You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@isis.apache.org by da...@apache.org on 2021/04/15 07:06:39 UTC
[isis-app-helloworld] branch jdo-secman updated (f5d1ec6 -> e1fe94c)
This is an automated email from the ASF dual-hosted git repository.
danhaywood pushed a change to branch jdo-secman
in repository https://gitbox.apache.org/repos/asf/isis-app-helloworld.git.
discard f5d1ec6 adds in perms for app users
discard b6f1ee1 configures secman
new e1fe94c enables secman, with dummy users
This update added new revisions after undoing existing revisions.
That is to say, some revisions that were in the old version of the
branch are not in the new version. This situation occurs
when a user --force pushes a change and generates a repository
containing something like this:
* -- * -- B -- O -- O -- O (f5d1ec6)
\
N -- N -- N refs/heads/jdo-secman (e1fe94c)
You should already have received notification emails for all of the O
revisions, and so the following emails describe only the N revisions
from the common base, B.
Any revisions marked "omit" are not gone; other references still
refer to them. Any revisions marked "discard" are gone forever.
The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
[isis-app-helloworld] 01/01: enables secman, with dummy users
Posted by da...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
danhaywood pushed a commit to branch jdo-secman
in repository https://gitbox.apache.org/repos/asf/isis-app-helloworld.git
commit e1fe94c6cdcfe5d208a03caa7367c675bceb5287
Author: danhaywood <da...@haywood-associates.co.uk>
AuthorDate: Thu Apr 15 08:01:24 2021 +0100
enables secman, with dummy users
---
pom.xml | 34 ++++++++++++
.../java/domainapp/security/SeedUsersAndRoles.java | 61 ++++++++++++++++++++++
.../security/scripts/RoleAndPerms__NoDelete.java | 26 +++++++++
.../security/scripts/RoleAndPerms__UserRo.java | 32 ++++++++++++
.../security/scripts/RoleAndPerms__UserRw.java | 34 ++++++++++++
.../security/scripts/SecmanConstants.java | 11 ++++
.../security/scripts/UserToRole__bob_UserRw.java | 17 ++++++
.../security/scripts/UserToRole__dick_UserRo.java | 17 ++++++
.../UserToRole__joe_UserRw_but_NoDelete.java | 18 +++++++
src/main/java/domainapp/webapp/AppManifest.java | 51 ++++++++++++++++++
src/main/resources/menubars.layout.xml | 44 ++++++++++++++--
src/main/resources/shiro.ini | 37 ++-----------
12 files changed, 346 insertions(+), 36 deletions(-)
diff --git a/pom.xml b/pom.xml
index 6fdb43c..ba4abee 100644
--- a/pom.xml
+++ b/pom.xml
@@ -52,9 +52,43 @@
</plugins>
</build>
+
+ <dependencyManagement>
+ <dependencies>
+ <dependency>
+ <groupId>org.apache.isis.extensions</groupId>
+ <artifactId>isis-extensions-secman</artifactId>
+ <scope>import</scope>
+ <type>pom</type>
+ <version>2.0.0-M5</version>
+ </dependency>
+ </dependencies>
+ </dependencyManagement>
+
<dependencies>
<dependency>
+ <groupId>org.apache.isis.extensions</groupId>
+ <artifactId>isis-extensions-secman-api</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.isis.extensions</groupId>
+ <artifactId>isis-extensions-secman-model</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.isis.extensions</groupId>
+ <artifactId>isis-extensions-secman-persistence-jdo</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.isis.extensions</groupId>
+ <artifactId>isis-extensions-secman-encryption-jbcrypt</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.isis.extensions</groupId>
+ <artifactId>isis-extensions-secman-shiro-realm</artifactId>
+ </dependency>
+
+ <dependency>
<groupId>org.apache.isis.mavendeps</groupId>
<artifactId>isis-mavendeps-webapp</artifactId>
<type>pom</type>
