuff up programmatically.
-+
-[source,xml]
-----
-<context-param>
- <param-name>javax.ws.rs.Application</param-name>
- <param-value>com.mycompany.myapp.CustomRestfulObjectsApplication</param-value>
-</context-param>
-----
-
-So far this is just standard javax.rs stuff.
-
-Next, we need to ensure that a client can hit your new resource *with* the Apache Isis runtime in place, but without there being an Apache Isis session. For that....
-
-* create a subclass of the `AuthenticationSessionStrategy` that automatically returns a dummy session if the resource being accessed is "/restful/signup", say. +
-+
-You could do this by subclassing `AuthenticationSessionStrategyBasicAuth`, but then using code from `AuthenticationSessionStrategyBasicAuth` to return an "exploration" (or better, "signup") session if accessing the "/restful/signup" resource.
-
-* in the `SignUpResource` resource, you can then do a lookup of the `UserRegistrationService` in order to allow the user to be created: +
-+
-[source,java]
-----
-final UserRegistrationService userRegistrationService =
- IsisContext.getPersistenceSession().getServicesInjector().lookupService(UserRegistrationService.class);
-userRegistrationService.registerUser(userDetails);
-----
-
-Obviously the methods exposed by the `SignupResource` are up to you; ultimately they need to be able to gather information to populate the `UserDetails` object as passed to the `UserRegistrationService`.
+include::vro:security:partial$user-registration.adoc[]
diff --git a/core/security/api/_adoc/modules/ROOT/partials/nav.adoc b/core/security/api/_adoc/modules/ROOT/partials/nav.adoc
index 4b41f61..0a1284e 100644
--- a/core/security/api/_adoc/modules/ROOT/partials/nav.adoc
+++ b/core/security/api/_adoc/modules/ROOT/partials/nav.adoc
@@ -2,20 +2,26 @@
** xref:security:ROOT:api-for-applications.adoc[API for Applications]
-** Bypass
+** Bypass Implementation
*** xref:security-bypass:ROOT:configuring-isis-to-use-bypass.adoc[Configuring to use Bypass]
-** Shiro
+** Shiro Implementation (extension)
+
*** xref:security-shiro:ROOT:configuring-isis-to-use-shiro.adoc[Configuring to use Shiro]
-*** xref:security-shiro:ROOT:shiro-realm-implementations.adoc[Shiro Realm Implementations]
-**** xref:security-shiro:ROOT:shiro-realm-implementations/ini-realm.adoc[INI Realm]
-**** xref:security-shiro:ROOT:shiro-realm-implementations/isis-ldap-realm.adoc[Isis LDAP Realm]
-**** xref:security-shiro:ROOT:shiro-realm-implementations/isisaddons-security-module-realm.adoc[Isis Addons Security Module Realm]
-**** xref:security-shiro:ROOT:shiro-realm-implementations/jdbc-realm.adoc[JDBC Realm]
-*** xref:security-shiro:ROOT:shiro-isis-enhanced-wildcard-permission.adoc[Shiro Isis Enhanced Wildcard Permission]
+*** Realms
+**** xref:security-shiro:ROOT:ini-realm.adoc[INI Realm]
+**** xref:security-shiro:realm-jdbc:about.adoc[JDBC Realm]
+**** xref:security-shiro:realm-ldap:about.adoc[LDAP Realm]
+*** xref:security-shiro:ROOT:enhanced-wildcard-permission.adoc[Enhanced Wildcard Permissions]
*** xref:security-shiro:ROOT:run-as.adoc[Run As]
*** xref:security-shiro:ROOT:shiro-caching.adoc[Shiro Caching]
+** xref:ext-secman:ROOT:about.adoc[SecMan (extension)]
+*** xref:ext-secman:api:about.adoc[API]
+*** xref:ext-secman:model:about.adoc[Model]
+*** xref:ext-secman:realm-shiro:about.adoc[Realm (for Shiro)]
+*** xref:ext-secman:persistence-jdo:about.adoc[JDO Persistence]
+*** xref:ext-secman:encryption-jbcrypt:about.adoc[JBCrypt Encryption]
** xref:security:ROOT:usage-by-isis-viewers.adoc[Usage by Isis Viewers]
diff --git a/core/security/shiro/_adoc/modules/ROOT/pages/shiro-isis-enhanced-wildcard-permission.adoc b/core/security/shiro/_adoc/modules/ROOT/pages/enhanced-wildcard-permission.adoc
similarity index 68%
rename from core/security/shiro/_adoc/modules/ROOT/pages/shiro-isis-enhanced-wildcard-permission.adoc
rename to core/security/shiro/_adoc/modules/ROOT/pages/enhanced-wildcard-permission.adoc
index 2364823..1c39205 100644
--- a/core/security/shiro/_adoc/modules/ROOT/pages/shiro-isis-enhanced-wildcard-permission.adoc
+++ b/core/security/shiro/_adoc/modules/ROOT/pages/enhanced-wildcard-permission.adoc
@@ -1,13 +1,16 @@
-[[shiro-isis-enhanced-wildcard-permission]]
+[[enhanced-wildcard-permission]]
= Enhanced Wildcard Permission
:Notice: Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at. http://www.apache.org/licenses/LICENSE-2.0 . Unless required by applicable law or ag [...]
include::_attributes.adoc[]
:page-partial:
-If using the text-based xref:security-shiro:ROOT:shiro-realm-implementations/ini-realm.adoc[`IniRealm`] or xref:security-shiro:ROOT:shiro-realm-implementations/isis-ldap-realm.adoc[Isis' LDAP realm], then note that Shiro also allows the string representation of the permissions to be mapped (resolved) to alternative `Permission` instances. Apache Isis provides its own `IsisPermission` which introduces the concept of a "veto".
+If using the text-based xref:security-shiro:ROOT:ini-realm.adoc[`IniRealm`] or xref:security-shiro:realm-ldap:about.adoc[Apache Isis' LDAP realm], then note that Shiro also allows the string representation of the permissions to be mapped (resolved) to alternative `Permission` instances.
+Apache Isis provides its own `IsisPermission` which introduces the concept of a "veto".
-A vetoing permission is one that prevents access to a feature, rather than grants it. This is useful in some situations where most users have access to most features, and only a small number of features are particularly sensitive. The configuration can therefore be set up to grant fairly broad-brush permissions and then veto permission for the sensitive features for those users that do not have access.
+A vetoing permission is one that prevents access to a feature, rather than grants it.
+This is useful in some situations where most users have access to most features, and only a small number of features are particularly sensitive.
+The configuration can therefore be set up to grant fairly broad-brush permissions and then veto permission for the sensitive features for those users that do not have access.
The string representation of the `IsisPermission` uses the following format:
@@ -20,7 +23,7 @@ where:
* the optional `!` prefix indicates this permission is a vetoing permission
* the optional `xxx/` prefix is a permission group that scopes any vetoing permissions
-* the remainder of the string is the permission (possibly wildcarded, with :rw as optional suffix)
+* the remainder of the string is the permission (possibly wild-carded, with :rw as optional suffix)
For example:
@@ -40,7 +43,9 @@ sets up:
* the `api_role` with access to all permissions in `org.estatio.api`
* the `admin_role` with access to everything.
-The permission group concept is required to scope the applicability of any veto permission. This is probably best explained by an example. Suppose that a user has both `admin_role` and `user_role`; we would want the `admin_role` to trump the vetos of the `user_role`, in other words to give the user access to everything.
+The permission group concept is required to scope the applicability of any veto permission.
+This is probably best explained by an example.
+Suppose that a user has both `admin_role` and `user_role`; we would want the `admin_role` to trump the vetos of the `user_role`, in other words to give the user access to everything.
Because of the permission groups, the two "+++!reg/...+""" vetos in user_role only veto out selected permissions granted by the "+++reg/*+++" permissions, but they do not veto the permissions granted by a different scope, namely "+++adm/*+++".
diff --git a/core/security/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations/ini-realm.adoc b/core/security/shiro/_adoc/modules/ROOT/pages/ini-realm.adoc
similarity index 96%
rename from core/security/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations/ini-realm.adoc
rename to core/security/shiro/_adoc/modules/ROOT/pages/ini-realm.adoc
index 1140470..6190188 100644
--- a/core/security/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations/ini-realm.adoc
+++ b/core/security/shiro/_adoc/modules/ROOT/pages/ini-realm.adoc
@@ -5,6 +5,8 @@ include::_attributes.adoc[]
:page-partial:
+The Shiro concept of a `Realm` allows different implementations of both the authentication and authorisation mechanism to be plugged in.
+
Probably the simplest realm to use is Shiro's built-in `IniRealm`, which reads from the (same) `WEB-INF/shiro.ini` file.
This is suitable for prototyping, but isn't intended for production use, if only because user/password credentials are stored in plain text.
@@ -109,7 +111,7 @@ com.mycompany.myapp # ditto
[TIP]
====
-The format of the permissions string is configurable in Shiro, and Apache Isis uses this to provide an extended wildcard format, described xref:security:ROOT:shiro-isis-enhanced-wildcard-permission.adoc[here].
+The format of the permissions string is configurable in Shiro, and Apache Isis uses this to provide an extended wildcard format, described xref:security:ROOT:enhanced-wildcard-permission.adoc[here].
====
diff --git a/core/security/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations/isisaddons-security-module-realm.adoc b/core/security/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations/isisaddons-security-module-realm.adoc
deleted file mode 100644
index d33be37..0000000
--- a/core/security/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations/isisaddons-security-module-realm.adoc
+++ /dev/null
@@ -1,36 +0,0 @@
-[[isisaddons-security-module-realm]]
-= Security Module Realm
-:Notice: Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at. http://www.apache.org/licenses/LICENSE-2.0 . Unless required by applicable law or ag [...]
