shiro-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From lhazlew...@apache.org
Subject svn commit: r1481417 [7/13] - in /shiro/site: ./ 2010/ 2011/ 2012/ assets/ templates/ trunk/ trunk/2010/ trunk/2010/03/ trunk/2010/03/18/ trunk/2010/06/ trunk/2010/06/01/ trunk/2010/09/ trunk/2010/09/14/ trunk/2010/09/20/ trunk/2010/09/24/ trunk/2010/1...
Date Sat, 11 May 2013 21:10:45 GMT
Added: shiro/site/trunk/how-to-contribute.html
URL: http://svn.apache.org/viewvc/shiro/site/trunk/how-to-contribute.html?rev=1481417&view=auto
==============================================================================
--- shiro/site/trunk/how-to-contribute.html (added)
+++ shiro/site/trunk/how-to-contribute.html Sat May 11 21:10:40 2013
@@ -0,0 +1,85 @@
+<h1><a name="HowtoContribute-ContributingtoApacheShiro"></a>Contributing to Apache Shiro</h1>
+
+<ul><li><a href="#HowtoContribute-introduction">Introduction</a></li><li><a href="#HowtoContribute-help">Help Wanted Here</a></li><li><a href="#HowtoContribute-procedure">Procedure for reporting bugs and issues and enhancement suggestions</a></li><li><a href="#HowtoContribute-svn">SVN Usage</a></li><li><a href="#HowtoContribute-committer">SVN Committers</a></li><li><a href="#HowtoContribute-issues">Procedure for Raising Development Issues</a></li><li><a href="#HowtoContribute-patches">How to prepare and contribute patches</a></li><li><a href="#HowtoContribute-revert">How to revert changes in SVN</a></li><li><a href="#HowtoContribute-tips">Contribution Notes and Tips</a></li></ul>
+
+
+<p><a name="HowtoContribute-introductions"></a></p>
+<h2><a name="HowtoContribute-Introduction"></a>Introduction</h2>
+
+<p>The Shiro Project is an <a class="external-link" href="http://www.opensource.org" rel="nofollow">Open Source</a> volunteer project released under a <a href="license.html" title="License">very liberal license</a>. This means there are many ways to contribute to the project - either with direct participation (coding, documenting, answering questions, proposing ideas, reporting bugs, suggesting bug-fixes, etc..) or by resource donations (staff time, conference presentations, publicity, software) and even general hardware/money <a class="external-link" href="http://www.apache.org/foundation/thanks.html">donations</a> via the <a class="external-link" href="http://www.apache.org">Apache Software Foundation</a>.</p>
+
+<p>To begin with, we suggest you to subscribe to the <a href="mailing-lists.html" title="Mailing Lists">Shiro mailing lists</a> (follow the link for information on how to subscribe and to access the mail list archives). Listen-in for a while, to hear how others make contributions.</p>
+
+<p>You can get your local working copy of the <a href="download.html" title="Download">latest and greatest code</a> by following the directions in our <a href="download.html" title="Download">Download</a> page. Review the To Do list in the <a class="external-link" href="https://issues.apache.org/jira/browse/SHIRO">issue tracker</a> and then choose a task that interests you. Perhaps you have noticed something that needs patching, or have a new feature to contribute. Make the changes, do the testing, generate a patch, and discuss on the <a href="mailing-lists.html" title="Mailing Lists">dev mailing list</a>. (Do not worry - the process is easy and explained below.)</p>
+
+<p>Document writers are usually the most wanted people so if you like to help but you're not familiar with the innermost technical details, don't worry: you can still be tremendously helpful!</p>
+
+<p><a name="HowtoContribute-help"></a></p>
+<h2><a name="HowtoContribute-HelpWantedHere"></a>Help Wanted Here </h2>
+
+<p>You can be a huge help by providing extra assistance in any of the following areas:</p>
+
+<ul><li>Assisting to improve documentation and the website.</li><li>Testing Shiro (especially its less-frequently-used features) on various configurations and reporting back.</li><li>New samples for the 'shiro-sample' to concisely describe and demonstrate features. Such samples can also enable automated testing.</li><li>Debugging - producing reproducible test cases and/or finding causes of bugs. Most bugs are recorded as issues (see <a href="#HowtoContribute-procedure">explanation below</a>).</li><li>Providing new use-cases and requirements. If you think that Shiro does not quite meet your needs then tell us about it on the mailing list.</li><li>Specifying/analysing/designing new features - and beyond. If you wish to get further involved with this, please join the <a href="mailing-lists.html" title="Mailing Lists"><tt>shiro-dev</tt> mailing list</a>, install and try out Shiro and read some of the <a href="mailing-lists.html" title="Mailing Lists">mail archives</a>. You shoul
