You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@isis.apache.org by da...@apache.org on 2017/09/25 08:33:56 UTC
[08/24] isis-site git commit: ISIS-1712 - updates docs,
replace references to isisaddons and catalog.incode.org with
platform.incode.org
http://git-wip-us.apache.org/repos/asf/isis-site/blob/e5dcb0be/content/guides/ugsec/ugsec.html
----------------------------------------------------------------------
diff --git a/content/guides/ugsec/ugsec.html b/content/guides/ugsec/ugsec.html
index 828e3d9..bb063e2 100644
--- a/content/guides/ugsec/ugsec.html
+++ b/content/guides/ugsec/ugsec.html
@@ -335,7 +335,7 @@ table.CodeRay td.code>pre{padding:0}
<p>Shiro also ships with an implementation of an LDAP-based realm; LDAP is often used to manage user/passwords and corresponding user groups. Apache Isis in turn extends this with its <code>IsisLdapRealm</code>, which provides more flexibility for both group/role and role/permissions management.</p>
</div>
<div class="paragraph">
- <p>In addition, the (non-ASF) <a href="http://www.isisaddons.org">Isis Addons</a> provides the <a href="http://github.com/isisaddons/isis-module-security">Isis addons' security</a> module, which also provides an implementation of the Shiro <code>Realm</code> API. However, the security module also represents users, roles and permissions as domain objects, allowing them to be administered through Apache Isis itself. Moreover, the security module can optionally delegate password management to a subsidiary (delegate) realm (usually LDAP as discussed above).</p>
+ <p>In addition, the (non-ASF) <a href="http://platform.incode.org" target="_blank">Incode Platform</a> modules provides the security module, which also provides an implementation of the Shiro <code>Realm</code> API. However, the security module also represents users, roles and permissions as domain objects, allowing them to be administered through Apache Isis itself. Moreover, the security module can optionally delegate password management to a subsidiary (delegate) realm (usually LDAP as discussed above).</p>
</div>
<div class="paragraph">
<p>In addition to Apache Isis' Shiro-based implementation of its authentication and authorization APIs, Isis also provides a "bypass" implementation, useful for quick-n-dirty prototyping when you want to in effect disable (bypass) security completely.</p>
@@ -353,7 +353,7 @@ table.CodeRay td.code>pre{padding:0}
<p>A further aspect of security is auditing: recording what data was modified by which user.</p>
</div>
<div class="paragraph">
- <p>Apache Isis provides the <a href="../rgsvc/rgsvc.html#_rgsvc_application-layer-api_InteractionContext"><code>InteractionContext</code></a> can be used to track the actions being invoked, and the <a href="../rgsvc/rgsvc.html#_rgsvc_persistence-layer-spi_AuditerService"><code>AuditerService</code></a> captures what data was modified as a result (auditing). When <code>Interaction</code>s are persisted (eg by way of (non-ASF) <a href="http://github.com/isisaddons/isis-module-publishmq">Isis addons' publishmq</a> module) this provides excellent traceability. The (non-ASF) <a href="http://github.com/isisaddons/isis-module-audit">Isis addons' audit</a> module provides an implementation of the <code>AuditerService</code>.</p>
+ <p>Apache Isis provides the <a href="../rgsvc/rgsvc.html#_rgsvc_application-layer-api_InteractionContext"><code>InteractionContext</code></a> can be used to track the actions being invoked, and the <a href="../rgsvc/rgsvc.html#_rgsvc_persistence-layer-spi_AuditerService"><code>AuditerService</code></a> captures what data was modified as a result (auditing). When <code>Interaction</code>s are persisted (eg by way of (non-ASF) <a href="http://platform.incode.org" target="_blank">Incode Platform</a>'s publishmq module) this provides excellent traceability. The (non-ASF) <a href="http://platform.incode.org" target="_blank">Incode Platform</a>'s audit module provides an implementation of the <code>AuditerService</code>.</p>
</div>
<div class="paragraph">
<p>For earlier versions of the framework the <a href="../rgsvc/rgsvc.html#_rgsvc_application-layer-spi_CommandService"><code>CommandService</code></a> can be used to capture actions, while the (deprecated) <a href="../rgsvc/rgsvc.html#_rgsvc_persistence-layer-spi_AuditingService"><code>AuditingService</code></a> used to capture data modified.</p>
@@ -957,7 +957,7 @@ admin_role = *</code></pre>
</ul>
</div>
<div class="paragraph">
- <p>The <a href="https://github.com/isisaddons/isis-module-security">Isis Addons' security module</a> (not ASF) provides a complete security subdomain for users, roles, permissions; all are persisted as domain entities.</p>
+ <p>The (non-ASF) <a href="http://platform.incode.org" target="_blank">Incode Platform</a>'s security module provides a complete security subdomain for users, roles, permissions; all are persisted as domain entities.</p>
</div>
<div class="paragraph">
<p>What that means, of course, that they can also be administered through your Isis application. Moreover, the set of permissions (to features) is derived completely from your application’s metamodel; in essence the permissions are "type-safe".</p>
@@ -988,7 +988,7 @@ admin_role = *</code></pre>
</div>
</div>
<div class="paragraph">
- <p>The security module has many more features than are described here, all of which are described in the module’s <a href="https://github.com/isisaddons/isis-module-security">README</a>. The README also explains in detail how to configure an existing app to use this module.</p>
+ <p>The security module has many more features than are described here, all of which are described in the module’s README. The README also explains in detail how to configure an existing app to use this module.</p>