-include::_attributes.adoc[]
-:page-partial:
-
-
-The (non-ASF) link:https://platform.incode.org[Incode Platform^]'s security module provides a complete security subdomain for users, roles, permissions; all are persisted as domain entities.
-
-What that means, of course, that they can also be administered through your Apache Isis application.
-Moreover, the set of permissions (to features) is derived completely from your application's metamodel; in essence the permissions are "type-safe".
-
-
-In order to play along, the module includes a Shiro realm, which fits in as follows:
-
-The general configuration is as follows:
-
-image::security/security-apis-impl/configure-shiro-to-use-isisaddons-security-module-realm.PNG[width="600px",link="{imagesdir}/security/security-apis-impl/configure-shiro-to-use-isisaddons-security-module-realm.PNG"]
-
-where the `IsisModuleSecurityRealm` realm is the implementation provided by the module.
-
-In the configuration above user passwords are stored in the database. The module uses link:http://www.mindrot.org/projects/jBCrypt/[jBCrypt] so that passwords are only stored in a (one-way) encrypted form in the database.
-
-
-
-The security module also supports a slightly more sophisticated configuration. Most organizations use LDAP for user credentials, and maintaining two separate user accounts would be less than ideal. The `IsisModuleSecurityRealm` can therefore be configured with a subsidiary "delegate" realm that is responsible for performing the primary authentication of the user; if that passes then a user is created (as a domain entity) automatically.
-In most cases this delegate realm will be the LDAP realm, and so the architecture becomes:
-
-image::security/security-apis-impl/configure-shiro-to-use-isisaddons-security-module-realm-with-delegate-realm.PNG[width="600px",link="{imagesdir}/security/security-apis-impl/configure-shiro-to-use-isisaddons-security-module-realm-with-delegate-realm.PNG"]
-
-
-The security module has many more features than are described here, all of which are described in the module's README.
-The README also explains in detail how to configure an existing app to use this module.
-
-You can also look at the Isisaddons https://github.com/isisaddons/isis-app-todoapp[todoapp example] (not ASF), which is preconfigured to use the security module.
-
diff --git a/core/security/shiro/_adoc/modules/realm-jdbc/_attributes.adoc b/core/security/shiro/_adoc/modules/realm-jdbc/_attributes.adoc
new file mode 100644
index 0000000..787e5c4
--- /dev/null
+++ b/core/security/shiro/_adoc/modules/realm-jdbc/_attributes.adoc
@@ -0,0 +1,6 @@
+ifndef::env-site,env-github[]
+:attachmentsdir: {moduledir}/assets/attachments
+:examplesdir: {moduledir}/examples
+:imagesdir: {moduledir}/assets/images
+:partialsdir: {moduledir}/pages/_partials
+endif::[]
diff --git a/core/security/api/_adoc/modules/ROOT/assets/attachments/.gitkeep b/core/security/shiro/_adoc/modules/realm-jdbc/assets/attachments/.gitkeep
similarity index 100%
copy from core/security/api/_adoc/modules/ROOT/assets/attachments/.gitkeep
copy to core/security/shiro/_adoc/modules/realm-jdbc/assets/attachments/.gitkeep
diff --git a/core/security/shiro/_adoc/modules/realm-jdbc/assets/images/configure-shiro-to-use-custom-jdbc-realm.png b/core/security/shiro/_adoc/modules/realm-jdbc/assets/images/configure-shiro-to-use-custom-jdbc-realm.png
new file mode 100644
index 0000000..d64751a
Binary files /dev/null and b/core/security/shiro/_adoc/modules/realm-jdbc/assets/images/configure-shiro-to-use-custom-jdbc-realm.png differ
diff --git a/core/security/api/_adoc/modules/ROOT/assets/attachments/.gitkeep b/core/security/shiro/_adoc/modules/realm-jdbc/examples/.gitkeep
similarity index 100%
copy from core/security/api/_adoc/modules/ROOT/assets/attachments/.gitkeep
copy to core/security/shiro/_adoc/modules/realm-jdbc/examples/.gitkeep
diff --git a/core/security/shiro/_adoc/modules/realm-jdbc/nav.adoc b/core/security/shiro/_adoc/modules/realm-jdbc/nav.adoc
new file mode 100644
index 0000000..47365c7
--- /dev/null
+++ b/core/security/shiro/_adoc/modules/realm-jdbc/nav.adoc
@@ -0,0 +1 @@
+include::security:ROOT:partial$nav.adoc[]
\ No newline at end of file
diff --git a/core/security/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations/_attributes.adoc b/core/security/shiro/_adoc/modules/realm-jdbc/pages/_attributes.adoc
similarity index 81%
copy from core/security/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations/_attributes.adoc
copy to core/security/shiro/_adoc/modules/realm-jdbc/pages/_attributes.adoc
index d011536..e8ada7c 100644
--- a/core/security/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations/_attributes.adoc
+++ b/core/security/shiro/_adoc/modules/realm-jdbc/pages/_attributes.adoc
@@ -1,4 +1,4 @@
ifndef::env-site,env-github[]
-:moduledir: ../..
+:moduledir: ..
include::{moduledir}/_attributes.adoc[]
endif::[]
diff --git a/core/security/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations/jdbc-realm.adoc b/core/security/shiro/_adoc/modules/realm-jdbc/pages/about.adoc
similarity index 91%
rename from core/security/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations/jdbc-realm.adoc
rename to core/security/shiro/_adoc/modules/realm-jdbc/pages/about.adoc
index 4f62d07..f8b6376 100644
--- a/core/security/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations/jdbc-realm.adoc
+++ b/core/security/shiro/_adoc/modules/realm-jdbc/pages/about.adoc
@@ -1,4 +1,3 @@
-[[jdbc-realm]]
= Shiro JDBC Realm
:Notice: Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at. http://www.apache.org/licenses/LICENSE-2.0 . Unless required by applicable law or ag [...]
include::_attributes.adoc[]
@@ -9,12 +8,12 @@ There is nothing to stop you from using some other `Realm` implementation (or in
[WARNING]
====
-If you are happy to use a database then we strongly recommend you use the (non-ASF) link:https://platform.incode.org[Incode Platform^]'s security module instead of a vanilla JDBC; it is far more sophisticated and moreover gives you the ability to administer the system from within your Apache Isis application.
+If you are happy to use a database then we strongly recommend you use the xref:ext-secman:ROOT:about.adoc[SecMan extension] instead of a vanilla JDBC; it is far more sophisticated and moreover gives you the ability to administer the system from within your Apache Isis application.
====
If you go down this route, then the architecture is as follows:
-image::security/security-apis-impl/configure-shiro-to-use-custom-jdbc-realm.png[width="600px",link="{imagesdir}/security/security-apis-impl/configure-shiro-to-use-custom-jdbc-realm.png"]
+image::configure-shiro-to-use-custom-jdbc-realm.png[width="600px",link="{imagesdir}/configure-shiro-to-use-custom-jdbc-realm.png"]
diff --git a/extensions/secman/_adoc/modules/ROOT/pages/_partials/_attributes.adoc b/core/security/shiro/_adoc/modules/realm-jdbc/partials/_attributes.adoc
similarity index 100%
rename from extensions/secman/_adoc/modules/ROOT/pages/_partials/_attributes.adoc
rename to core/security/shiro/_adoc/modules/realm-jdbc/partials/_attributes.adoc
diff --git a/core/security/shiro/_adoc/modules/realm-ldap/_attributes.adoc b/core/security/shiro/_adoc/modules/realm-ldap/_attributes.adoc
new file mode 100644
index 0000000..787e5c4
--- /dev/null
+++ b/core/security/shiro/_adoc/modules/realm-ldap/_attributes.adoc
@@ -0,0 +1,6 @@
+ifndef::env-site,env-github[]
+:attachmentsdir: {moduledir}/assets/attachments
+:examplesdir: {moduledir}/examples
+:imagesdir: {moduledir}/assets/images
+:partialsdir: {moduledir}/pages/_partials
+endif::[]
diff --git a/core/security/api/_adoc/modules/ROOT/assets/attachments/.gitkeep b/core/security/shiro/_adoc/modules/realm-ldap/assets/attachments/.gitkeep
similarity index 100%
copy from core/security/api/_adoc/modules/ROOT/assets/attachments/.gitkeep
copy to core/security/shiro/_adoc/modules/realm-ldap/assets/attachments/.gitkeep
diff --git a/core/security/shiro/_adoc/modules/realm-ldap/assets/images/activeds-ldap-groups.png b/core/security/shiro/_adoc/modules/realm-ldap/assets/images/activeds-ldap-groups.png
new file mode 100644
index 0000000..0496a84
Binary files /dev/null and b/core/security/shiro/_adoc/modules/realm-ldap/assets/images/activeds-ldap-groups.png differ
diff --git a/core/security/shiro/_adoc/modules/realm-ldap/assets/images/activeds-ldap-mojo-partition.png b/core/security/shiro/_adoc/modules/realm-ldap/assets/images/activeds-ldap-mojo-partition.png
new file mode 100644
index 0000000..42d7480
Binary files /dev/null and b/core/security/shiro/_adoc/modules/realm-ldap/assets/images/activeds-ldap-mojo-partition.png differ
diff --git a/core/security/shiro/_adoc/modules/realm-ldap/assets/images/activeds-ldap-mojo-root-dse.png b/core/security/shiro/_adoc/modules/realm-ldap/assets/images/activeds-ldap-mojo-root-dse.png
new file mode 100644
index 0000000..9c4c480
Binary files /dev/null and b/core/security/shiro/_adoc/modules/realm-ldap/assets/images/activeds-ldap-mojo-root-dse.png differ
diff --git a/core/security/shiro/_adoc/modules/realm-ldap/assets/images/activeds-ldap-sasl-authentication.png b/core/security/shiro/_adoc/modules/realm-ldap/assets/images/activeds-ldap-sasl-authentication.png
new file mode 100644
index 0000000..91d1a61
Binary files /dev/null and b/core/security/shiro/_adoc/modules/realm-ldap/assets/images/activeds-ldap-sasl-authentication.png differ
diff --git a/core/security/shiro/_adoc/modules/realm-ldap/assets/images/activeds-ldap-users.png b/core/security/shiro/_adoc/modules/realm-ldap/assets/images/activeds-ldap-users.png
new file mode 100644
index 0000000..7ff133c
Binary files /dev/null and b/core/security/shiro/_adoc/modules/realm-ldap/assets/images/activeds-ldap-users.png differ
diff --git a/core/security/shiro/_adoc/modules/realm-ldap/assets/images/configure-shiro-to-use-isis-ldap-realm.PNG b/core/security/shiro/_adoc/modules/realm-ldap/assets/images/configure-shiro-to-use-isis-ldap-realm.PNG
new file mode 100644
index 0000000..2a52910
Binary files /dev/null and b/core/security/shiro/_adoc/modules/realm-ldap/assets/images/configure-shiro-to-use-isis-ldap-realm.PNG differ
diff --git a/core/security/api/_adoc/modules/ROOT/assets/attachments/.gitkeep b/core/security/shiro/_adoc/modules/realm-ldap/examples/.gitkeep
similarity index 100%
copy from core/security/api/_adoc/modules/ROOT/assets/attachments/.gitkeep
copy to core/security/shiro/_adoc/modules/realm-ldap/examples/.gitkeep
diff --git a/core/security/shiro/_adoc/modules/realm-ldap/nav.adoc b/core/security/shiro/_adoc/modules/realm-ldap/nav.adoc
new file mode 100644
index 0000000..47365c7
--- /dev/null
+++ b/core/security/shiro/_adoc/modules/realm-ldap/nav.adoc
@@ -0,0 +1 @@
+include::security:ROOT:partial$nav.adoc[]
\ No newline at end of file
diff --git a/core/security/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations/_attributes.adoc b/core/security/shiro/_adoc/modules/realm-ldap/pages/_attributes.adoc
similarity index 81%
copy from core/security/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations/_attributes.adoc
copy to core/security/shiro/_adoc/modules/realm-ldap/pages/_attributes.adoc
index d011536..e8ada7c 100644
--- a/core/security/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations/_attributes.adoc
+++ b/core/security/shiro/_adoc/modules/realm-ldap/pages/_attributes.adoc
@@ -1,4 +1,4 @@
ifndef::env-site,env-github[]
-:moduledir: ../..