 d have a reasonable fluency in security technologies, some Java and Maven skills, and a basic understanding of the Shiro architecture - don't just say "it should have XYZ" without reading anything first - because chances are, somebody has already thought of that feature!)</li><li>Packaging easy-to-install packages (such as RPMs) for the myriad of possible configurations out there. (The project does not maintain anything but the basic .zip and .tar.gz packages, but anyone is welcome to build their own specific packages and announce them on the forrest-dev list)</li><li>... and there is just one other thing - don't forget to tell everyone who asks, how great Shiro is! The more people that know about and start to use Shiro, the larger the pool of potential contributors will be.</li></ul>
+
+
+<p><a name="HowtoContribute-procedure"></a></p>
+<h2><a name="HowtoContribute-Procedureforreportingbugsandissuesandenhancementsuggestions"></a>Procedure for reporting bugs and issues and enhancement suggestions</h2>
+
+<p>If you think that you have found a bug or you have a suggestion for improvement, then please discuss it on one of the <a href="mailing-lists.html" title="Mailing Lists">mailing lists</a>. However, please check our <a class="external-link" href="https://issues.apache.org/jira/browse/SHIRO">issue tracker</a> first as it may be already reported.</p>
+
+<p>The <a class="external-link" href="https://issues.apache.org/jira/browse/SHIRO">Apache Shiro Issue Tracker</a> collates our known issues. Obviously not every issue is listed there. Some issues have been discussed on the mailing list but do not yet have an issue recorded.</p>
+
+<p>The Roadmap is the best way to get an overview. The Unscheduled list also needs regular review, and committers will schedule some of those for the next release.</p>
+
+<p>When creating a new issue, please provide a concise Summary Title and a short Description. Add further information as Comments and include links to the mail archives. The normal procedure is to discuss the issue on the mailing list and then add relevant notes to the issue tracker, otherwise it becomes cluttered.</p>
+
+<p><a name="HowtoContribute-svn"></a></p>
+<h2><a name="HowtoContribute-SVNUsage"></a>SVN Usage</h2>
+
+<p>An overview of how to use Subversion (SVN) to participate in Shiro development. Do not be afraid - you cannot accidently destroy the actual code repository, because you are working with a local copy as an anonymous user. Therefore, you do not have the system permissions to change anything. You can only update your local repository and compare your revisions with the real repository. The <a href="download.html" title="Download">Download Shiro</a> page explains how to check-out the code base and build your local copy.</p>
+
+<p><a name="HowtoContribute-committer"></a></p>
+<h2><a name="HowtoContribute-SVNCommitters"></a>SVN Committers</h2>
+
+<p>After a developer has consistently provided contributions (code, documentation and discussion) and demonstrated committment, then the rest of the dev community may vote to grant this developer commit access to the Subversion repository. See the <a class="external-link" href="http://www.apache.org/dev/">ASF developers resources</a> especially the <a class="external-link" href="http://www.apache.org/dev/version-control.html">Source code repositories</a>.</p>
+
+<p><a name="HowtoContribute-issues"></a></p>
+<h2><a name="HowtoContribute-ProcedureforRaisingDevelopmentIssues"></a>Procedure for Raising Development Issues</h2>
+
+<p>There are two methods for discussing development and submitting patches. So that everyone can be productive, it is important to know which method is appropriate for a certain situation and how to go about it without confusion. This section explains when to use the developer <a href="mailing-lists.html" title="Mailing Lists">mailing list</a> and the <a class="external-link" href="https://issues.apache.org/jira/browse/SHIRO">issue tracker</a>.</p>
+
+<p>Research your topic thoroughly before beginning to discuss a new development issue. Search and browse through the email archives - your issue may have been discussed before. Prepare your post clearly and concisely.</p>
+
+<p>Most issues will be discovered, resolved, and then patched quickly via the developer mailing list. Larger issues, and ones that are not yet fully understood or are hard to solve, are destined for the issue tracker.</p>
+
+<p>Experienced developers use the issue tracker directly, as they are very sure when they have found a bug and when not. However, less experienced users should first discuss it on the user or developer mailing list (as appropriate). Impatient people always enter everything into the issue tracker without caring if it is a bug of Shiro or their own installation/configuration mistake - please do not do this.</p>
+
+<p>As a rule-of-thumb, discuss an issue on the developers mailing list first to work out any details. After it is confirmed to be worthwhile, and you are clear about it, then submit the bug description or patch via Bug Tracking.</p>
+