diff --git a/src/main/java/domainapp/security/SeedUsersAndRoles.java b/src/main/java/domainapp/security/SeedUsersAndRoles.java
new file mode 100644
index 0000000..557796e
--- /dev/null
+++ b/src/main/java/domainapp/security/SeedUsersAndRoles.java
@@ -0,0 +1,61 @@
+package domainapp.security;
+
+import javax.inject.Inject;
+
+import org.springframework.context.event.EventListener;
+import org.springframework.core.annotation.Order;
+import org.springframework.stereotype.Service;
+
+import org.apache.isis.applib.annotation.OrderPrecedence;
+import org.apache.isis.applib.services.xactn.TransactionService;
+import org.apache.isis.core.metamodel.events.MetamodelEvent;
+import org.apache.isis.testing.fixtures.applib.fixturescripts.FixtureScript;
+import org.apache.isis.testing.fixtures.applib.fixturescripts.FixtureScripts;
+
+import domainapp.security.scripts.RoleAndPerms__NoDelete;
+import domainapp.security.scripts.RoleAndPerms__UserRo;
+import domainapp.security.scripts.RoleAndPerms__UserRw;
+import domainapp.security.scripts.UserToRole__bob_UserRw;
+import domainapp.security.scripts.UserToRole__dick_UserRo;
+import domainapp.security.scripts.UserToRole__joe_UserRw_but_NoDelete;
+
+@Service
+@Order(OrderPrecedence.MIDPOINT + 10)
+public class SeedUsersAndRoles {
+
+ private final FixtureScripts fixtureScripts;
+ private final TransactionService transactionService;
+
+ @Inject
+ public SeedUsersAndRoles(
+ final FixtureScripts fixtureScripts,
+ final TransactionService transactionService) {
+ this.fixtureScripts = fixtureScripts;
+ this.transactionService = transactionService;
+ }
+
+ @EventListener(MetamodelEvent.class)
+ public void onMetamodelEvent(final MetamodelEvent event) {
+ if (event.isPostMetamodel()) {
+ runScripts();
+ }
+ transactionService.flushTransaction();
+ }
+
+ private void runScripts() {
+ fixtureScripts.run(new FixtureScript() {
+ @Override
+ protected void execute(ExecutionContext ec) {
+ ec.executeChildren(this,
+ new RoleAndPerms__UserRw()
+ , new RoleAndPerms__UserRo()
+ , new RoleAndPerms__NoDelete()
+ , new UserToRole__bob_UserRw()
+ , new UserToRole__dick_UserRo()
+ , new UserToRole__joe_UserRw_but_NoDelete()
+ );
+ }
+ });
+ }
+
+}
diff --git a/src/main/java/domainapp/security/scripts/RoleAndPerms__NoDelete.java b/src/main/java/domainapp/security/scripts/RoleAndPerms__NoDelete.java
new file mode 100644
index 0000000..32d65ea
--- /dev/null
+++ b/src/main/java/domainapp/security/scripts/RoleAndPerms__NoDelete.java
@@ -0,0 +1,26 @@
+package domainapp.security.scripts;
+
+import org.apache.isis.applib.services.appfeat.ApplicationFeatureId;
+import org.apache.isis.applib.services.appfeat.ApplicationFeatureSort;
+import org.apache.isis.commons.collections.Can;
+import org.apache.isis.extensions.secman.api.permission.ApplicationPermissionMode;
+import org.apache.isis.extensions.secman.api.permission.ApplicationPermissionRule;
+import org.apache.isis.extensions.secman.jdo.seed.scripts.AbstractRoleAndPermissionsFixtureScript;
+
+public class RoleAndPerms__NoDelete extends AbstractRoleAndPermissionsFixtureScript {
+
+ public static final String ROLE_NAME = "no-delete";
+
+ public RoleAndPerms__NoDelete() {
+ super(ROLE_NAME, "Veto access to deleting HelloWorld objects");
+ }
+
+ @Override
+ protected void execute(ExecutionContext ec) {
+ newPermissions(
+ ApplicationPermissionRule.VETO,
+ ApplicationPermissionMode.VIEWING,
+ Can.of(ApplicationFeatureId.newFeature(ApplicationFeatureSort.MEMBER, "hello.HelloWorldObject#delete"))
+ );
+ }
+}
diff --git a/src/main/java/domainapp/security/scripts/RoleAndPerms__UserRo.java b/src/main/java/domainapp/security/scripts/RoleAndPerms__UserRo.java