+:moduledir: ..
include::{moduledir}/_attributes.adoc[]
endif::[]
diff --git a/core/security/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations/isis-ldap-realm.adoc b/core/security/shiro/_adoc/modules/realm-ldap/pages/about.adoc
similarity index 82%
rename from core/security/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations/isis-ldap-realm.adoc
rename to core/security/shiro/_adoc/modules/realm-ldap/pages/about.adoc
index 62cee92..5aecbbf 100644
--- a/core/security/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations/isis-ldap-realm.adoc
+++ b/core/security/shiro/_adoc/modules/realm-ldap/pages/about.adoc
@@ -1,13 +1,12 @@
-[[isis-ldap-realm]]
-= Isis Ldap Realm
+= Ldap Realm
:Notice: Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at. http://www.apache.org/licenses/LICENSE-2.0 . Unless required by applicable law or ag [...]
include::_attributes.adoc[]
:page-partial:
-Isis ships with an implementation of http://shiro.apache.org[Apache Shiro]'s `Realm` class that allows user authentication and authorization to be performed against an LDAP server.
+Apache Isis ships with an implementation of http://shiro.apache.org[Apache Shiro]'s `Realm` class that allows user authentication and authorization to be performed against an LDAP server.
-image::security/security-apis-impl/configure-shiro-to-use-isis-ldap-realm.PNG[width="600px",link="{imagesdir}/security/security-apis-impl/configure-shiro-to-use-isis-ldap-realm.PNG"]
+image::configure-shiro-to-use-isis-ldap-realm.PNG[width="600px",link="{imagesdir}/configure-shiro-to-use-isis-ldap-realm.PNG"]
The LDAP database stores the user/passwords and user groups, while the `shiro.ini` file is used to map the LDAP groups to roles, and to map the roles to permissions.
@@ -125,22 +124,22 @@ The setup here was initially based on http://krams915.blogspot.co.uk/2011/01/lda
To start, create a partition in order to hold the mojo node (holding the groups):
-image::configuration/configuring-shiro/ldap/activeds-ldap-mojo-partition.png[link="{imagesdir}/configuration/configuring-shiro/ldap/activeds-ldap-mojo-partition.png"]
+image::activeds-ldap-mojo-partition.png[link="{imagesdir}/activeds-ldap-mojo-partition.png"]
Create the `ou=groups,o=mojo` hierarchy:
-image::configuration/configuring-shiro/ldap/activeds-ldap-mojo-root-dse.png[link="{imagesdir}/configuration/configuring-shiro/ldap/activeds-ldap-mojo-root-dse.png"]
+image::activeds-ldap-mojo-root-dse.png[link="{imagesdir}/activeds-ldap-mojo-root-dse.png"]
Configure SASL authentication. This means that the checking of user/password is done implicitly by virtue of Apache Isis connecting to LDAP using these credentials:
-image::configuration/configuring-shiro/ldap/activeds-ldap-sasl-authentication.png[link="{imagesdir}/configuration/configuring-shiro/ldap/activeds-ldap-sas"]
+image::activeds-ldap-sasl-authentication.png[link="{imagesdir}/activeds-ldap-sas"]
In order for SASL to work, it seems to be necessary to put users under `o=system`. (This is why the setup is slightly different than the tutorial mentioned above):
-image::configuration/configuring-shiro/ldap/activeds-ldap-users.png[link="{imagesdir}/configuration/configuring-shiro/ldap/activeds-ldap-users.png"]
+image::activeds-ldap-users.png[link="{imagesdir}/activeds-ldap-users.png"]
Configure the users into the groups:
-image::configuration/configuring-shiro/ldap/activeds-ldap-groups.png[link="{imagesdir}/configuration/configuring-shiro/ldap/activeds-ldap-groups.png"]
+image::activeds-ldap-groups.png[link="{imagesdir}/activeds-ldap-groups.png"]
diff --git a/core/security/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations/_attributes.adoc b/core/security/shiro/_adoc/modules/realm-ldap/partials/_attributes.adoc
similarity index 100%
copy from core/security/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations/_attributes.adoc
copy to core/security/shiro/_adoc/modules/realm-ldap/partials/_attributes.adoc
diff --git a/core/viewer-restfulobjects/_adoc/antora.yml b/core/viewer-restfulobjects/_adoc/antora.yml
index 62fff18..555a652 100644
--- a/core/viewer-restfulobjects/_adoc/antora.yml
+++ b/core/viewer-restfulobjects/_adoc/antora.yml
@@ -4,3 +4,4 @@ version: master
start_page: ROOT:about.adoc
nav:
- modules/ROOT/nav.adoc
+- modules/security/nav.adoc
\ No newline at end of file
diff --git a/core/viewer-restfulobjects/_adoc/modules/security/_attributes.adoc b/core/viewer-restfulobjects/_adoc/modules/security/_attributes.adoc
new file mode 100644
index 0000000..787e5c4
--- /dev/null
+++ b/core/viewer-restfulobjects/_adoc/modules/security/_attributes.adoc
@@ -0,0 +1,6 @@
+ifndef::env-site,env-github[]
+:attachmentsdir: {moduledir}/assets/attachments
+:examplesdir: {moduledir}/examples
+:imagesdir: {moduledir}/assets/images
+:partialsdir: {moduledir}/pages/_partials
+endif::[]
diff --git a/core/security/api/_adoc/modules/ROOT/assets/attachments/.gitkeep b/core/viewer-restfulobjects/_adoc/modules/security/assets/attachments/.gitkeep
similarity index 100%
copy from core/security/api/_adoc/modules/ROOT/assets/attachments/.gitkeep
copy to core/viewer-restfulobjects/_adoc/modules/security/assets/attachments/.gitkeep
diff --git a/core/security/api/_adoc/modules/ROOT/assets/attachments/.gitkeep b/core/viewer-restfulobjects/_adoc/modules/security/assets/images/.gitkeep
similarity index 100%
copy from core/security/api/_adoc/modules/ROOT/assets/attachments/.gitkeep
copy to core/viewer-restfulobjects/_adoc/modules/security/assets/images/.gitkeep
diff --git a/core/security/api/_adoc/modules/ROOT/assets/attachments/.gitkeep b/core/viewer-restfulobjects/_adoc/modules/security/examples/.gitkeep
similarity index 100%
copy from core/security/api/_adoc/modules/ROOT/assets/attachments/.gitkeep
copy to core/viewer-restfulobjects/_adoc/modules/security/examples/.gitkeep
diff --git a/core/viewer-restfulobjects/_adoc/modules/security/nav.adoc b/core/viewer-restfulobjects/_adoc/modules/security/nav.adoc
new file mode 100644
index 0000000..1fa1d28
--- /dev/null
+++ b/core/viewer-restfulobjects/_adoc/modules/security/nav.adoc
@@ -0,0 +1 @@
+* xref:about.adoc[Security]
\ No newline at end of file
diff --git a/core/security/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations/_attributes.adoc b/core/viewer-restfulobjects/_adoc/modules/security/pages/_attributes.adoc
similarity index 81%
copy from core/security/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations/_attributes.adoc
copy to core/viewer-restfulobjects/_adoc/modules/security/pages/_attributes.adoc
index d011536..e8ada7c 100644
--- a/core/security/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations/_attributes.adoc
+++ b/core/viewer-restfulobjects/_adoc/modules/security/pages/_attributes.adoc
@@ -1,4 +1,4 @@
ifndef::env-site,env-github[]
-:moduledir: ../..
