You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@shiro.apache.org by bd...@apache.org on 2018/05/04 19:28:08 UTC
svn commit: r1830935 - in /shiro/site/publish: 10-minute-tutorial.html
authentication-features.html authentication.html
java-authentication-guide.html java-authorization-guide.html
what-is-shiro.html
Author: bdemers
Date: Fri May 4 19:28:08 2018
New Revision: 1830935
URL: http://svn.apache.org/viewvc?rev=1830935&view=rev
Log:
merging handful of shiro site PRs
Modified:
shiro/site/publish/10-minute-tutorial.html
shiro/site/publish/authentication-features.html
shiro/site/publish/authentication.html
shiro/site/publish/java-authentication-guide.html
shiro/site/publish/java-authorization-guide.html
shiro/site/publish/what-is-shiro.html
Modified: shiro/site/publish/10-minute-tutorial.html
URL: http://svn.apache.org/viewvc/shiro/site/publish/10-minute-tutorial.html?rev=1830935&r1=1830934&r2=1830935&view=diff
==============================================================================
--- shiro/site/publish/10-minute-tutorial.html (original)
+++ shiro/site/publish/10-minute-tutorial.html Fri May 4 19:28:08 2018
@@ -233,7 +233,7 @@
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#pubid=ra-4d66ef016022c3bd"></script>
<a name="10MinuteTutorial-Introduction"></a>
<h2><a href="#introduction" name="introduction">Introduction</a></h2>
-<p>Welcome to Apache Shiro’s 10 Minute Tutoral!</p>
+<p>Welcome to Apache Shiro’s 10 Minute Tutorial!</p>
<p>By going through this quick and simple tutorial you should fully understand how a developer uses Shiro in their application. And you should be able to do it in under 10 minutes.</p>
<a name="10MinuteTutorial-Overview"></a>
<h2><a href="#overview" name="overview">Overview</a></h2>
Modified: shiro/site/publish/authentication-features.html
URL: http://svn.apache.org/viewvc/shiro/site/publish/authentication-features.html?rev=1830935&r1=1830934&r2=1830935&view=diff
==============================================================================
--- shiro/site/publish/authentication-features.html (original)
+++ shiro/site/publish/authentication-features.html Fri May 4 19:28:08 2018
@@ -251,7 +251,7 @@
<li>
<p><strong>Rich Exception Hierarchy</strong> - Shiro offers a rich exception hierarchy to offered detailed explanations for why a login failed. The hierarchy can help you more easily diagnose code bugs or customer services issues related to authentication. In addition, the richness can help you create more complex authentication functionality if needed.</p></li>
<li>
- <p><strong>‘Remember Me’ built in</strong> - Standard in the Shiro API is the ability to remember your users if they return to your application. You can offer a better user experience to your them with minimal development effort.</p></li>
+ <p><strong>‘Remember Me’ built in</strong> - Standard in the Shiro API is the ability to remember your users if they return to your application. You can offer a better user experience to them with minimal development effort.</p></li>
<li>
<p><strong>Pluggable data sources</strong> - Shiro uses pluggable data access objects (DAOs), called Realms, to connect to security data sources like LDAP and Active Directory. To help you avoid building and maintaining integrations yourself, Shiro provides out-of-the-box realms for popular data sources like LDAP, Active Directory, and JDBC. If needed, you can also create your own realms to support specific functionality not included in the basic realms.</p></li>
<li>
Modified: shiro/site/publish/authentication.html
URL: http://svn.apache.org/viewvc/shiro/site/publish/authentication.html?rev=1830935&r1=1830934&r2=1830935&view=diff
==============================================================================
--- shiro/site/publish/authentication.html (original)
+++ shiro/site/publish/authentication.html Fri May 4 19:28:08 2018
@@ -319,7 +319,7 @@ currentUser.login(token);
<h3>Step 3: Handling Success or Failure</h3>
<p>If the <code>login</code> method returns quietly, that’s it - we’re done! The <code>Subject</code> has been authenticated. The application thread can continue uninterrupted and all further calls to <code>SecurityUtils.getSubject()</code> will return the authenticated <code>Subject</code> instance, and any calls to <code>subject.</code> <a href="static/current/apidocs/org/apache/shiro/subject/Subject.html#isAuthenticated--"><code>isAuthenticated()</code></a> will return <code>true</code>.</p>
<p>But what happens if the login attempt failed? For example, what if the end-user supplied an incorrect password, or accessed the system too many times and maybe their account is locked?</p>
-<p>Shiro has a rich runtime <a href="static/current/apidocs/org/apache/shiro/authz/AuthorizationException.html"><code>AuthenticationException</code></a> hierarchy that can indicate exactly why the attempt failed. You can wrap <code>login</code> in a <code>try/catch</code> block and catch any exception you wish and react to them accordingly. For example:</p>
+<p>Shiro has a rich runtime <a href="static/current/apidocs/org/apache/shiro/authc/AuthenticationException.html"><code>AuthenticationException</code></a> hierarchy that can indicate exactly why the attempt failed. You can wrap <code>login</code> in a <code>try/catch</code> block and catch any exception you wish and react to them accordingly. For example:</p>
<pre><code class="java">try {
currentUser.login(token);
} catch ( UnknownAccountException uae ) { ...