new file mode 100644
index 0000000..6bd585f
--- /dev/null
+++ b/src/main/java/domainapp/security/scripts/RoleAndPerms__UserRo.java
@@ -0,0 +1,32 @@
+package domainapp.security.scripts;
+
+import org.apache.isis.applib.services.appfeat.ApplicationFeatureId;
+import org.apache.isis.applib.services.appfeat.ApplicationFeatureSort;
+import org.apache.isis.commons.collections.Can;
+import org.apache.isis.extensions.secman.api.permission.ApplicationPermissionMode;
+import org.apache.isis.extensions.secman.api.permission.ApplicationPermissionRule;
+import org.apache.isis.extensions.secman.jdo.seed.scripts.AbstractRoleAndPermissionsFixtureScript;
+
+public class RoleAndPerms__UserRo extends AbstractRoleAndPermissionsFixtureScript {
+
+ public static final String ROLE_NAME = "user-ro";
+
+ public RoleAndPerms__UserRo() {
+ super(ROLE_NAME, "Read-only access to entire application");
+ }
+
+ @Override
+ protected void execute(ExecutionContext ec) {
+ newPermissions(
+ ApplicationPermissionRule.ALLOW,
+ ApplicationPermissionMode.VIEWING,
+ Can.of(ApplicationFeatureId.newNamespace("hello")));
+ newPermissions(
+ ApplicationPermissionRule.ALLOW,
+ ApplicationPermissionMode.CHANGING,
+ Can.of(
+ ApplicationFeatureId.newFeature(ApplicationFeatureSort.MEMBER, "hello.HelloWorldObjects#findByName"),
+ ApplicationFeatureId.newFeature(ApplicationFeatureSort.MEMBER, "hello.HelloWorldObjects#listAll")
+ ));
+ }
+}
diff --git a/src/main/java/domainapp/security/scripts/RoleAndPerms__UserRw.java b/src/main/java/domainapp/security/scripts/RoleAndPerms__UserRw.java
new file mode 100644
index 0000000..50870af
--- /dev/null
+++ b/src/main/java/domainapp/security/scripts/RoleAndPerms__UserRw.java
@@ -0,0 +1,34 @@
+package domainapp.security.scripts;
+
+import java.util.Arrays;
+
+import javax.inject.Inject;
+
+import org.apache.isis.applib.services.appfeat.ApplicationFeatureId;
+import org.apache.isis.applib.value.Password;
+import org.apache.isis.commons.collections.Can;
+import org.apache.isis.extensions.secman.api.permission.ApplicationPermissionMode;
+import org.apache.isis.extensions.secman.api.permission.ApplicationPermissionRule;
+import org.apache.isis.extensions.secman.jdo.dom.role.ApplicationRole;
+import org.apache.isis.extensions.secman.jdo.dom.role.ApplicationRoleRepository;
+import org.apache.isis.extensions.secman.jdo.seed.scripts.AbstractRoleAndPermissionsFixtureScript;
+import org.apache.isis.extensions.secman.model.dom.user.ApplicationUserMenu;
+import org.apache.isis.testing.fixtures.applib.fixturescripts.FixtureScript;
+
+public class RoleAndPerms__UserRw extends AbstractRoleAndPermissionsFixtureScript {
+
+ public static final String ROLE_NAME = "user-rw";
+
+ public RoleAndPerms__UserRw() {
+ super(ROLE_NAME, "Read-write access to entire application");
+ }
+
+ @Override
+ protected void execute(ExecutionContext ec) {
+ newPermissions(
+ ApplicationPermissionRule.ALLOW,
+ ApplicationPermissionMode.CHANGING,
+ Can.of(ApplicationFeatureId.newNamespace("hello"))
+ );
+ }
+}
diff --git a/src/main/java/domainapp/security/scripts/SecmanConstants.java b/src/main/java/domainapp/security/scripts/SecmanConstants.java
new file mode 100644
index 0000000..0c8df8d
--- /dev/null
+++ b/src/main/java/domainapp/security/scripts/SecmanConstants.java
@@ -0,0 +1,11 @@
+package domainapp.security.scripts;
+
+import org.apache.isis.commons.collections.Can;
+import org.apache.isis.extensions.secman.api.user.AccountType;
+import org.apache.isis.extensions.secman.jdo.seed.scripts.AbstractUserAndRolesFixtureScript;
+
+public class SecmanConstants {
+ private SecmanConstants(){}
+ public static final String ADMIN_ROLE_NAME = "secman-admin-role";
