You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@isis.apache.org by da...@apache.org on 2013/01/19 20:43:48 UTC
svn commit: r1435648 - in /isis/site/trunk/content:
components/security/shiro/about.md
components/security/shiro/configuring-shiro.md documentation.md
Author: danhaywood
Date: Sat Jan 19 19:43:47 2013
New Revision: 1435648
URL: http://svn.apache.org/viewvc?rev=1435648&view=rev
Log:
isis site - more on shiro
Added:
isis/site/trunk/content/components/security/shiro/configuring-shiro.md
Modified:
isis/site/trunk/content/components/security/shiro/about.md
isis/site/trunk/content/documentation.md
Modified: isis/site/trunk/content/components/security/shiro/about.md
URL: http://svn.apache.org/viewvc/isis/site/trunk/content/components/security/shiro/about.md?rev=1435648&r1=1435647&r2=1435648&view=diff
==============================================================================
--- isis/site/trunk/content/components/security/shiro/about.md (original)
+++ isis/site/trunk/content/components/security/shiro/about.md Sat Jan 19 19:43:47 2013
@@ -8,63 +8,15 @@ The shiro implementation provides integr
- See [release notes](release-notes/about.html).
-### Default Configuration
-The [quickstart archetype](../../../getting-started/quickstart-archetype.html) is configured with Shiro using the users, roles and permissions defined in the `WEB-INF/shiro.ini` file.
+### Further Reading
-Shiro itself reads this file and is bootstrapped using the following settings to be added near the top of the `WEB-INF/web.xml` file:
+- [Configuring Isis to use Shiro](configuring-shiro.html)
-<pre>
-<listener>
- <listener-class>org.apache.shiro.web.env.EnvironmentLoaderListener</listener-class>
-</listener>
+ How to configure an Isis webapp to use the Shiro-based security mechanism
-<filter>
- <filter-name>ShiroFilter</filter-name>
- <filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class>
-</filter>
+- [Configuring Shiro to work with LDAP](using-ldap.html)
-<filter-mapping>
- <filter-name>ShiroFilter</filter-name>
- <url-pattern>/*</url-pattern>
-</filter-mapping>
-</pre>
+ How to configure Shiro itself to work against an LDAP server for both authentication (users/roles) and authorization (roles/permissions).
-### Format of Permissions
-Shiro converts permission strings (as found in `WEB-INF/shiro.ini`) internally into `WildcardPermission` instances, with allow a permissions to be organized hierarchical and with wildcarding.
-
-This meets Isis' requirements well; we define the permission strings as follows:
-
-<pre>
-packageName:ClassName:memberName:r,w
-</pre>
-
-where:
-
-* `memberName` is the property, collection or action name.
-* `r` indicates that the member is visible
-* `w` indicates that the member is usable (editable or invokable)
-
-Because these are wildcards, a '*' can be used at any level. Additionally, missing levels assume wildcards.
-
-Thus:
-
-<pre>
-com.mycompany.myapp:Customer:firstName:r,w # view or edit customer's firstName
-com.mycompany.myapp:Customer:lastName:r # view customer's lastName only
-com.mycompany.myapp:Customer:placeOrder:* # view and invoke placeOrder action
-com.mycompany.myapp:Customer:placeOrder # ditto
-com.mycompany.myapp:Customer:*:r # view all customer class members
-com.mycompany.myapp:*:*:r # view-only access for all classes in myapp package
-com.mycompany.myapp:*:*:* # view/edit for all classes in myapp package
-com.mycompany.myapp:*:* # ditto
-com.mycompany.myapp:* # ditto
-com.mycompany.myapp # ditto
-* # view/edit access to everything
-</pre>
-
-
-### Configuring LDAP
-
-Details of configuring the Shiro integration to work against an LDAP server can be found [here](using-ldap.html).
Added: isis/site/trunk/content/components/security/shiro/configuring-shiro.md
URL: http://svn.apache.org/viewvc/isis/site/trunk/content/components/security/shiro/configuring-shiro.md?rev=1435648&view=auto
==============================================================================
--- isis/site/trunk/content/components/security/shiro/configuring-shiro.md (added)
+++ isis/site/trunk/content/components/security/shiro/configuring-shiro.md Sat Jan 19 19:43:47 2013
@@ -0,0 +1,62 @@
+Title: Configuring Shiro
+
+### Quickstart
+
+The [quickstart archetype](../../../getting-started/quickstart-archetype.html) is configured with Shiro using the users, roles and permissions defined in the `WEB-INF/shiro.ini` file.
+
+### Bootstrapping Shiro
+
+Shiro is bootstrapped using the following settings to be added near the top of the `WEB-INF/web.xml` file:
+
+<pre>
+<listener>
+ <listener-class>org.apache.shiro.web.env.EnvironmentLoaderListener</listener-class>
+</listener>
+
+<filter>
+ <filter-name>ShiroFilter</filter-name>
+ <filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class>
+</filter>
+
+<filter-mapping>
+ <filter-name>ShiroFilter</filter-name>
+ <url-pattern>/*</url-pattern>
+</filter-mapping>
+</pre>
+
+Shiro will then read `WEB-INF/shiro.ini` file to configure its Realm definitions for authentication and authorization.
+
+### Format of Permissions
+
+Shiro converts permission strings (as found in `WEB-INF/shiro.ini`) internally into `WildcardPermission` instances, with allow a permissions to be organized hierarchical and with wildcarding.
+
+This meets Isis' requirements well; we define the permission strings as follows:
+
+<pre>
+packageName:ClassName:memberName:r,w
+</pre>
+
+where:
+
+* `memberName` is the property, collection or action name.
+* `r` indicates that the member is visible
+* `w` indicates that the member is usable (editable or invokable)
+
+Because these are wildcards, a '*' can be used at any level. Additionally, missing levels assume wildcards.
+
+Thus:
+
+<pre>
+com.mycompany.myapp:Customer:firstName:r,w # view or edit customer's firstName
+com.mycompany.myapp:Customer:lastName:r # view customer's lastName only
+com.mycompany.myapp:Customer:placeOrder:* # view and invoke placeOrder action
+com.mycompany.myapp:Customer:placeOrder # ditto
+com.mycompany.myapp:Customer:*:r # view all customer class members
+com.mycompany.myapp:*:*:r # view-only access for all classes in myapp package
+com.mycompany.myapp:*:*:* # view/edit for all classes in myapp package
+com.mycompany.myapp:*:* # ditto
+com.mycompany.myapp:* # ditto
+com.mycompany.myapp # ditto
+* # view/edit access to everything
+</pre>
+
Modified: isis/site/trunk/content/documentation.md
URL: http://svn.apache.org/viewvc/isis/site/trunk/content/documentation.md?rev=1435648&r1=1435647&r2=1435648&view=diff
==============================================================================
--- isis/site/trunk/content/documentation.md (original)
+++ isis/site/trunk/content/documentation.md Sat Jan 19 19:43:47 2013
@@ -252,6 +252,7 @@ Title: Documentation
### Shiro [1.0.0](components/security/shiro/release-notes/about.html)
- [About](components/security/shiro/about.html)
+- [Configuring Shiro](components/security/shiro/configuring-shiro.html)
- [Using LDAP](components/security/shiro/using-ldap.html) (1.1.0-SNAPSHOT)
}