</div>
<div class="paragraph">
<p>You can also look at the Isisaddons <a href="https://github.com/isisaddons/isis-app-todoapp">todoapp example</a> (not ASF), which is preconfigured to use the security module.</p>
@@ -1016,7 +1016,7 @@ admin_role = *</code></pre>
<td class="icon"> <i class="fa icon-warning" title="Warning"></i> </td>
<td class="content">
<div class="paragraph">
- <p>If you are happy to use a database then we strongly recommend you use the <a href="http://github.com/isisaddons/isis-module-security">Isis addons' security</a> module instead of a vanilla JDBC; it is far more sophisticated and moreover gives you the ability to administer the system from within your Isis application.</p>
+ <p>If you are happy to use a database then we strongly recommend you use the (non-ASF) <a href="http://platform.incode.org" target="_blank">Incode Platform</a>'s security module instead of a vanilla JDBC; it is far more sophisticated and moreover gives you the ability to administer the system from within your Isis application.</p>
</div> </td>
</tr>
</tbody>
@@ -1494,7 +1494,7 @@ isis.authorization=bypass</code></pre>
</ul>
</div>
<div class="paragraph">
- <p>We don’t want to repeat the entire <a href="http://shiro.apache.org/documentation.html">Shiro documentation set</a> here, but we should flag a number of otherof other features that are worth checking out.</p>
+ <p>We don’t want to repeat the entire <a href="http://shiro.apache.org/documentation.html">Shiro documentation set</a> here, but we should flag a number of other features that are worth checking out.</p>
</div>
<div class="sect3">
<h4 id="_caching">5.3.1. Caching</h4>
@@ -1581,7 +1581,7 @@ securityManager.cacheManager = $memoryCacheManager</code></pre>
<div class="sect2">
<h3 id="_servlet_api">6.2. Servlet API</h3>
<div class="paragraph">
- <p>On occasion you may find it necessary to reach below Isis and to the underlying servlet API. For example, the <a href="http://github.com/isisaddons/isis-module-togglz">Isis addons' togglz</a> module (non-ASF) has a requirement to do this in order to expose its embedded togglz web console. (</p>
+ <p>On occasion you may find it necessary to reach below Isis and to the underlying servlet API. For example, the (non-ASF) <a href="http://platform.incode.org" target="_blank">Incode Platform</a>'s togglz module (non-ASF) has a requirement to do this in order to expose its embedded togglz web console. (</p>
</div>
<div class="admonitionblock tip">
<table>
@@ -1590,7 +1590,7 @@ securityManager.cacheManager = $memoryCacheManager</code></pre>
<td class="icon"> <i class="fa icon-tip" title="Tip"></i> </td>
<td class="content">
<div class="paragraph">
- <p>If you do need to access the servlet API and are running within the context of Wicket viewer, the <a href="http://github.com/isisaddons/isis-module-servletapi">Isis addons' servletapi</a> module can provide access to the <code>HttpServletRequest</code>, <code>HttpServletResponse</code> and <code>ServletContext</code>.</p>
+ <p>If you do need to access the servlet API and are running within the context of Wicket viewer, the (non-ASF) <a href="http://platform.incode.org" target="_blank">Incode Platform</a>'s servletapi module can provide access to the <code>HttpServletRequest</code>, <code>HttpServletResponse</code> and <code>ServletContext</code>.</p>
</div> </td>
</tr>
</tbody>
@@ -1629,7 +1629,7 @@ securityManager.cacheManager = $memoryCacheManager</code></pre>
<p>By and large the security mechanisms within Isis are transparent to the rest of the framework (the <a href="../ugvw/ugvw.html">Wicket Viewer</a> and <a href="../ugvro/ugvro.html">Restful Objects viewer</a>, and the overall <a href="../rgcfg/rgcfg.html#_rgcfg">runtime</a>).</p>
</div>
<div class="paragraph">
- <p>That said, it is the responsibility of the viewers to ensure that there is a viewers to ensure that for each request there is a valid user session present. The sections below explain how this works.</p>
+ <p>That said, it is the responsibility of the viewers to ensure that for each request there is a valid user session present. The sections below explain how this works.</p>
</div>
<div class="sect2">
<h3 id="_wicket_viewer">7.1. Wicket Viewer</h3>
@@ -1703,7 +1703,7 @@ securityManager.cacheManager = $memoryCacheManager</code></pre>
<p>User registration is only available if the <a href="../rgsvc/rgsvc.html#_rgsvc_persistence-layer-spi_UserRegistrationService"><code>UserRegistrationService</code></a> is configured; this is used by the framework to actually create new instances of the user as accessed by the corresponding (Shiro) realm.</p>
</div>
<div class="paragraph">
- <p>Because Shiro realms are pluggable, the Apache Isis framework does not provide default implementations of this service. However, if you are using the <a href="http://github.com/isisaddons/isis-module-security">Isis addons' security</a> module (non-ASF), then this module <em>does</em> provide an implementation (that, as you might expect, creates new "user" domain entities).</p>
+ <p>Because Shiro realms are pluggable, the Apache Isis framework does not provide default implementations of this service. However, if you are using the (non-ASF) <a href="http://platform.incode.org" target="_blank">Incode Platform</a>'s security module, then this module <em>does</em> provide an implementation (that, as you might expect, creates new "user" domain entities).</p>
</div>
<div class="paragraph">
<p>If you are using an LDAP realm and want to enable user-self registration then you’ll need to write your own implementation of this service.</p>