+:moduledir: ..
include::{moduledir}/_attributes.adoc[]
endif::[]
diff --git a/extensions/secman/_adoc/modules/ROOT/pages/about.adoc b/core/viewer-restfulobjects/_adoc/modules/security/pages/about.adoc
similarity index 85%
copy from extensions/secman/_adoc/modules/ROOT/pages/about.adoc
copy to core/viewer-restfulobjects/_adoc/modules/security/pages/about.adoc
index a990f49..a250010 100644
--- a/extensions/secman/_adoc/modules/ROOT/pages/about.adoc
+++ b/core/viewer-restfulobjects/_adoc/modules/security/pages/about.adoc
@@ -1,6 +1,10 @@
-= Security Manager
+= Security
:Notice: Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at. http://www.apache.org/licenses/LICENSE-2.0 . Unless required by applicable law or ag [...]
include::_attributes.adoc[]
-TODO: v2: placeholder for documentation about the extensions/secman.
+include::vro:security:partial$web-xml.adoc[]
+
+== User-registration
+
+include::vro:security:partial$user-registration.adoc[]
diff --git a/core/security/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations/_attributes.adoc b/core/viewer-restfulobjects/_adoc/modules/security/partials/_attributes.adoc
similarity index 81%
copy from core/security/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations/_attributes.adoc
copy to core/viewer-restfulobjects/_adoc/modules/security/partials/_attributes.adoc
index d011536..e8ada7c 100644
--- a/core/security/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations/_attributes.adoc
+++ b/core/viewer-restfulobjects/_adoc/modules/security/partials/_attributes.adoc
@@ -1,4 +1,4 @@
ifndef::env-site,env-github[]
-:moduledir: ../..
+:moduledir: ..
include::{moduledir}/_attributes.adoc[]
endif::[]
diff --git a/core/security/api/_adoc/modules/ROOT/pages/usage-by-isis-viewers.adoc b/core/viewer-restfulobjects/_adoc/modules/security/partials/user-registration.adoc
similarity index 68%
copy from core/security/api/_adoc/modules/ROOT/pages/usage-by-isis-viewers.adoc
copy to core/viewer-restfulobjects/_adoc/modules/security/partials/user-registration.adoc
index ed53ad1..27acdb1 100644
--- a/core/security/api/_adoc/modules/ROOT/pages/usage-by-isis-viewers.adoc
+++ b/core/viewer-restfulobjects/_adoc/modules/security/partials/user-registration.adoc
@@ -1,71 +1,9 @@
-[[usage-by-isis-viewers]]
-= Usage by Apache Isis' Viewers
:Notice: Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at. http://www.apache.org/licenses/LICENSE-2.0 . Unless required by applicable law or ag [...]
include::_attributes.adoc[]
:page-partial:
-By and large the security mechanisms within Isis are transparent to the rest of the framework (the xref:vw:ROOT:about.adoc[Wicket Viewer] and xref:vro:ROOT:about.adoc[Restful Objects viewer], and the overall xref:rg:cfg:about[core runtime]).
-
-That said, it is the responsibility of the viewers to ensure that for each request there is a valid user session present. The sections below explain how this works.
-
-
-
-
-== Wicket Viewer
-
-The xref:vw:ROOT:about.adoc[Wicket viewer] defines a relatively small number of pages (by which we mean subclasses of `org.apache.wicket.markup.html.WebPage`):
-
-* about page
-* entity page
-* error page
-* home page
-* standalone collection page
-* value page
-* void return page
-
-All of these (except about page) are annotated with the Wicket annotation:
-
-[source,java]
-----
-@AuthorizeInstantiation("org.apache.isis.viewer.wicket.roles.USER")
-----
-
-which means that they can only be accessed by a user with an authenticated session that has this special, reserved role. If not, Wicket will automatically redirect the user to the sign-in page.
-
-[TIP]
-====
-The sign-in page to render is pluggable; see xref:vw:ROOT:extending/custom-pages.adoc[extensions chapter] for details.
-====
-
-In the sign-in page the viewer calls to the Isis Authenticator API, and obtains back a user/role. It also adds in its special reserved role (per the annotation above) and then continues on to whichever page the user was attempting to access (usually the home page).
-
-And that's really all there is to it. When the viewer renders a domain object it queries the Apache Isis metamodel, and suppresses from the view any object members (properties, actions etc) that are invisible. These may be invisible because the user has no (read ) permission, or they may be invisible because of domain object logic (eg a `hideXxx()` method). The viewer neither knows nor cares.
-
-Similarly, for those object members that _are_ visible, the viewer also checks if they are enabled or disabled. Again, an object member will be disabled if the user does not have (write) permission, or it could be disabled because of domain object logic (eg a `disableXxx()` method).
-
-
-=== User-registration
-
-As well as providing a sign-in screen, the Wicket viewer also provides the ability for users to self-register.
-By and large this operates outside of Apache Isis' security mechanisms; indeed the various pages (sign-up, sign-up verification, password reset) are all rendered _without_ there being any current user session.
-These pages all "reach inside" Apache Isis framework using a mechanism similar to xref:ug:btb:headless-access.adoc[Headless access] in order to actually do their stuff.
-
-[TIP]
-====
-The sign-in verification page to render is pluggable; see xref:vw:ROOT:extending/custom-pages.adoc[extensions chapter] for details.
-====
-
-User registration is only available if the xref:rg:svc:persistence-layer-spi/UserRegistrationService.adoc[`UserRegistrationService`] is configured; this is used by the framework to actually create new instances of the user as accessed by the corresponding (Shiro) realm.
-
-Because Shiro realms are pluggable, the Apache Isis framework does not provide default implementations of this service. However, if you are using the (non-ASF) link:https://platform.incode.org[Incode Platform^]'s security module, then this module _does_ provide an implementation (that, as you might expect, creates new "user" domain entities).
-
-If you are using an LDAP realm and want to enable user-self registration then you'll need to write your own implementation of this service.
-
-
-
-== Restful Objects Viewer
Unlike the Wicket viewer, the xref:vro:ROOT:about.adoc[Restful Objects viewer] does *not* provide any sort of login page; rather it provides a pluggable authentication strategy, delegated to by the `IsisSessionFilter` filter (set up by the framework's web bootstrapping).
The authentication strategy is responsible for ensuring that a session is available for the REST resource.
@@ -155,7 +93,7 @@ The above `web.xml` fragments do _not_ constitute the full configuration for the
-=== User-registration
+
Isis currently does not have any out-of-the-box support for user-registration for applications using only the Restful viewer. However, in principal the pieces do exist to put together a solution.
diff --git a/core/viewer-restfulobjects/_adoc/modules/security/partials/web-xml.adoc b/core/viewer-restfulobjects/_adoc/modules/security/partials/web-xml.adoc
new file mode 100644
index 0000000..1bd769d
--- /dev/null
+++ b/core/viewer-restfulobjects/_adoc/modules/security/partials/web-xml.adoc
@@ -0,0 +1,95 @@
+:Notice: Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at. http://www.apache.org/licenses/LICENSE-2.0 . Unless required by applicable law or ag [...]
+include::_attributes.adoc[]
+:page-partial:
+
+
+
+
+Unlike the Wicket viewer, the xref:vro:ROOT:about.adoc[Restful Objects viewer] does *not* provide any sort of login page; rather it provides a pluggable authentication strategy, delegated to by the `IsisSessionFilter` filter (set up by the framework's web bootstrapping).
+The authentication strategy is responsible for ensuring that a session is available for the REST resource.
+
+The API of `AuthenticationSessionStrategy` is simply:
+
+[source,java]
+----
+package org.apache.isis.core.webapp.auth;
+...
+public interface AuthenticationSessionStrategy {
+ AuthenticationSession lookupValid( // <1>
+ ServletRequest servletRequest,
+ ServletResponse servletResponse);
+ void bind( // <2>
+ ServletRequest servletRequest,
+ ServletResponse servletResponse,
+ AuthenticationSession authSession);
+}
+
+----
+<1> returns a valid `AuthenticationSession` for the specified request, response
+<2> binds (associates the provided `AuthenticationSession`) to the request and response
+
+Here `AuthenticationSession` is Apache Isis' internal API that represents a signed-on user.
+
+The framework provides a number of simple strategies:
+
+* `AuthenticationSessionStrategyBasicAuth` implements the HTTP basic auth protocol (the pop-up dialog box shown by the web browser)
+* `AuthenticationSessionStrategyHeader` that simply reads the user identity from an HTTP header
+* `AuthenticationSessionStrategyTrusted` that always logs in with a special "exploration" user
+
+As you can see, none of these should be considered production-quality.
+
+The strategy is configured in `web.xml`; for example:
+
+// TODO: v2: this has changed, I think, because we now use `WebModule_Xxx` instead of `web.xml`, ie set this stuff up programmatically.
+
+[source,xml]
+----
+<filter>
+ <filter-name>IsisSessionFilterForRestfulObjects</filter-name>
+ <filter-class>org.apache.isis.core.webapp.IsisSessionFilter</filter-class>
+ <init-param>
+ <param-name>authenticationSessionStrategy</param-name>
+ <param-value> <!--1-->
+ org.apache.isis.viewer.restfulobjects.server.authentication.AuthenticationSessionStrategyBasicAuth
+ </param-value>
+ </init-param>
+ <init-param>
+ <param-name>whenNoSession</param-name>
+ <param-value>auto</param-value> <!--2-->
+ </init-param>
+ <init-param>
+ <param-name>passThru</param-name>
+ <param-value>/restful/swagger</param-value> <!--3-->
+ </init-param>
+</filter>
+----
+<1> configure basic auth strategy
+<2> what to do if no session was found; we use `auto` so as to issue a 401 status code with basic authentication challenge if the request originated from a web browser. (Prior to `1.11.0` this parameter was set either to `basicAuthChallenge` (which works when requested from web browser) or to `unauthorized` (which works when requested from a suitably coded custom Javascript app).