+<p>Perhaps you do not get any answer on your first reply, so just post it again until you get one. (But please not every hour - allow a few days for the list to deal with it.) Bear in mind that other countries will have holidays at different times to your country and that they are in different time zones. You might also consider rewriting your initial posting.  It may have not been clear to the readers on the mailing list.</p>
+
+<p><a name="HowtoContribute-patches"></a></p>
+<h2><a name="HowtoContribute-Howtoprepareandcontributepatches"></a>How to prepare and contribute patches</h2>
+
+<p>If you use the current development version of Shiro via Subversion, then do 'svn update; svn status' to see what files that you have changed. Do 'svn diff &gt; mypatch.txt' to make a patch which includes every change. To make a patch for a specific file, do svn diff <tt>src/documentation/content/xdocs/faq.xml &gt; faq.xml.diff</tt>. It is better to prepare the patch from the <tt>$SHIRO_HOME</tt> directory so that it contains a definite path to the document. However, be careful that the patch does not contain other work-in-progress.</p>
+
+<p>For more information about working with SVN, see <a class="external-link" href="http://svnbook.red-bean.com/" rel="nofollow">Version Control with Subversion</a> - the opensource SVN book.</p>
+
+<p>If you use a downloaded released version of Shiro (or don't use SVN), then use the 'diff' command of your operating system: <tt>diff -u faq.xml.orig faq.xml &gt; mypatch.txt</tt> (better to do that from <tt>$SHIRO_HOME</tt> directory). If you want to use the most recent version of the documentation then grab its source file directly from the <a href="download.html" title="Download">SVN server</a> (and tell us which Revision number you used).</p>
+
+<div class="panelMacro"><table class="noteMacro"><colgroup span="1"><col span="1" width="24"><col span="1"></colgroup><tr><td colspan="1" rowspan="1" valign="top"><img align="middle" src="https://cwiki.apache.org/confluence/images/icons/emoticons/warning.gif" width="16" height="16" alt="" border="0"></td><td colspan="1" rowspan="1"><b>Note</b><br clear="none">Please send all contributions via our <a class="external-link" href="https://issues.apache.org/jira/browse/SHIRO">issue tracker</a>. and specify the Forrest version or svn version of the source.</td></tr></table></div>
+
+<p>It is always a good idea to check the <a class="external-link" href="https://issues.apache.org/jira/browse/SHIRO">Shiro issue tracker</a> before diving in.</p>
+
+<p><a name="HowtoContribute-revert"></a></p>
+<h2><a name="HowtoContribute-HowtorevertchangesinSVN"></a>How to revert changes in SVN</h2>
+
+<p>Check out <a class="external-link" href="http://svnbook.red-bean.com/en/1.0/ch04s04.html#svn-ch-4-sect-4.2" rel="nofollow">http://svnbook.red-bean.com/en/1.0/ch04s04.html#svn-ch-4-sect-4.2</a> for instructions on how to revert (roll back) changes to svn.</p>
+
+<p><a name="HowtoContribute-tips"></a></p>
+<h2><a name="HowtoContribute-ContributionNotesandTips"></a>Contribution Notes and Tips</h2>
+
+<p>This is a collection of tips for contributing to the project in a manner that is productive for all parties.</p>
+
+<ul><li>See general ASF <a class="external-link" href="http://www.apache.org/dev/contrib-email-tips.html">Tips for email contributors</a></li><li>There is no such thing as a dumb question.  Always check the <a href="mailing-lists.html" title="Mailing Lists">archives</a> to see if someone else asked it first and maybe already received an answer.</li><li>Every contribution is worthwhile. Even if the code isn't perfect.  Even if the documentation has typos.  Even if you got it wrong the first time around. Any contribution is a start of something special.  Through your continued effort and the help of the community, your contribution will evolve and get ever closer to "perfect".</li><li>Use sensible and concise email subject headings. Search engines, and humans trying to browse a voluminous list, will respond favourably to a descriptive title.</li><li>Start new threads with new Subject for new topics, rather than reusing the previous Subject line.</li><li>Keep each topic focused
 . If some new topic arises then start a new discussion. This leaves the original topic to continue uncluttered.<br clear="none">
+Whenever you decide to start a new topic, then start with a fresh new email message window. Do not use the "Reply to" button, because threaded mail-readers get confused (they utilise the In-reply-to header). If so, then your new topic will get lost in the previous thread and go unanswered.</li><li>Prepend your email subject line with a marker when that is appropriate, e.g. [Proposal], [RT] (Random Thought which quickly blossom into research topics <img align="middle" class="emoticon" src="https://cwiki.apache.org/confluence/images/icons/emoticons/smile.gif" height="20" width="20" alt="" border="0">, [STATUS] (development status of a certain facility).</li><li>Remember that most people are participating in development on a volunteer basis and in their "spare time". These enthusiasts will attempt to respond to issues. It may take a little while to get your answers.</li><li>Research your topic thoroughly before beginning to discuss a new development issue. Search and browse thr