+ public static final String USER_ROLE_NAME = "secman-user-role";
+}
diff --git a/src/main/java/domainapp/security/scripts/UserToRole__bob_UserRw.java b/src/main/java/domainapp/security/scripts/UserToRole__bob_UserRw.java
new file mode 100644
index 0000000..a44b92b
--- /dev/null
+++ b/src/main/java/domainapp/security/scripts/UserToRole__bob_UserRw.java
@@ -0,0 +1,17 @@
+package domainapp.security.scripts;
+
+import org.apache.isis.commons.collections.Can;
+import org.apache.isis.extensions.secman.api.user.AccountType;
+import org.apache.isis.extensions.secman.jdo.seed.scripts.AbstractUserAndRolesFixtureScript;
+
+public class UserToRole__bob_UserRw extends AbstractUserAndRolesFixtureScript {
+
+ public UserToRole__bob_UserRw() {
+ super("bob", "pass", AccountType.LOCAL,
+ Can.of(
+ RoleAndPerms__UserRw.ROLE_NAME
+ , SecmanConstants.USER_ROLE_NAME
+ ));
+ }
+
+}
diff --git a/src/main/java/domainapp/security/scripts/UserToRole__dick_UserRo.java b/src/main/java/domainapp/security/scripts/UserToRole__dick_UserRo.java
new file mode 100644
index 0000000..2245fdb
--- /dev/null
+++ b/src/main/java/domainapp/security/scripts/UserToRole__dick_UserRo.java
@@ -0,0 +1,17 @@
+package domainapp.security.scripts;
+
+import org.apache.isis.commons.collections.Can;
+import org.apache.isis.extensions.secman.api.user.AccountType;
+import org.apache.isis.extensions.secman.jdo.seed.scripts.AbstractUserAndRolesFixtureScript;
+
+public class UserToRole__dick_UserRo extends AbstractUserAndRolesFixtureScript {
+
+ public UserToRole__dick_UserRo() {
+ super("dick", "pass", AccountType.LOCAL,
+ Can.of(
+ RoleAndPerms__UserRo.ROLE_NAME
+ , SecmanConstants.USER_ROLE_NAME
+ ));
+ }
+
+}
diff --git a/src/main/java/domainapp/security/scripts/UserToRole__joe_UserRw_but_NoDelete.java b/src/main/java/domainapp/security/scripts/UserToRole__joe_UserRw_but_NoDelete.java
new file mode 100644
index 0000000..9f98c23
--- /dev/null
+++ b/src/main/java/domainapp/security/scripts/UserToRole__joe_UserRw_but_NoDelete.java
@@ -0,0 +1,18 @@
+package domainapp.security.scripts;
+
+import org.apache.isis.commons.collections.Can;
+import org.apache.isis.extensions.secman.api.user.AccountType;
+import org.apache.isis.extensions.secman.jdo.seed.scripts.AbstractUserAndRolesFixtureScript;
+
+public class UserToRole__joe_UserRw_but_NoDelete extends AbstractUserAndRolesFixtureScript {
+
+ public UserToRole__joe_UserRw_but_NoDelete() {
+ super("joe", "pass", AccountType.LOCAL,
+ Can.of(
+ RoleAndPerms__UserRw.ROLE_NAME
+ , RoleAndPerms__NoDelete.ROLE_NAME
+ , SecmanConstants.USER_ROLE_NAME
+ ));
+ }
+
+}
diff --git a/src/main/java/domainapp/webapp/AppManifest.java b/src/main/java/domainapp/webapp/AppManifest.java
index 86995b9..ad39712 100644
--- a/src/main/java/domainapp/webapp/AppManifest.java
+++ b/src/main/java/domainapp/webapp/AppManifest.java
@@ -1,5 +1,8 @@
package domainapp.webapp;
+import java.util.EnumSet;
+
+import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Import;
import org.springframework.context.annotation.PropertySource;
@@ -7,13 +10,27 @@ import org.springframework.context.annotation.PropertySources;
import org.apache.isis.core.config.presets.IsisPresets;
import org.apache.isis.core.runtimeservices.IsisModuleCoreRuntimeServices;
+import org.apache.isis.extensions.secman.api.IsisModuleExtSecmanApi;
+import org.apache.isis.extensions.secman.api.SecmanConfiguration;
+import org.apache.isis.extensions.secman.api.SecurityRealm;
+import org.apache.isis.extensions.secman.api.SecurityRealmCharacteristic;
+import org.apache.isis.extensions.secman.api.SecurityRealmService;