+<3> which paths are allowed to be accessed directly, without a session. The `/restful/swagger` path provides access to the SwaggerResource that dynamically generates swagger schema definition files from the Apache Isis metamodel.
+
+
+
+The above filter must then be chained before the servlet that actually handles the REST requests:
+
+// TODO: v2: this has changed, I think, because we now use `WebModule_Xxx` instead of `web.xml`, ie set this stuff up programmatically.
+
+[source,xml]
+----
+<filter-mapping>
+ <filter-name>IsisSessionFilterForRestfulObjects</filter-name>
+ <servlet-name>RestfulObjectsRestEasyDispatcher</servlet-name>
+</filter-mapping>
+...
+<servlet>
+ <servlet-name>RestfulObjectsRestEasyDispatcher</servlet-name>
+ <servlet-class>org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher</servlet-class>
+</servlet>
+----
+
+[NOTE]
+====
+The above `web.xml` fragments do _not_ constitute the full configuration for the Restful Objects viewer, just those parts that pertain to security.
+====
+
+
+
diff --git a/core/viewer-wicket/_adoc/antora.yml b/core/viewer-wicket/_adoc/antora.yml
index afe732b..90bb5e7 100644
--- a/core/viewer-wicket/_adoc/antora.yml
+++ b/core/viewer-wicket/_adoc/antora.yml
@@ -4,3 +4,4 @@ version: master
start_page: ROOT:about.adoc
nav:
- modules/ROOT/nav.adoc
+- modules/security/nav.adoc
diff --git a/core/viewer-wicket/_adoc/modules/ROOT/pages/features/user-registration.adoc b/core/viewer-wicket/_adoc/modules/ROOT/pages/features/user-registration.adoc
index 5ed31f0..459fc0c 100644
--- a/core/viewer-wicket/_adoc/modules/ROOT/pages/features/user-registration.adoc
+++ b/core/viewer-wicket/_adoc/modules/ROOT/pages/features/user-registration.adoc
@@ -22,7 +22,6 @@ To support this the framework requires three services to be registered and confi
The Apache Isis core framework provides a default implementation of both the email notification service and the email service.
The xref:ext-secman:ROOT:about.adoc[Security Manager] extension provides a partial implementation of xref:rg:svc:persistence-layer-spi/UserRegistrationService.adoc[user registration service] that you can complete for your own applications.
-// TODO: v2: search for references of 'security module' because this is now available as the 'secman' extension, and reference the extensions doc component.
@@ -66,7 +65,7 @@ image::user-registration/sign-up-after-registration.png[width="800px",link="{ima
There are two prerequisites:
-* register an implementation of the xref:rg:svc:persistence-layer-spi/UserRegistrationService.adoc[user registration service] (eg by using the (non-ASF) link:https://platform.incode.org[Incode Platform^]'s security module)
+* register an implementation of the xref:rg:svc:persistence-layer-spi/UserRegistrationService.adoc[user registration service] (eg by using the xref:ext-secman:ROOT:about.adoc[SecMan extension])
* configure the xref:rg:svc:integration-api/EmailService.adoc[email service]
diff --git a/core/viewer-wicket/_adoc/modules/security/_attributes.adoc b/core/viewer-wicket/_adoc/modules/security/_attributes.adoc
new file mode 100644
index 0000000..787e5c4
--- /dev/null
+++ b/core/viewer-wicket/_adoc/modules/security/_attributes.adoc
@@ -0,0 +1,6 @@
+ifndef::env-site,env-github[]
+:attachmentsdir: {moduledir}/assets/attachments
+:examplesdir: {moduledir}/examples
+:imagesdir: {moduledir}/assets/images
+:partialsdir: {moduledir}/pages/_partials
+endif::[]
diff --git a/core/security/api/_adoc/modules/ROOT/assets/attachments/.gitkeep b/core/viewer-wicket/_adoc/modules/security/assets/attachments/.gitkeep
similarity index 100%
copy from core/security/api/_adoc/modules/ROOT/assets/attachments/.gitkeep
copy to core/viewer-wicket/_adoc/modules/security/assets/attachments/.gitkeep
diff --git a/core/security/api/_adoc/modules/ROOT/assets/attachments/.gitkeep b/core/viewer-wicket/_adoc/modules/security/assets/images/.gitkeep
similarity index 100%
copy from core/security/api/_adoc/modules/ROOT/assets/attachments/.gitkeep
copy to core/viewer-wicket/_adoc/modules/security/assets/images/.gitkeep
diff --git a/core/security/api/_adoc/modules/ROOT/assets/attachments/.gitkeep b/core/viewer-wicket/_adoc/modules/security/examples/.gitkeep
similarity index 100%
copy from core/security/api/_adoc/modules/ROOT/assets/attachments/.gitkeep
copy to core/viewer-wicket/_adoc/modules/security/examples/.gitkeep
diff --git a/core/viewer-wicket/_adoc/modules/security/nav.adoc b/core/viewer-wicket/_adoc/modules/security/nav.adoc
new file mode 100644
index 0000000..1fa1d28
--- /dev/null
+++ b/core/viewer-wicket/_adoc/modules/security/nav.adoc
@@ -0,0 +1 @@
+* xref:about.adoc[Security]
\ No newline at end of file
diff --git a/core/security/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations/_attributes.adoc b/core/viewer-wicket/_adoc/modules/security/pages/_attributes.adoc
similarity index 81%
copy from core/security/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations/_attributes.adoc
copy to core/viewer-wicket/_adoc/modules/security/pages/_attributes.adoc
index d011536..e8ada7c 100644
--- a/core/security/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations/_attributes.adoc
+++ b/core/viewer-wicket/_adoc/modules/security/pages/_attributes.adoc
@@ -1,4 +1,4 @@
ifndef::env-site,env-github[]
-:moduledir: ../..
+:moduledir: ..
include::{moduledir}/_attributes.adoc[]
endif::[]
diff --git a/extensions/secman/_adoc/modules/ROOT/pages/about.adoc b/core/viewer-wicket/_adoc/modules/security/pages/about.adoc
similarity index 85%
copy from extensions/secman/_adoc/modules/ROOT/pages/about.adoc
copy to core/viewer-wicket/_adoc/modules/security/pages/about.adoc
index a990f49..5a9c154 100644
--- a/extensions/secman/_adoc/modules/ROOT/pages/about.adoc
+++ b/core/viewer-wicket/_adoc/modules/security/pages/about.adoc
@@ -1,6 +1,10 @@
-= Security Manager
+= Security
:Notice: Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at. http://www.apache.org/licenses/LICENSE-2.0 . Unless required by applicable law or ag [...]
include::_attributes.adoc[]
-TODO: v2: placeholder for documentation about the extensions/secman.
+include::vw:security:partial$pages.adoc[]
+
+== User-registration
+
+include::vw:security:partial$user-registration.adoc[]
diff --git a/core/security/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations/_attributes.adoc b/core/viewer-wicket/_adoc/modules/security/partials/_attributes.adoc
similarity index 81%
copy from core/security/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations/_attributes.adoc
copy to core/viewer-wicket/_adoc/modules/security/partials/_attributes.adoc
index d011536..e8ada7c 100644
--- a/core/security/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations/_attributes.adoc
+++ b/core/viewer-wicket/_adoc/modules/security/partials/_attributes.adoc
@@ -1,4 +1,4 @@
ifndef::env-site,env-github[]
-:moduledir: ../..
+:moduledir: ..
include::{moduledir}/_attributes.adoc[]
endif::[]
diff --git a/core/viewer-wicket/_adoc/modules/security/partials/pages.adoc b/core/viewer-wicket/_adoc/modules/security/partials/pages.adoc
new file mode 100644
index 0000000..26ef133
--- /dev/null
+++ b/core/viewer-wicket/_adoc/modules/security/partials/pages.adoc
@@ -0,0 +1,43 @@
+:Notice: Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at. http://www.apache.org/licenses/LICENSE-2.0 . Unless required by applicable law or ag [...]
+include::_attributes.adoc[]
+:page-partial:
+
+
+
+The xref:vw:ROOT:about.adoc[Wicket viewer] defines a relatively small number of pages (by which we mean subclasses of `org.apache.wicket.markup.html.WebPage`):
+
+* about page
+* entity page
+* error page
+* home page
+* standalone collection page
+* value page
+* void return page
+
+All of these (except about page) are annotated with the Wicket annotation:
+
+[source,java]
+----
+@AuthorizeInstantiation("org.apache.isis.viewer.wicket.roles.USER")
+----
+
+which means that they can only be accessed by a user with an authenticated session that has this special, reserved role.
+If not, Wicket will automatically redirect the user to the sign-in page.
+
+[TIP]
+====
+The sign-in page to render is pluggable; see xref:vw:ROOT:extending/custom-pages.adoc[extensions chapter] for details.
+====
+
+In the sign-in page the viewer calls to the Isis Authenticator API, and obtains back a user/role.
+It also adds in its special reserved role (per the annotation above) and then continues on to whichever page the user was attempting to access (usually the home page).
+
+And that's really all there is to it.
+When the viewer renders a domain object it queries the Apache Isis metamodel, and suppresses from the view any object members (properties, actions etc) that are invisible.
+These may be invisible because the user has no (read ) permission, or they may be invisible because of domain object logic (eg a `hideXxx()` method).