 ough the email archives - your issue may have been discussed before. Do not just perceive a problem and then rush out with a question - instead, delve.</li><li>Try to at least offer a partial solution and not just a problem statement.</li><li>Take the time to clearly explain your issue and write a concise email message. Less confusion facilitates fast and complete resolution.</li><li>Do not bother to send an email reply that simply says "thanks". When the issue is resolved, that is the finish - end of thread. Reduce clutter.</li><li>You would usually do any development work against the trunk of SVN.</li><li>When sending a patch, you usually do not need to worry about which SVN branch it should be applied to. The maintainers of the repository will decide.</li><li>Keep all project-related discussion on the mailing list. It is much better to utilise the wider audience, rather than to break off into private discussion groups. You never know who else will have the answer to your 
 issues, and anyway other people are interested in the outcome.</li><li>Become familiar with the mailing lists. As you browse and search, you will see the way other people do things. Follow the leading examples.</li></ul>

Added: shiro/site/trunk/inclusionslibrary.html
URL: http://svn.apache.org/viewvc/shiro/site/trunk/inclusionslibrary.html?rev=1481417&view=auto
==============================================================================
--- shiro/site/trunk/inclusionslibrary.html (added)
+++ shiro/site/trunk/inclusionslibrary.html Sat May 11 21:10:40 2013
@@ -0,0 +1,22 @@
+<p>The children of this page contain information which is <b>included in other pages</b>. This is a library of re-usable information chunks. </p>
+
+<p>If you want to change any of these pages, be aware that: </p>
+<ul><li>Changing page names is problematic &#8212; you will need to change all the {include} and {excerpt-include} macros manually.</li><li>The content is used in many places &#8212; make sure your change is generic enough to fit the contexts in which the pages are used.</li></ul>
+
+
+<p>To include an excerpt from a page: </p>
+<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
+<pre class="code-java"> 
+{excerpt-include:_page name|nopanel=<span class="code-keyword">true</span>} 
+</pre>
+</div></div> 
+<p>Note that the page titled '_page name' must contain the {excerpt} macro, otherwise the {excerpt-include} will not work. </p>
+
+<p>To include the entire contents of a page" </p>
+<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
+<pre class="code-java"> 
+{include:page name|nopanel=<span class="code-keyword">true</span>} 
+</pre>
+</div></div> 
+
+<h6><a name="_InclusionsLibrary-ChildrenofthisPage"></a>Children of this Page </h6>

Added: shiro/site/trunk/index.html
URL: http://svn.apache.org/viewvc/shiro/site/trunk/index.html?rev=1481417&view=auto
==============================================================================
--- shiro/site/trunk/index.html (added)
+++ shiro/site/trunk/index.html Sat May 11 21:10:40 2013
@@ -0,0 +1,109 @@
+<div id="main-content">
+
+    <h1>Welcome to Apache Shiro</h1>
+
+    <p>Apache Shiro is a powerful and easy-to-use Java security framework that performs authentication,
+        authorization, cryptography, and session management. With Shiro&#8217;s easy-to-understand API, you can
+        quickly and easily secure any application &#8211; from the smallest mobile applications to the largest web
+        and enterprise applications.</p>
+
+    <a href="authentication-features.html">
+        <div class="service-tabs authentication">
+            <h2>Authentication</h2>
+
+            <p>Support logins across one or more pluggable data soucres (LDAP, JDBC, Active Directory...</p>
+            <span class="more">Read More &gt;&gt;&gt;</span>
+        </div>
+    </a>
+
+    <a href="authorization-features.html">
+        <div class="service-tabs authorization">
+            <h2>Authorization</h2>
+
+            <p>Perform access control based on roles or fine grained permissions, also using plug...</p>
+            <span class="more">Read More &gt;&gt;&gt;</span>
+        </div>
+    </a>
+
+    <a href="cryptography-features.html">
+        <div class="service-tabs cryptography">
+            <h2>Cryptography</h2>
+
+            <p>Secure data with the easiest possible Cryptography API&#8217;s available, giving you...</p>
+            <span class="more">Read More &gt;&gt;&gt;</span>
+        </div>
+    </a>
+
+    <a href="session-management-features.html">