+import org.apache.isis.extensions.secman.api.permission.PermissionsEvaluationService;
+import org.apache.isis.extensions.secman.api.permission.PermissionsEvaluationServiceAllowBeatsVeto;
+import org.apache.isis.extensions.secman.encryption.jbcrypt.IsisModuleExtSecmanEncryptionJbcrypt;
+import org.apache.isis.extensions.secman.jdo.IsisModuleExtSecmanPersistenceJdo;
+import org.apache.isis.extensions.secman.model.IsisModuleExtSecmanModel;
+import org.apache.isis.extensions.secman.shiro.IsisModuleExtSecmanRealmShiro;
import org.apache.isis.persistence.jdo.datanucleus.IsisModuleJdoDatanucleus;
import org.apache.isis.security.shiro.IsisModuleSecurityShiro;
+import org.apache.isis.testing.fixtures.applib.IsisModuleTestingFixturesApplib;
import org.apache.isis.testing.h2console.ui.IsisModuleTestingH2ConsoleUi;
import org.apache.isis.viewer.restfulobjects.jaxrsresteasy4.IsisModuleViewerRestfulObjectsJaxrsResteasy4;
import org.apache.isis.viewer.wicket.viewer.IsisModuleViewerWicketViewer;
import domainapp.modules.hello.HelloWorldModule;
+import domainapp.security.SeedUsersAndRoles;
+import domainapp.security.scripts.SecmanConstants;
@Configuration
@Import({
@@ -23,6 +40,15 @@ import domainapp.modules.hello.HelloWorldModule;
IsisModuleViewerRestfulObjectsJaxrsResteasy4.class,
IsisModuleViewerWicketViewer.class,
+ IsisModuleExtSecmanApi.class,
+ IsisModuleExtSecmanModel.class,
+ IsisModuleExtSecmanPersistenceJdo.class,
+ IsisModuleExtSecmanRealmShiro.class,
+ IsisModuleExtSecmanEncryptionJbcrypt.class,
+
+ IsisModuleTestingFixturesApplib.class,
+ SeedUsersAndRoles.class,
+
IsisModuleTestingH2ConsoleUi.class,
HelloWorldModule.class
})
@@ -30,4 +56,29 @@ import domainapp.modules.hello.HelloWorldModule;
@PropertySource(IsisPresets.NoTranslations),
})
public class AppManifest {
+
+ @Bean
+ public SecmanConfiguration secmanConfiguration() {
+ return SecmanConfiguration.builder()
+ .adminUserName("sven").adminPassword("pass")
+ .adminRoleName(SecmanConstants.ADMIN_ROLE_NAME)
+ .regularUserRoleName(SecmanConstants.USER_ROLE_NAME)
+ .build();
+ }
+
+ @Bean
+ public PermissionsEvaluationService permissionsEvaluationService() {
+ return new PermissionsEvaluationServiceAllowBeatsVeto();
+ }
+
+ @Bean
+ public SecurityRealmService securityRealmService() {
+ return new SecurityRealmService() {
+ @Override
+ public SecurityRealm getCurrentRealm() {
+ return () -> EnumSet.noneOf(SecurityRealmCharacteristic.class);
+ }
+ };
+ }
+
}
diff --git a/src/main/resources/menubars.layout.xml b/src/main/resources/menubars.layout.xml
index 8d714b9..3023026 100644
--- a/src/main/resources/menubars.layout.xml
+++ b/src/main/resources/menubars.layout.xml
@@ -17,6 +17,10 @@
<mb3:menu>
<mb3:named>Prototyping</mb3:named>
<mb3:section>
+ <mb3:named>Fixtures</mb3:named>
+ <mb3:serviceAction objectType="isis.ext.fixtures.FixtureScripts" id="runFixtureScript"/>
+ </mb3:section>
+ <mb3:section>
<mb3:named>Layouts</mb3:named>
<mb3:serviceAction objectType="isis.applib.LayoutServiceMenu" id="downloadLayouts"/>
<mb3:serviceAction objectType="isis.applib.LayoutServiceMenu" id="downloadMenuBarsLayout"/>
@@ -45,6 +49,41 @@
<mb3:serviceAction objectType="isis.applib.TranslationServicePoMenu" id="switchToWritingTranslations"/>
</mb3:section>
</mb3:menu>
+ <mb3:menu>
+ <mb3:named>Security</mb3:named>
+ <mb3:section>
+ <mb3:named>Users</mb3:named>
+ <mb3:serviceAction objectType="isis.ext.secman.ApplicationUserMenu" id="findUsers"/>
+ <mb3:serviceAction objectType="isis.ext.secman.ApplicationUserMenu" id="newDelegateUser"/>
+ <mb3:serviceAction objectType="isis.ext.secman.ApplicationUserMenu" id="newLocalUser"/>
+ <mb3:serviceAction objectType="isis.ext.secman.ApplicationUserMenu" id="allUsers"/>