Modified: shiro/site/publish/java-authentication-guide.html
URL: http://svn.apache.org/viewvc/shiro/site/publish/java-authentication-guide.html?rev=1830935&r1=1830934&r2=1830935&view=diff
==============================================================================
--- shiro/site/publish/java-authentication-guide.html (original)
+++ shiro/site/publish/java-authentication-guide.html Fri May 4 19:28:08 2018
@@ -245,7 +245,7 @@
<h2>Terminology you’ll need</h2>
<ul>
<li>
- <p><strong>Subject</strong> - Security specific user ‘view’ of an application user. It can be a human being, a third-party process, a server connecting to you application application, or even a cron job. Basically, it is anything or anyone communicating with your application.</p></li>
+ <p><strong>Subject</strong> - Security specific user ‘view’ of an application user. It can be a human being, a third-party process, a server connecting to you application, or even a cron job. Basically, it is anything or anyone communicating with your application.</p></li>
<li>
<p><strong>Principals</strong> - A subjects identifying attributes. First name, last name, social security number, username</p></li>
<li>
Modified: shiro/site/publish/java-authorization-guide.html
URL: http://svn.apache.org/viewvc/shiro/site/publish/java-authorization-guide.html?rev=1830935&r1=1830934&r2=1830935&view=diff
==============================================================================
--- shiro/site/publish/java-authorization-guide.html (original)
+++ shiro/site/publish/java-authorization-guide.html Fri May 4 19:28:08 2018
@@ -266,7 +266,7 @@
<p>There are two types of roles that you need to be aware of and Shiro will support both.</p>
<a name="JavaAuthorizationGuide-ImplicitRoles"></a>
<h4><a href="#implicit-roles" name="implicit-roles">Implicit Roles</a></h4>
-<p>Most people view roles as what we define as an implicit role where your application <em>implies</em> a set of permissions because a user has a particular role as opposed to the role explicitly being assigned permissions or your application checking for those permissions. Role checks in code are generally a reflection of an implicit role. You can view patient data because you have the <em>administrator</em> role. You can create an account because you have the <em>bank teller</em> role. The fact that these names exist does not have a correlation to what the software can actually do. Most people use roles in this manner. It is easiest but it can create a lot of maintenance and management problems for all the but the simplest application.</p>
+<p>Most people view roles as what we define as an implicit role where your application <em>implies</em> a set of permissions because a user has a particular role as opposed to the role explicitly being assigned permissions or your application checking for those permissions. Role checks in code are generally a reflection of an implicit role. You can view patient data because you have the <em>administrator</em> role. You can create an account because you have the <em>bank teller</em> role. The fact that these names exist does not have a correlation to what the software can actually do. Most people use roles in this manner. It is easiest but it can create a lot of maintenance and management problems for all but the simplest application.</p>
<a name="JavaAuthorizationGuide-ExplicitRoles"></a>
<h4><a href="#explicit-roles" name="explicit-roles">Explicit Roles</a></h4>
<p>An explicit role has permissions <em>explicitly</em> assigned to it and therefore is an <em>explicit</em> collection of permissions. Permission checks in code are a reflection of an explicit role. You can view patient data because because you have the <em>view patient data</em> permission as part of your <em>administrator</em> role. You can create an account because you have the <em>create account</em> permission as part of your <em>bank teller</em> role. You can perform these actions, not because of some implicit role name based on a string but because the corresponding permission was explicitly assigned to your role.</p>
Modified: shiro/site/publish/what-is-shiro.html
URL: http://svn.apache.org/viewvc/shiro/site/publish/what-is-shiro.html?rev=1830935&r1=1830934&r2=1830935&view=diff
==============================================================================
--- shiro/site/publish/what-is-shiro.html (original)
+++ shiro/site/publish/what-is-shiro.html Fri May 4 19:28:08 2018
@@ -230,7 +230,7 @@
<li>Java security should be <em>really easy</em> to understand and use in your own applications.</li>
<li>Existing Java security mechanisms (like JAAS) are too confusing and fall way short in the area of application-level security.</li>
<li>Authentication and Authorization functionality should be as pluggable and flexible as possible.</li>
- <li>Authentication and Authorization are only half of a robust security framework. Enterprise Session Management and easy Cryptography services are the the other half.</li>
+ <li>Authentication and Authorization are only half of a robust security framework. Enterprise Session Management and easy Cryptography services are the other half.</li>
<li><b>Session Management should not be tied to web or EJB applications</b>. We believe Sessions are a business-tier concern that should be accessible in any client or server environment.</li>
<li>Heterogeneous client mediums (HTTP requests, Applets, Java Web Start, C# applications, etc) should be able to participate in the same Session, regardless of the client technology.</li>
<li>Security code should be eliminated as much as possible in favor of a cleaner declarative security model utilizing JDK 1.5 Annotations or XML, whichever you prefer.</li>