+The viewer neither knows nor cares.
+
+Similarly, for those object members that _are_ visible, the viewer also checks if they are enabled or disabled.
+Again, an object member will be disabled if the user does not have (write) permission, or it could be disabled because of domain object logic (eg a `disableXxx()` method).
+
+
diff --git a/core/viewer-wicket/_adoc/modules/security/partials/user-registration.adoc b/core/viewer-wicket/_adoc/modules/security/partials/user-registration.adoc
new file mode 100644
index 0000000..8fabc59
--- /dev/null
+++ b/core/viewer-wicket/_adoc/modules/security/partials/user-registration.adoc
@@ -0,0 +1,25 @@
+:Notice: Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at. http://www.apache.org/licenses/LICENSE-2.0 . Unless required by applicable law or ag [...]
+include::_attributes.adoc[]
+:page-partial:
+
+
+
+
+As well as providing a sign-in screen, the Wicket viewer also provides the ability for users to self-register.
+By and large this operates outside of Apache Isis' security mechanisms; indeed the various pages (sign-up, sign-up verification, password reset) are all rendered _without_ there being any current user session.
+These pages all "reach inside" Apache Isis framework using a mechanism similar to xref:ug:btb:headless-access.adoc[Headless access] in order to actually do their stuff.
+
+[TIP]
+====
+The sign-in verification page to render is pluggable; see xref:vw:ROOT:extending/custom-pages.adoc[extensions chapter] for details.
+====
+
+User registration is only available if the xref:rg:svc:persistence-layer-spi/UserRegistrationService.adoc[`UserRegistrationService`] is configured; this is used by the framework to actually create new instances of the user as accessed by the corresponding (Shiro) realm.
+
+Because Shiro realms are pluggable, the Apache Isis framework does not provide default implementations of this service.
+However, if you are using the xref:ext-secman:ROOT:about.adoc[SecMan extension], then this module _does_ provide an implementation (that, as you might expect, creates new "user" domain entities).
+
+And, if you are using the xref:security:realm-ldap:about.adoc[LDAP realm] and want to enable user-self registration then you'll need to write your own implementation of this service.
+
+
+
diff --git a/extensions/secman/_adoc/modules/ROOT/nav.adoc b/extensions/secman/_adoc/modules/ROOT/nav.adoc
index 2815342..47365c7 100644
--- a/extensions/secman/_adoc/modules/ROOT/nav.adoc
+++ b/extensions/secman/_adoc/modules/ROOT/nav.adoc
@@ -1,2 +1 @@
-* xref:about.adoc[About]
-
+include::security:ROOT:partial$nav.adoc[]
\ No newline at end of file
diff --git a/extensions/secman/_adoc/modules/ROOT/pages/about.adoc b/extensions/secman/_adoc/modules/ROOT/pages/about.adoc
index a990f49..b99a0aa 100644
--- a/extensions/secman/_adoc/modules/ROOT/pages/about.adoc
+++ b/extensions/secman/_adoc/modules/ROOT/pages/about.adoc
@@ -2,5 +2,9 @@
:Notice: Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at. http://www.apache.org/licenses/LICENSE-2.0 . Unless required by applicable law or ag [...]
include::_attributes.adoc[]
-TODO: v2: placeholder for documentation about the extensions/secman.
+This SecMan module provides a complete security subdomain for users, roles, permissions; all are persisted as domain entities.
+What that means, of course, that they can also be administered through your Apache Isis application.
+Moreover, the set of permissions (to features) is derived completely from your application's metamodel; in essence the permissions are "type-safe".
+
+NOTE: this extension module builds upon and supercedes the link:https://github.com/isisaddons/isis-module-security[Isis Addons Security Module] (part of the non-ASF https://incode.platform.org[Incode Platform])
diff --git a/core/security/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations/_attributes.adoc b/extensions/secman/_adoc/modules/ROOT/partials/_attributes.adoc
similarity index 81%
copy from core/security/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations/_attributes.adoc
copy to extensions/secman/_adoc/modules/ROOT/partials/_attributes.adoc
index d011536..e8ada7c 100644
--- a/core/security/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations/_attributes.adoc
+++ b/extensions/secman/_adoc/modules/ROOT/partials/_attributes.adoc
@@ -1,4 +1,4 @@
ifndef::env-site,env-github[]
-:moduledir: ../..
+:moduledir: ..
include::{moduledir}/_attributes.adoc[]
endif::[]
diff --git a/extensions/secman/_adoc/modules/api/_attributes.adoc b/extensions/secman/_adoc/modules/api/_attributes.adoc
new file mode 100644
index 0000000..787e5c4
--- /dev/null
+++ b/extensions/secman/_adoc/modules/api/_attributes.adoc
@@ -0,0 +1,6 @@
+ifndef::env-site,env-github[]
+:attachmentsdir: {moduledir}/assets/attachments
+:examplesdir: {moduledir}/examples
+:imagesdir: {moduledir}/assets/images
+:partialsdir: {moduledir}/pages/_partials
+endif::[]
diff --git a/core/security/api/_adoc/modules/ROOT/assets/attachments/.gitkeep b/extensions/secman/_adoc/modules/api/assets/attachments/.gitkeep
similarity index 100%
copy from core/security/api/_adoc/modules/ROOT/assets/attachments/.gitkeep
copy to extensions/secman/_adoc/modules/api/assets/attachments/.gitkeep
diff --git a/core/security/api/_adoc/modules/ROOT/assets/attachments/.gitkeep b/extensions/secman/_adoc/modules/api/assets/images/.gitkeep
similarity index 100%
copy from core/security/api/_adoc/modules/ROOT/assets/attachments/.gitkeep
copy to extensions/secman/_adoc/modules/api/assets/images/.gitkeep
diff --git a/core/security/api/_adoc/modules/ROOT/assets/attachments/.gitkeep b/extensions/secman/_adoc/modules/api/examples/.gitkeep
similarity index 100%
copy from core/security/api/_adoc/modules/ROOT/assets/attachments/.gitkeep
copy to extensions/secman/_adoc/modules/api/examples/.gitkeep
diff --git a/extensions/secman/_adoc/modules/api/nav.adoc b/extensions/secman/_adoc/modules/api/nav.adoc
new file mode 100644
index 0000000..47365c7
--- /dev/null
+++ b/extensions/secman/_adoc/modules/api/nav.adoc
@@ -0,0 +1 @@
+include::security:ROOT:partial$nav.adoc[]
\ No newline at end of file
diff --git a/core/security/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations/_attributes.adoc b/extensions/secman/_adoc/modules/api/pages/_attributes.adoc
similarity index 81%
copy from core/security/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations/_attributes.adoc
copy to extensions/secman/_adoc/modules/api/pages/_attributes.adoc
index d011536..e8ada7c 100644
--- a/core/security/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations/_attributes.adoc
+++ b/extensions/secman/_adoc/modules/api/pages/_attributes.adoc
@@ -1,4 +1,4 @@
ifndef::env-site,env-github[]
-:moduledir: ../..
+:moduledir: ..
include::{moduledir}/_attributes.adoc[]
endif::[]
diff --git a/core/security/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations.adoc b/extensions/secman/_adoc/modules/api/pages/about.adoc
similarity index 75%
rename from core/security/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations.adoc
rename to extensions/secman/_adoc/modules/api/pages/about.adoc
index 704923a..777c18b 100644
--- a/core/security/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations.adoc
+++ b/extensions/secman/_adoc/modules/api/pages/about.adoc
@@ -1,8 +1,7 @@
-[[shiro-realm-implementations]]
-= Shiro Realm Implementations
+= API
:Notice: Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at. http://www.apache.org/licenses/LICENSE-2.0 . Unless required by applicable law or ag [...]
include::_attributes.adoc[]
:page-partial:
-The Shiro concept of a `Realm` allows different implementations of both the authentication and authorisation mechanism to be plugged in.
-This chapter describes a number of these implementations.
+
+TODO: to document
\ No newline at end of file
diff --git a/core/security/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations/_attributes.adoc b/extensions/secman/_adoc/modules/api/partials/_attributes.adoc
similarity index 81%
copy from core/security/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations/_attributes.adoc
copy to extensions/secman/_adoc/modules/api/partials/_attributes.adoc
index d011536..e8ada7c 100644
--- a/core/security/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations/_attributes.adoc
+++ b/extensions/secman/_adoc/modules/api/partials/_attributes.adoc
@@ -1,4 +1,4 @@
ifndef::env-site,env-github[]
-:moduledir: ../..