+        <div class="service-tabs session-management">
+            <h2>Session Management</h2>
+
+            <p>Use sessions in any environment, even outside web or EJB containers. Easily...</p>
+            <span class="more">Read More &gt;&gt;&gt;</span>
+        </div>
+    </a>
+
+    <a href="web-features.html">
+        <div class="service-tabs web-integration">
+            <h2>Web Integration</h2>
+
+            <p>Save development time with innovative approaches that easily handle web specific...</p>
+            <span class="more">Read More &gt;&gt;&gt;</span>
+        </div>
+    </a>
+
+    <a href="reference.html">
+        <div class="service-tabs integrations">
+            <h2>Integrations</h2>
+
+            <p>API&#8217;s giving you power and simplicty beyond what Java p[rovides by default...</p>
+            <span class="more">Read More &gt;&gt;&gt;</span>
+        </div>
+    </a>
+
+    <div class="clearfix"></div>
+
+    <table class="video-box" width="640" cellspacing="0" cellpadding="0">
+        <tr>
+            <td colspan="1" rowspan="1">
+                <iframe frameborder="0" scrolling="auto" width="310" height="233"
+                        src="http://www.youtube.com/embed/YJByiDvOhsc?rel=0" allowfullscreen="true"></iframe>
+            </td>
+            <td colspan="1" rowspan="1">
+                <h1>Getting Started</h1>
+                <ul>
+                    <li><a href="http://www.infoq.com/articles/apache-shiro">What is Apache Shiro?</a></li>
+                    <li><a href="10-minute-tutorial.html">10 Minute Tutorial</a></li>
+                    <li><a href="articles.html">More articles...</a></li>
+                </ul>
+            </td>
+        </tr>
+    </table>
+
+</div>
+
+<div id="right-column">
+
+    <a href="download.html"><div class="download"></div></a>
+
+    <h2>News</h2>
+
+    <h3><a href="2012/07/29/apache-shiro-121-released.html">Apache Shiro 1.2.1 Released!</a>
+    </h3>
+
+    <p>The Shiro team is pleased to announce the release of Apache Shiro version 1.2.1.</p>
+    <a href="2012/07/29/apache-shiro-121-released.html"><span class="more">Read More &gt;&gt;&gt;</span></a>
+
+    <h3><a href="2012/03/13/whats-new-in-apache-shiro-12.html">What&#8217;s New in Apache Shiro
+        1.2?</a></h3>
+
+    <p>Here's an article covering some of the main features and enhancements in Apache Shiro 1.2:</p>
+    <a href="2012/03/13/whats-new-in-apache-shiro-12.html"><span class="more">Read More &gt;&gt;&gt;</span></a>
+
+    <h2>Communities Using Shiro</h2>
+
+    <div class="communities"><img src="assets/images/logos.png"></div>
+
+</div>
+
+<div class="clearfix"></div>

Added: shiro/site/trunk/integration.html
URL: http://svn.apache.org/viewvc/shiro/site/trunk/integration.html?rev=1481417&view=auto
==============================================================================
--- shiro/site/trunk/integration.html (added)
+++ shiro/site/trunk/integration.html Sat May 11 21:10:40 2013
@@ -0,0 +1,13 @@
+<h1><a name="Integration-IntegratingApacheShiro"></a>Integrating Apache Shiro</h1>
+
+<p>This part of the documentation covers how to integrate or use Shiro with other technologies and frameworks.</p>
+
+<p><a href="spring.html" title="Spring">Spring Application Framework</a><br clear="none">
+<a href="guice.html" title="Guice">Guice Dependency Injection Framework</a></p>
+
+
+<h2><a name="Integration-Lendahandwithdocumentation"></a>Lend a hand with documentation </h2>
+
+<p>While we hope this documentation helps you with the work you're doing with Apache Shiro, the community is improving and expanding the documentation all the time.  If you'd like to help the Shiro project, please consider corrected, expanding, or adding documentation where you see a need. Every little bit of help you provide expands the community and in turn improves Shiro. </p>
+
+<p>The easiest way to contribute your documentation is to send it to the <a class="external-link" href="http://shiro-user.582556.n2.nabble.com/" rel="nofollow">User Forum</a> or the <a href="mailing-lists.html" title="Mailing Lists">User Mailing List</a>.</p>
\ No newline at end of file

Added: shiro/site/trunk/introduction.html
URL: http://svn.apache.org/viewvc/shiro/site/trunk/introduction.html?rev=1481417&view=auto
==============================================================================
--- shiro/site/trunk/introduction.html (added)
+++ shiro/site/trunk/introduction.html Sat May 11 21:10:40 2013
@@ -0,0 +1,46 @@
+<h1><a name="Introduction-IntroductiontoApacheShiro"></a>Introduction to Apache Shiro</h1>
+
+<h2><a name="Introduction-WhatisApacheShiro%3F"></a>What is Apache Shiro?</h2>
+
+<p>Apache Shiro is a powerful and flexible open-source security framework that cleanly handles authentication, authorization, enterprise session management and cryptography.</p>
+
