You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@isis.apache.org by da...@apache.org on 2013/01/19 20:43:48 UTC

svn commit: r1435648 - in /isis/site/trunk/content: components/security/shiro/about.md components/security/shiro/configuring-shiro.md documentation.md

Author: danhaywood
Date: Sat Jan 19 19:43:47 2013
New Revision: 1435648

URL: http://svn.apache.org/viewvc?rev=1435648&view=rev
Log:
isis site - more on shiro

Added:
    isis/site/trunk/content/components/security/shiro/configuring-shiro.md
Modified:
    isis/site/trunk/content/components/security/shiro/about.md
    isis/site/trunk/content/documentation.md

Modified: isis/site/trunk/content/components/security/shiro/about.md
URL: http://svn.apache.org/viewvc/isis/site/trunk/content/components/security/shiro/about.md?rev=1435648&r1=1435647&r2=1435648&view=diff
==============================================================================
--- isis/site/trunk/content/components/security/shiro/about.md (original)
+++ isis/site/trunk/content/components/security/shiro/about.md Sat Jan 19 19:43:47 2013
@@ -8,63 +8,15 @@ The shiro implementation provides integr
 
 - See [release notes](release-notes/about.html).
 
-### Default Configuration
 
-The [quickstart archetype](../../../getting-started/quickstart-archetype.html) is configured with Shiro using the users, roles and permissions defined in the `WEB-INF/shiro.ini` file.
+### Further Reading
 
-Shiro itself reads this file and is bootstrapped using the following settings to be added near the top of the `WEB-INF/web.xml` file:
+- [Configuring Isis to use Shiro](configuring-shiro.html)
 
-<pre>
-&lt;listener&gt;
-    &lt;listener-class&gt;org.apache.shiro.web.env.EnvironmentLoaderListener&lt;/listener-class&gt;
-&lt;/listener&gt;
+  How to configure an Isis webapp to use the Shiro-based security mechanism
 
-&lt;filter&gt;
-    &lt;filter-name&gt;ShiroFilter&lt;/filter-name&gt;
-    &lt;filter-class&gt;org.apache.shiro.web.servlet.ShiroFilter&lt;/filter-class&gt;
-&lt;/filter&gt;
+- [Configuring Shiro to work with LDAP](using-ldap.html)
 
-&lt;filter-mapping&gt;
-    &lt;filter-name&gt;ShiroFilter&lt;/filter-name&gt;
-    &lt;url-pattern&gt;/*&lt;/url-pattern&gt;
-&lt;/filter-mapping&gt;
-</pre>
+  How to configure Shiro itself to work against an LDAP server for both authentication (users/roles) and authorization (roles/permissions).
 
-### Format of Permissions
 
-Shiro converts permission strings (as found in `WEB-INF/shiro.ini`) internally into `WildcardPermission` instances, with allow a permissions to be organized hierarchical and with wildcarding.  
-
-This meets Isis' requirements well; we define the permission strings as follows:
-
-<pre>
-packageName:ClassName:memberName:r,w
-</pre>
-
-where:
-
-* `memberName` is the property, collection or action name.
-* `r` indicates that the member is visible
-* `w` indicates that the member is usable (editable or invokable)
-
-Because these are wildcards, a '*' can be used at any level.  Additionally, missing levels assume wildcards.
-
-Thus:
-
-<pre>
-com.mycompany.myapp:Customer:firstName:r,w   # view or edit customer's firstName
-com.mycompany.myapp:Customer:lastName:r      # view customer's lastName only
-com.mycompany.myapp:Customer:placeOrder:*    # view and invoke placeOrder action
-com.mycompany.myapp:Customer:placeOrder      # ditto
-com.mycompany.myapp:Customer:*:r             # view all customer class members
-com.mycompany.myapp:*:*:r                    # view-only access for all classes in myapp package
-com.mycompany.myapp:*:*:*                    # view/edit for all classes in myapp package
-com.mycompany.myapp:*:*                      # ditto
-com.mycompany.myapp:*                        # ditto
-com.mycompany.myapp                          # ditto
-*                                            # view/edit access to everything
-</pre>
-
-
-### Configuring LDAP
-
-Details of configuring the Shiro integration to work against an LDAP server can be found [here](using-ldap.html).