+:moduledir: ..
include::{moduledir}/_attributes.adoc[]
endif::[]
diff --git a/extensions/secman/_adoc/modules/encryption-jbcrypt/_attributes.adoc b/extensions/secman/_adoc/modules/encryption-jbcrypt/_attributes.adoc
new file mode 100644
index 0000000..787e5c4
--- /dev/null
+++ b/extensions/secman/_adoc/modules/encryption-jbcrypt/_attributes.adoc
@@ -0,0 +1,6 @@
+ifndef::env-site,env-github[]
+:attachmentsdir: {moduledir}/assets/attachments
+:examplesdir: {moduledir}/examples
+:imagesdir: {moduledir}/assets/images
+:partialsdir: {moduledir}/pages/_partials
+endif::[]
diff --git a/core/security/api/_adoc/modules/ROOT/assets/attachments/.gitkeep b/extensions/secman/_adoc/modules/encryption-jbcrypt/assets/attachments/.gitkeep
similarity index 100%
copy from core/security/api/_adoc/modules/ROOT/assets/attachments/.gitkeep
copy to extensions/secman/_adoc/modules/encryption-jbcrypt/assets/attachments/.gitkeep
diff --git a/core/security/api/_adoc/modules/ROOT/assets/attachments/.gitkeep b/extensions/secman/_adoc/modules/encryption-jbcrypt/assets/images/.gitkeep
similarity index 100%
copy from core/security/api/_adoc/modules/ROOT/assets/attachments/.gitkeep
copy to extensions/secman/_adoc/modules/encryption-jbcrypt/assets/images/.gitkeep
diff --git a/core/security/api/_adoc/modules/ROOT/assets/attachments/.gitkeep b/extensions/secman/_adoc/modules/encryption-jbcrypt/examples/.gitkeep
similarity index 100%
copy from core/security/api/_adoc/modules/ROOT/assets/attachments/.gitkeep
copy to extensions/secman/_adoc/modules/encryption-jbcrypt/examples/.gitkeep
diff --git a/extensions/secman/_adoc/modules/encryption-jbcrypt/nav.adoc b/extensions/secman/_adoc/modules/encryption-jbcrypt/nav.adoc
new file mode 100644
index 0000000..47365c7
--- /dev/null
+++ b/extensions/secman/_adoc/modules/encryption-jbcrypt/nav.adoc
@@ -0,0 +1 @@
+include::security:ROOT:partial$nav.adoc[]
\ No newline at end of file
diff --git a/core/security/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations/_attributes.adoc b/extensions/secman/_adoc/modules/encryption-jbcrypt/pages/_attributes.adoc
similarity index 81%
copy from core/security/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations/_attributes.adoc
copy to extensions/secman/_adoc/modules/encryption-jbcrypt/pages/_attributes.adoc
index d011536..e8ada7c 100644
--- a/core/security/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations/_attributes.adoc
+++ b/extensions/secman/_adoc/modules/encryption-jbcrypt/pages/_attributes.adoc
@@ -1,4 +1,4 @@
ifndef::env-site,env-github[]
-:moduledir: ../..
+:moduledir: ..
include::{moduledir}/_attributes.adoc[]
endif::[]
diff --git a/extensions/secman/_adoc/modules/ROOT/pages/about.adoc b/extensions/secman/_adoc/modules/encryption-jbcrypt/pages/about.adoc
similarity index 89%
copy from extensions/secman/_adoc/modules/ROOT/pages/about.adoc
copy to extensions/secman/_adoc/modules/encryption-jbcrypt/pages/about.adoc
index a990f49..cf3d947 100644
--- a/extensions/secman/_adoc/modules/ROOT/pages/about.adoc
+++ b/extensions/secman/_adoc/modules/encryption-jbcrypt/pages/about.adoc
@@ -1,6 +1,7 @@
-= Security Manager
+= JBCrypt Encryption
:Notice: Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at. http://www.apache.org/licenses/LICENSE-2.0 . Unless required by applicable law or ag [...]
include::_attributes.adoc[]
+:page-partial:
-TODO: v2: placeholder for documentation about the extensions/secman.
+TODO: to document
\ No newline at end of file
diff --git a/core/security/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations/_attributes.adoc b/extensions/secman/_adoc/modules/encryption-jbcrypt/partials/_attributes.adoc
similarity index 81%
copy from core/security/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations/_attributes.adoc
copy to extensions/secman/_adoc/modules/encryption-jbcrypt/partials/_attributes.adoc
index d011536..e8ada7c 100644
--- a/core/security/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations/_attributes.adoc
+++ b/extensions/secman/_adoc/modules/encryption-jbcrypt/partials/_attributes.adoc
@@ -1,4 +1,4 @@
ifndef::env-site,env-github[]
-:moduledir: ../..
+:moduledir: ..
include::{moduledir}/_attributes.adoc[]
endif::[]
diff --git a/extensions/secman/_adoc/modules/model/_attributes.adoc b/extensions/secman/_adoc/modules/model/_attributes.adoc
new file mode 100644
index 0000000..787e5c4
--- /dev/null
+++ b/extensions/secman/_adoc/modules/model/_attributes.adoc
@@ -0,0 +1,6 @@
+ifndef::env-site,env-github[]
+:attachmentsdir: {moduledir}/assets/attachments
+:examplesdir: {moduledir}/examples
+:imagesdir: {moduledir}/assets/images
+:partialsdir: {moduledir}/pages/_partials
+endif::[]
diff --git a/core/security/api/_adoc/modules/ROOT/assets/attachments/.gitkeep b/extensions/secman/_adoc/modules/model/assets/attachments/.gitkeep
similarity index 100%
copy from core/security/api/_adoc/modules/ROOT/assets/attachments/.gitkeep
copy to extensions/secman/_adoc/modules/model/assets/attachments/.gitkeep
diff --git a/core/security/api/_adoc/modules/ROOT/assets/attachments/.gitkeep b/extensions/secman/_adoc/modules/model/assets/images/.gitkeep
similarity index 100%
copy from core/security/api/_adoc/modules/ROOT/assets/attachments/.gitkeep
copy to extensions/secman/_adoc/modules/model/assets/images/.gitkeep
diff --git a/core/security/api/_adoc/modules/ROOT/assets/attachments/.gitkeep b/extensions/secman/_adoc/modules/model/examples/.gitkeep
similarity index 100%
copy from core/security/api/_adoc/modules/ROOT/assets/attachments/.gitkeep
copy to extensions/secman/_adoc/modules/model/examples/.gitkeep
diff --git a/extensions/secman/_adoc/modules/model/nav.adoc b/extensions/secman/_adoc/modules/model/nav.adoc
new file mode 100644
index 0000000..47365c7
--- /dev/null
+++ b/extensions/secman/_adoc/modules/model/nav.adoc
@@ -0,0 +1 @@
+include::security:ROOT:partial$nav.adoc[]
\ No newline at end of file
diff --git a/core/security/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations/_attributes.adoc b/extensions/secman/_adoc/modules/model/pages/_attributes.adoc
similarity index 81%
copy from core/security/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations/_attributes.adoc
copy to extensions/secman/_adoc/modules/model/pages/_attributes.adoc
index d011536..e8ada7c 100644
--- a/core/security/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations/_attributes.adoc
+++ b/extensions/secman/_adoc/modules/model/pages/_attributes.adoc
@@ -1,4 +1,4 @@
ifndef::env-site,env-github[]
-:moduledir: ../..
+:moduledir: ..
include::{moduledir}/_attributes.adoc[]
endif::[]
diff --git a/extensions/secman/_adoc/modules/ROOT/pages/about.adoc b/extensions/secman/_adoc/modules/model/pages/about.adoc
similarity index 89%
copy from extensions/secman/_adoc/modules/ROOT/pages/about.adoc
copy to extensions/secman/_adoc/modules/model/pages/about.adoc
index a990f49..47ca53b 100644
--- a/extensions/secman/_adoc/modules/ROOT/pages/about.adoc
+++ b/extensions/secman/_adoc/modules/model/pages/about.adoc
@@ -1,6 +1,7 @@
-= Security Manager
+= Model
:Notice: Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at. http://www.apache.org/licenses/LICENSE-2.0 . Unless required by applicable law or ag [...]
include::_attributes.adoc[]
+:page-partial:
-TODO: v2: placeholder for documentation about the extensions/secman.
+TODO: to document
\ No newline at end of file
diff --git a/core/security/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations/_attributes.adoc b/extensions/secman/_adoc/modules/model/partials/_attributes.adoc
similarity index 81%
copy from core/security/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations/_attributes.adoc
copy to extensions/secman/_adoc/modules/model/partials/_attributes.adoc
index d011536..e8ada7c 100644
--- a/core/security/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations/_attributes.adoc
+++ b/extensions/secman/_adoc/modules/model/partials/_attributes.adoc
@@ -1,4 +1,4 @@
ifndef::env-site,env-github[]
-:moduledir: ../..
+:moduledir: ..
include::{moduledir}/_attributes.adoc[]
endif::[]
diff --git a/extensions/secman/_adoc/modules/persistence-jdo/_attributes.adoc b/extensions/secman/_adoc/modules/persistence-jdo/_attributes.adoc
new file mode 100644
index 0000000..787e5c4
--- /dev/null
+++ b/extensions/secman/_adoc/modules/persistence-jdo/_attributes.adoc
@@ -0,0 +1,6 @@
+ifndef::env-site,env-github[]
+:attachmentsdir: {moduledir}/assets/attachments
+:examplesdir: {moduledir}/examples
+:imagesdir: {moduledir}/assets/images
+:partialsdir: {moduledir}/pages/_partials
+endif::[]
diff --git a/core/security/api/_adoc/modules/ROOT/assets/attachments/.gitkeep b/extensions/secman/_adoc/modules/persistence-jdo/assets/attachments/.gitkeep
similarity index 100%
copy from core/security/api/_adoc/modules/ROOT/assets/attachments/.gitkeep
copy to extensions/secman/_adoc/modules/persistence-jdo/assets/attachments/.gitkeep
diff --git a/core/security/api/_adoc/modules/ROOT/assets/attachments/.gitkeep b/extensions/secman/_adoc/modules/persistence-jdo/assets/images/.gitkeep
similarity index 100%
copy from core/security/api/_adoc/modules/ROOT/assets/attachments/.gitkeep
copy to extensions/secman/_adoc/modules/persistence-jdo/assets/images/.gitkeep
diff --git a/core/security/api/_adoc/modules/ROOT/assets/attachments/.gitkeep b/extensions/secman/_adoc/modules/persistence-jdo/examples/.gitkeep
similarity index 100%
copy from core/security/api/_adoc/modules/ROOT/assets/attachments/.gitkeep
copy to extensions/secman/_adoc/modules/persistence-jdo/examples/.gitkeep
diff --git a/extensions/secman/_adoc/modules/persistence-jdo/nav.adoc b/extensions/secman/_adoc/modules/persistence-jdo/nav.adoc
new file mode 100644
index 0000000..47365c7
--- /dev/null
+++ b/extensions/secman/_adoc/modules/persistence-jdo/nav.adoc
@@ -0,0 +1 @@
+include::security:ROOT:partial$nav.adoc[]
\ No newline at end of file
diff --git a/core/security/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations/_attributes.adoc b/extensions/secman/_adoc/modules/persistence-jdo/pages/_attributes.adoc
similarity index 81%
copy from core/security/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations/_attributes.adoc
copy to extensions/secman/_adoc/modules/persistence-jdo/pages/_attributes.adoc
index d011536..e8ada7c 100644
--- a/core/security/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations/_attributes.adoc
+++ b/extensions/secman/_adoc/modules/persistence-jdo/pages/_attributes.adoc
@@ -1,4 +1,4 @@
ifndef::env-site,env-github[]
-:moduledir: ../..