+ </mb3:section>
+ <mb3:section>
+ <mb3:named>Roles</mb3:named>
+ <mb3:serviceAction objectType="isis.ext.secman.ApplicationRoleMenu" id="findRoles"/>
+ <mb3:serviceAction objectType="isis.ext.secman.ApplicationRoleMenu" id="newRole"/>
+ <mb3:serviceAction objectType="isis.ext.secman.ApplicationRoleMenu" id="allRoles"/>
+ </mb3:section>
+ <mb3:section>
+ <mb3:named>Features</mb3:named>
+ <mb3:serviceAction objectType="isis.ext.secman.ApplicationFeatureViewModels" id="allNamespaces"/>
+ <mb3:serviceAction objectType="isis.ext.secman.ApplicationFeatureViewModels" id="allTypes"/>
+ <mb3:serviceAction objectType="isis.ext.secman.ApplicationFeatureViewModels" id="allActions"/>
+ <mb3:serviceAction objectType="isis.ext.secman.ApplicationFeatureViewModels" id="allProperties"/>
+ <mb3:serviceAction objectType="isis.ext.secman.ApplicationFeatureViewModels" id="allCollections"/>
+ </mb3:section>
+ <mb3:section>
+ <mb3:named>Permissions</mb3:named>
+ <mb3:serviceAction objectType="isis.ext.secman.ApplicationPermissionMenu" id="allPermissions"/>
+ <mb3:serviceAction objectType="isis.ext.secman.ApplicationPermissionMenu" id="findOrphanedPermissions"/>
+ </mb3:section>
+ <mb3:section>
+ <mb3:named>Tenancies</mb3:named>
+ <mb3:serviceAction objectType="isis.ext.secman.ApplicationTenancyMenu" id="findTenancies"/>
+ <mb3:serviceAction objectType="isis.ext.secman.ApplicationTenancyMenu" id="newTenancy"/>
+ <mb3:serviceAction objectType="isis.ext.secman.ApplicationTenancyMenu" id="allTenancies"/>
+ </mb3:section>
+ </mb3:menu>
</mb3:secondary>
<mb3:tertiary>
<mb3:menu>
@@ -54,9 +93,8 @@
<mb3:serviceAction objectType="isis.applib.ConfigurationMenu" id="configuration"/>
</mb3:section>
<mb3:section>
- <mb3:serviceAction objectType="isis.security.LogoutMenu" id="logout">
- <cpt:named>Logout</cpt:named>
- </mb3:serviceAction>
+ <mb3:serviceAction objectType="isis.ext.secman.MeService" id="me"/>
+ <mb3:serviceAction objectType="isis.security.LogoutMenu" id="logout"/>
</mb3:section>
</mb3:menu>
</mb3:tertiary>
diff --git a/src/main/resources/shiro.ini b/src/main/resources/shiro.ini
index 2fe76c6..8f41937 100644
--- a/src/main/resources/shiro.ini
+++ b/src/main/resources/shiro.ini
@@ -1,39 +1,10 @@
[main]
-# to use .ini file
-securityManager.realms = $iniRealm
+authenticationStrategy=org.apache.isis.extensions.secman.shiro.AuthenticationStrategyForIsisModuleSecurityRealm
+isisModuleSecurityRealm=org.apache.isis.extensions.secman.shiro.IsisModuleExtSecmanShiroRealm
-
-
-# -----------------------------------------------------------------------------
-# Users and their assigned roles
-#
-# Each line conforms to the format defined in the
-# org.apache.shiro.realm.text.TextConfigurationRealm#setUserDefinitions JavaDoc
-# -----------------------------------------------------------------------------
+securityManager.authenticator.authenticationStrategy = $authenticationStrategy
+securityManager.realms = $isisModuleSecurityRealm
[users]
-# user = password, role1, role2, role3, ...
-
-
-sven = pass, admin_role
-dick = pass, user_role
-bob = pass, user_role
-joe = pass, user_role
-
-
-
-# -----------------------------------------------------------------------------
-# Roles with assigned permissions
-#
-# Each line conforms to the format defined in the
-# org.apache.shiro.realm.text.TextConfigurationRealm#setRoleDefinitions JavaDoc
-# -----------------------------------------------------------------------------
-
[roles]
-# role = perm1, perm2, perm3, ...
-# perm in format: packageName:className:memberName:r,w
-
-user_role = *:HelloWorldObjects:*:*,\
- *:HelloWorldObject:*:*
-admin_role = *