+<p>Apache Shiro's first and foremost goal is to be easy to use and understand.  Security can be very complex at times, even painful, but it doesn't have to be.  A framework should mask complexities where possible and expose a clean and intuitive API that simplifies the developer's effort to make their application(s) secure.</p>
+
+<p>Here are some things that you can do with Apache Shiro:</p>
+
+<ul><li>Authenticate a user to verify their identity</li><li>Perform access control for a user, such as:
+	<ul><li>Determine if a user is assigned a certain security role or not</li><li>Determine if a user is permitted to do something or not</li></ul>
+	</li><li>Use a Session API in any environment, even without web or EJB containers.</li><li>React to events during authentication, access control, or during a session's lifetime.</li><li>Aggregate 1 or more data sources of user security data and present this all as a single composite user 'view'.</li><li>Enable Single Sign On (SSO) functionality</li><li>Enable 'Remember Me' services for user association without login<br clear="none">
+...<br clear="none">
+and much more - all integrated into a cohesive easy-to-use API.</li></ul>
+
+
+<p>Shiro attempts to achieve these goals for all application environments - from the simplest command line application to the largest enterprise applications, without forcing dependencies on other 3rd party frameworks, containers, or application servers.  Of course the project aims to integrate into these environments wherever possible, but it could be used out-of-the-box in any environment.</p>
+
+<h2><a name="Introduction-ApacheShiroFeatures"></a>Apache Shiro Features</h2>
+
+<p>Apache Shiro is a comprehensive application security framework with many features.  The following diagram shows where Shiro focuses its energy, and this reference manual will be organized similarly:</p>
+
+<p><br clear="none" class="atl-forced-newline">
+<br clear="none" class="atl-forced-newline">
+<span class="image-wrap" style="display: block; text-align: center"><img src="assets/images/ShiroFeatures.png" style="border: 0px solid black"></span>
+<br clear="none" class="atl-forced-newline">
+<br clear="none" class="atl-forced-newline"></p>
+
+<p>Shiro targets what the Shiro development team calls "the four cornerstones of application security" - Authentication, Authorization, Session Management, and Cryptography:</p>
+
+<ul><li><b>Authentication:</b> Sometimes referred to as 'login', this is the act of proving a user is who they say they are.
+<br clear="none" class="atl-forced-newline">
+<br clear="none" class="atl-forced-newline"></li><li><b>Authorization:</b> The process of access control, i.e. determining 'who' has access to 'what'.
+<br clear="none" class="atl-forced-newline">
+<br clear="none" class="atl-forced-newline"></li><li><b>Session Management:</b> Managing user-specific sessions, even in non-web or EJB applications.
+<br clear="none" class="atl-forced-newline">
+<br clear="none" class="atl-forced-newline"></li><li><b>Cryptography:</b> Keeping data secure using cryptographic algorithms while still being easy to use.</li></ul>
+
+
+<p>There are also additional features to support and reinforce these concerns in different application environments, especially:</p>
+
+<ul><li>Web Support: Shiro's web support APIs help easily secure web applications.</li><li>Caching: Caching is a first-tier citizen in Apache Shiro's API to ensure that security operations remain fast and efficient.</li><li>Concurrency: Apache Shiro supports multi-threaded applications with its concurrency features.</li><li>Testing: Test support exists to help you write unit and integration tests and ensure your code will be secured as expected.</li><li>"Run As": A feature that allows users to assume the identity of another user (if they are allowed), sometimes useful in administrative scenarios.</li><li>"Remember Me": Remember users' identities across sessions so they only need to log in when mandatory.</li></ul>
+
+
+<p></p>
\ No newline at end of file

Added: shiro/site/trunk/issues.html
URL: http://svn.apache.org/viewvc/shiro/site/trunk/issues.html?rev=1481417&view=auto
==============================================================================
--- shiro/site/trunk/issues.html (added)
+++ shiro/site/trunk/issues.html Sat May 11 21:10:40 2013
@@ -0,0 +1,13 @@
+<h2><a name="Issues-ApacheShiroBug%26IssueTracking"></a>Apache Shiro Bug &amp; Issue Tracking</h2>
+
+<p>Apache Shiro uses Atlassian Jira for tracking  tasks, feature requests, bugs, and other issues related to the project development.</p>
+
+<h2><a name="Issues-UsageGuidelines"></a>Usage Guidelines</h2>
+
+<p>Jira is provided as a Shiro software development resource. It is meant to be for managing bugs, tasks and improvements in the software itself - it is not a support portal to ask for advice or help. For community advice and help in using Apache Shiro, please visit the <a href="support.html" title="Support">Support</a> page.</p>