+:moduledir: ..
include::{moduledir}/_attributes.adoc[]
endif::[]
diff --git a/extensions/secman/_adoc/modules/ROOT/pages/about.adoc b/extensions/secman/_adoc/modules/persistence-jdo/pages/about.adoc
similarity index 89%
copy from extensions/secman/_adoc/modules/ROOT/pages/about.adoc
copy to extensions/secman/_adoc/modules/persistence-jdo/pages/about.adoc
index a990f49..6ccc395 100644
--- a/extensions/secman/_adoc/modules/ROOT/pages/about.adoc
+++ b/extensions/secman/_adoc/modules/persistence-jdo/pages/about.adoc
@@ -1,6 +1,7 @@
-= Security Manager
+= JDO Persistence
:Notice: Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at. http://www.apache.org/licenses/LICENSE-2.0 . Unless required by applicable law or ag [...]
include::_attributes.adoc[]
+:page-partial:
-TODO: v2: placeholder for documentation about the extensions/secman.
+TODO: to document
\ No newline at end of file
diff --git a/core/security/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations/_attributes.adoc b/extensions/secman/_adoc/modules/persistence-jdo/partials/_attributes.adoc
similarity index 81%
copy from core/security/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations/_attributes.adoc
copy to extensions/secman/_adoc/modules/persistence-jdo/partials/_attributes.adoc
index d011536..e8ada7c 100644
--- a/core/security/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations/_attributes.adoc
+++ b/extensions/secman/_adoc/modules/persistence-jdo/partials/_attributes.adoc
@@ -1,4 +1,4 @@
ifndef::env-site,env-github[]
-:moduledir: ../..
+:moduledir: ..
include::{moduledir}/_attributes.adoc[]
endif::[]
diff --git a/extensions/secman/_adoc/modules/realm-shiro/_attributes.adoc b/extensions/secman/_adoc/modules/realm-shiro/_attributes.adoc
new file mode 100644
index 0000000..787e5c4
--- /dev/null
+++ b/extensions/secman/_adoc/modules/realm-shiro/_attributes.adoc
@@ -0,0 +1,6 @@
+ifndef::env-site,env-github[]
+:attachmentsdir: {moduledir}/assets/attachments
+:examplesdir: {moduledir}/examples
+:imagesdir: {moduledir}/assets/images
+:partialsdir: {moduledir}/pages/_partials
+endif::[]
diff --git a/core/security/api/_adoc/modules/ROOT/assets/attachments/.gitkeep b/extensions/secman/_adoc/modules/realm-shiro/assets/attachments/.gitkeep
similarity index 100%
copy from core/security/api/_adoc/modules/ROOT/assets/attachments/.gitkeep
copy to extensions/secman/_adoc/modules/realm-shiro/assets/attachments/.gitkeep
diff --git a/core/security/api/_adoc/modules/ROOT/assets/attachments/.gitkeep b/extensions/secman/_adoc/modules/realm-shiro/assets/images/.gitkeep
similarity index 100%
copy from core/security/api/_adoc/modules/ROOT/assets/attachments/.gitkeep
copy to extensions/secman/_adoc/modules/realm-shiro/assets/images/.gitkeep
diff --git a/core/security/shiro/_adoc/modules/ROOT/assets/images/security/security-apis-impl/configure-shiro-to-use-isisaddons-security-module-realm-with-delegate-realm.PNG b/extensions/secman/_adoc/modules/realm-shiro/assets/images/configure-shiro-to-use-isisaddons-security-module-realm-with-delegate-realm.PNG
similarity index 100%
rename from core/security/shiro/_adoc/modules/ROOT/assets/images/security/security-apis-impl/configure-shiro-to-use-isisaddons-security-module-realm-with-delegate-realm.PNG
rename to extensions/secman/_adoc/modules/realm-shiro/assets/images/configure-shiro-to-use-isisaddons-security-module-realm-with-delegate-realm.PNG
diff --git a/core/security/shiro/_adoc/modules/ROOT/assets/images/security/security-apis-impl/configure-shiro-to-use-isisaddons-security-module-realm.PNG b/extensions/secman/_adoc/modules/realm-shiro/assets/images/configure-shiro-to-use-isisaddons-security-module-realm.PNG
similarity index 100%
rename from core/security/shiro/_adoc/modules/ROOT/assets/images/security/security-apis-impl/configure-shiro-to-use-isisaddons-security-module-realm.PNG
rename to extensions/secman/_adoc/modules/realm-shiro/assets/images/configure-shiro-to-use-isisaddons-security-module-realm.PNG
diff --git a/core/security/api/_adoc/modules/ROOT/assets/attachments/.gitkeep b/extensions/secman/_adoc/modules/realm-shiro/examples/.gitkeep
similarity index 100%
rename from core/security/api/_adoc/modules/ROOT/assets/attachments/.gitkeep
rename to extensions/secman/_adoc/modules/realm-shiro/examples/.gitkeep
diff --git a/extensions/secman/_adoc/modules/realm-shiro/nav.adoc b/extensions/secman/_adoc/modules/realm-shiro/nav.adoc
new file mode 100644
index 0000000..47365c7
--- /dev/null
+++ b/extensions/secman/_adoc/modules/realm-shiro/nav.adoc
@@ -0,0 +1 @@
+include::security:ROOT:partial$nav.adoc[]
\ No newline at end of file
diff --git a/core/security/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations/_attributes.adoc b/extensions/secman/_adoc/modules/realm-shiro/pages/_attributes.adoc
similarity index 81%
copy from core/security/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations/_attributes.adoc
copy to extensions/secman/_adoc/modules/realm-shiro/pages/_attributes.adoc
index d011536..e8ada7c 100644
--- a/core/security/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations/_attributes.adoc
+++ b/extensions/secman/_adoc/modules/realm-shiro/pages/_attributes.adoc
@@ -1,4 +1,4 @@
ifndef::env-site,env-github[]
-:moduledir: ../..
+:moduledir: ..
include::{moduledir}/_attributes.adoc[]
endif::[]
diff --git a/extensions/secman/_adoc/modules/realm-shiro/pages/about.adoc b/extensions/secman/_adoc/modules/realm-shiro/pages/about.adoc
new file mode 100644
index 0000000..b055000
--- /dev/null
+++ b/extensions/secman/_adoc/modules/realm-shiro/pages/about.adoc
@@ -0,0 +1,31 @@
+= Shiro Realm
+:Notice: Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at. http://www.apache.org/licenses/LICENSE-2.0 . Unless required by applicable law or ag [...]
+include::_attributes.adoc[]
+:page-partial:
+
+
+The SecMan extension includes a Shiro realm, which fits in as follows:
+
+The general configuration is as follows:
+
+image::configure-shiro-to-use-isisaddons-security-module-realm.PNG[width="600px",link="{imagesdir}/configure-shiro-to-use-isisaddons-security-module-realm.PNG"]
+
+where the `IsisModuleSecurityRealm` realm is the implementation provided by the module.
+
+In the configuration above user passwords are stored in the database. The module uses link:http://www.mindrot.org/projects/jBCrypt/[jBCrypt] so that passwords are only stored in a (one-way) encrypted form in the database.
+
+
+
+The xref:ext-secman:ROOT:about.adoc[SecMan extension] also supports a slightly more sophisticated configuration.
+Most organizations use LDAP for user credentials, and maintaining two separate user accounts would be less than ideal.
+The `IsisModuleSecurityRealm` can therefore be configured with a subsidiary "delegate" realm that is responsible for performing the primary authentication of the user; if that passes then a user is created (as a domain entity) automatically.
+In most cases this delegate realm will be the LDAP realm, and so the architecture becomes:
+
+image::configure-shiro-to-use-isisaddons-security-module-realm-with-delegate-realm.PNG[width="600px",link="{imagesdir}/configure-shiro-to-use-isisaddons-security-module-realm-with-delegate-realm.PNG"]
+
+
+The xref:ext-secman:ROOT:about.adoc[SecMan extension] has many more features than are described here, all of which are described in the module's README.
+The README also explains in detail how to configure an existing app to use this module.
+
+//You can also look at the Isisaddons https://github.com/isisaddons/isis-app-todoapp[todoapp example] (not ASF), which is preconfigured to use the security module.
+
diff --git a/core/security/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations/_attributes.adoc b/extensions/secman/_adoc/modules/realm-shiro/partials/_attributes.adoc
similarity index 81%
rename from core/security/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations/_attributes.adoc
rename to extensions/secman/_adoc/modules/realm-shiro/partials/_attributes.adoc
index d011536..e8ada7c 100644
--- a/core/security/shiro/_adoc/modules/ROOT/pages/shiro-realm-implementations/_attributes.adoc
+++ b/extensions/secman/_adoc/modules/realm-shiro/partials/_attributes.adoc
@@ -1,4 +1,4 @@
ifndef::env-site,env-github[]
-:moduledir: ../..
+:moduledir: ..
include::{moduledir}/_attributes.adoc[]
endif::[]