Added: isis/site/trunk/content/components/security/shiro/configuring-shiro.md
URL: http://svn.apache.org/viewvc/isis/site/trunk/content/components/security/shiro/configuring-shiro.md?rev=1435648&view=auto
==============================================================================
--- isis/site/trunk/content/components/security/shiro/configuring-shiro.md (added)
+++ isis/site/trunk/content/components/security/shiro/configuring-shiro.md Sat Jan 19 19:43:47 2013
@@ -0,0 +1,62 @@
+Title: Configuring Shiro
+
+### Quickstart
+
+The [quickstart archetype](../../../getting-started/quickstart-archetype.html) is configured with Shiro using the users, roles and permissions defined in the `WEB-INF/shiro.ini` file.
+
+### Bootstrapping Shiro
+
+Shiro is bootstrapped using the following settings to be added near the top of the `WEB-INF/web.xml` file:
+
+<pre>
+&lt;listener&gt;
+    &lt;listener-class&gt;org.apache.shiro.web.env.EnvironmentLoaderListener&lt;/listener-class&gt;
+&lt;/listener&gt;
+
+&lt;filter&gt;
+    &lt;filter-name&gt;ShiroFilter&lt;/filter-name&gt;
+    &lt;filter-class&gt;org.apache.shiro.web.servlet.ShiroFilter&lt;/filter-class&gt;
+&lt;/filter&gt;
+
+&lt;filter-mapping&gt;
+    &lt;filter-name&gt;ShiroFilter&lt;/filter-name&gt;
+    &lt;url-pattern&gt;/*&lt;/url-pattern&gt;
+&lt;/filter-mapping&gt;
+</pre>
+
+Shiro will then read `WEB-INF/shiro.ini` file to configure its Realm definitions for authentication and authorization.
+
+### Format of Permissions
+
+Shiro converts permission strings (as found in `WEB-INF/shiro.ini`) internally into `WildcardPermission` instances, with allow a permissions to be organized hierarchical and with wildcarding.  
+
+This meets Isis' requirements well; we define the permission strings as follows:
+
+<pre>
+packageName:ClassName:memberName:r,w
+</pre>
+
+where:
+
+* `memberName` is the property, collection or action name.
+* `r` indicates that the member is visible
+* `w` indicates that the member is usable (editable or invokable)
+
+Because these are wildcards, a '*' can be used at any level.  Additionally, missing levels assume wildcards.
+
+Thus:
+
+<pre>
+com.mycompany.myapp:Customer:firstName:r,w   # view or edit customer's firstName
+com.mycompany.myapp:Customer:lastName:r      # view customer's lastName only
+com.mycompany.myapp:Customer:placeOrder:*    # view and invoke placeOrder action
+com.mycompany.myapp:Customer:placeOrder      # ditto
+com.mycompany.myapp:Customer:*:r             # view all customer class members
+com.mycompany.myapp:*:*:r                    # view-only access for all classes in myapp package
+com.mycompany.myapp:*:*:*                    # view/edit for all classes in myapp package
+com.mycompany.myapp:*:*                      # ditto
+com.mycompany.myapp:*                        # ditto
+com.mycompany.myapp                          # ditto
+*                                            # view/edit access to everything
+</pre>
+

Modified: isis/site/trunk/content/documentation.md
URL: http://svn.apache.org/viewvc/isis/site/trunk/content/documentation.md?rev=1435648&r1=1435647&r2=1435648&view=diff
==============================================================================
--- isis/site/trunk/content/documentation.md (original)
+++ isis/site/trunk/content/documentation.md Sat Jan 19 19:43:47 2013
@@ -252,6 +252,7 @@ Title: Documentation
 ### Shiro [1.0.0](components/security/shiro/release-notes/about.html)
 
 - [About](components/security/shiro/about.html)
+- [Configuring Shiro](components/security/shiro/configuring-shiro.html)
 - [Using LDAP](components/security/shiro/using-ldap.html) (1.1.0-SNAPSHOT)
 
 }