+
+<p><b>Prior to using Jira, we ask that:</b></p>
+<ul><li>You do your due diligence to ensure a suspected error is actually a bug.</li><li>You search the issue tracker to ensure what you want to report has not already been reported by someone else.</li><li>If your problem is actually a bug, we would appreciate it if you could attach a simple JUnit test case that allows us to repeat the problem so we can fix it as fast as possible.</li><li>If a unit test is not available (please really try to make one!), attach a stack trace and Shiro's TRACE or DEBUG log output.</li><li>If you've already fixed the problem, please submit a patch and we'll likely include it in the next release.</li></ul>
+
+
+<h2><a name="Issues-ClickheretovisittheApacheShiroJiraissuetrackerhttps%3A%2F%2Fissues.apache.org%2Fjira%2Fbrowse%2FSHIRO"></a><a class="external-link" href="https://issues.apache.org/jira/browse/SHIRO">Click here to visit the Apache Shiro Jira issue tracker</a> </h2>
\ No newline at end of file

Added: shiro/site/trunk/java-annotations-list.html
URL: http://svn.apache.org/viewvc/shiro/site/trunk/java-annotations-list.html?rev=1481417&view=auto
==============================================================================
--- shiro/site/trunk/java-annotations-list.html (added)
+++ shiro/site/trunk/java-annotations-list.html Sat May 11 21:10:40 2013
@@ -0,0 +1,17 @@
+<h1><a name="JavaAnnotationsList-JavaAnnotationsList"></a>Java Annotations List</h1>
+
+<p>Below are a list of the different Shiro annotations you can use in your application.</p>
+
+<ul><li><b><a class="external-link" href="static/current/apidocs/org/apache/shiro/authz/annotation/RequiresAuthentication.html">RequiresAuthentication</a></b> - Requires the current Subject to have been authenticated during their current session for the annotated class/instance/method to be accessed or invoked</li></ul>
+
+
+<ul><li><b><a class="external-link" href="static/current/apidocs/org/apache/shiro/authz/annotation/RequiresGuest.html">RequiresGuest</a></b> - Requires the current Subject to be a "guest", that is, they are not authenticated or remembered from a previous session for the annotated class/instance/method to be accessed or invoked.</li></ul>
+
+
+<ul><li><b><a class="external-link" href="static/current/apidocs/org/apache/shiro/authz/annotation/RequiresPermissions.html">RequiresPermissions</a></b> - Requires the current executor's Subject to imply a particular permission in order to execute the annotated method. If the executor's associated Subject determines that the executor does not imply the specified permission, the method will not be executed.</li></ul>
+
+
+<ul><li><b><a class="external-link" href="static/current/apidocs/org/apache/shiro/authz/annotation/RequiresRoles.html">RequiresRoles</a></b> - Requires the currently executing Subject to have all of the specified roles. If they do not have the role(s), the method will not be executed and an AuthorizationException is thrown.</li></ul>
+
+
+<ul><li><b><a class="external-link" href="static/current/apidocs/org/apache/shiro/authz/annotation/RequiresUser.html">RequiresUser</a></b> - Requires the current Subject to be an application user for the annotated class/instance/method to be accessed or invoked.</li></ul>

Added: shiro/site/trunk/java-annotations.html
URL: http://svn.apache.org/viewvc/shiro/site/trunk/java-annotations.html?rev=1481417&view=auto
==============================================================================
--- shiro/site/trunk/java-annotations.html (added)
+++ shiro/site/trunk/java-annotations.html Sat May 11 21:10:40 2013
@@ -0,0 +1,15 @@
+<h1><a name="JavaAnnotations-JavaAnnotationSupport"></a>Java Annotation Support</h1>
+<p>Before you can use Java annotations, you'll need to enable AOP support in your application. There are a number of different AOP frameworks so, unfortunately, there is no standard way to enable AOP in an application.</p>
+
+<p>For AspectJ, you can review our <a class="external-link" href="http://svn.apache.org/repos/asf/shiro/trunk/samples/aspectj/">AspectJ sample application</a>.</p>
+
+<p>For Spring, you can look into our <a href="spring.html" title="Spring">Spring Integration</a> documentation.</p>
+
+<h2><a name="JavaAnnotations-Shiro%27sJavaAnnotations."></a>Shiro's Java Annotations.</h2>
+<p>Once you have AOP enabled in our application, you can use Shiro's set of annotations found in the <a href="java-annotations-list.html" title="Java Annotations List">Java Annotations List</a></p>
+
+<h2><a name="JavaAnnotations-Lendahandwithdocumentation"></a>Lend a hand with documentation </h2>
+
+<p>While we hope this documentation helps you with the work you're doing with Apache Shiro, the community is improving and expanding the documentation all the time.  If you'd like to help the Shiro project, please consider corrected, expanding, or adding documentation where you see a need. Every little bit of help you provide expands the community and in turn improves Shiro. </p>
+
+<p>The easiest way to contribute your documentation is to send it to the <a class="external-link" href="http://shiro-user.582556.n2.nabble.com/" rel="nofollow">User Forum</a> or the <a href="mailing-lists.html" title="Mailing Lists">User Mailing List</a>.</p>
\ No newline at end of file

Added: shiro/site/trunk/java-authentication-guide.html
URL: http://svn.apache.org/viewvc/shiro/site/trunk/java-authentication-guide.html?rev=1481417&view=auto
==============================================================================
--- shiro/site/trunk/java-authentication-guide.html (added)
+++ shiro/site/trunk/java-authentication-guide.html Sat May 11 21:10:40 2013
@@ -0,0 +1,157 @@
+<h1><a name="JavaAuthenticationGuide-JavaAuthenticationGuidewithApacheShiro"></a>Java Authentication Guide with Apache Shiro</h1>
+
+
+<div class="addthis_toolbox addthis_default_style">
+<a class="addthis_button_compact" href="http://www.addthis.com/bookmark.php?v=250&amp;pubid=ra-4d66ef016022c3bd">Share</a>
+<span class="addthis_separator">|</span>
+<a class="addthis_button_preferred_1"></a>
+<a class="addthis_button_preferred_2"></a>
+<a class="addthis_button_preferred_3"></a>
+<a class="addthis_button_preferred_4"></a>
+</div>
+<script type="text/javascript">var addthis_config = {"data_track_clickback":true};</script>
+<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#pubid=ra-4d66ef016022c3bd"></script>
+
+
+<p><br clear="none" class="atl-forced-newline">
+Authentication is the process of identity verification-- you are trying to prove a user is who they say they are. To do so, a user needs to provide some sort of proof of identity that your system understands and trust.</p>
+
+<p>The goal of this guide is to walk you through how Authentication in Java is preformed in Shiro. If you haven't already please take moment and go through Shiro's <a href="10-minute-tutorial.html" title="10 Minute Tutorial">10 Minute Tutorial</a> so that you get a basic understanding of how to work with Shiro.</p>
+
+<h2><a name="JavaAuthenticationGuide-Terminologyyou%27llneed"></a>Terminology you'll need</h2>
+
+<ul><li><b>Subject</b> - Security specific user 'view' of an application user.  It can be a human being, a third-party process, a server connecting to you application application, or even a cron job.  Basically, it is anything or anyone communicating with your application.</li></ul>
+
+
+<ul><li><b>Principals</b> - A subjects identifying attributes.  First name, last name, social security number, username</li></ul>
+
+
+<ul><li><b>Credentials</b> - secret data that are used to verify identities.  Passwords, Biometric data, x509 certificates,</li></ul>
+
+
+<ul><li><b>Realms</b> - Security specific DAO, data access object, software component that talkts to a backend data source. If you have usernames and password in LDAP, then you would have an LDAP Realm that would communicate with LDAP.  The idea is that you would use a realm per back-end data source and Shiro would know how to coordinate with these realms together to do what you have to do.</li></ul>
+
+
+<h2><a name="JavaAuthenticationGuide-HowtoAuthenticateinJavawithShiro"></a>How to Authenticate in Java with Shiro</h2>
+
+<p>In Shiro's framework, and most every other framework for that matter, the Java authentication process can be broken up into three distinct steps.</p>
+
+<h3><a name="JavaAuthenticationGuide-Steps"></a>Steps</h3>
+
+<ol><li>Collect the subject's principals and credentials</li><li>Submit the principals and credentials to an authentication system.</li><li>Allow access, retry authentication, or block access</li></ol>
+
+
+<p>Here is some code on how you do this in Shiro Specifically.</p>
+
+<h3><a name="JavaAuthenticationGuide-Step1Collectthesubject%27sprincipalsandcredentials"></a>Step 1 - Collect the subject's principals and credentials</h3>
+
+<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
+<pre class="code-java">
+<span class="code-comment">//Example using most common scenario:
+</span><span class="code-comment">//<span class="code-object">String</span> username and password.  Acquire in
+</span><span class="code-comment">//system-specific manner (HTTP request, GUI, etc)
+</span>
+UsernamePasswordToken token =
+ <span class="code-keyword">new</span> UsernamePasswordToken( username, password );
+
+<span class="code-comment">//&#8221;Remember Me&#8221; built-in, just <span class="code-keyword">do</span> <span class="code-keyword">this</span>:
+</span>token.setRememberMe(<span class="code-keyword">true</span>);
+
+</pre>
+</div></div>
+
+<p>In this particular case, we&#8217;re using a class called <a class="external-link" href="static/current/apidocs/org/apache/shiro/authc/UsernamePasswordToken.html">UsernamePasswordToken</a>.  It is the most common authentication token used in the framework.</p>
+
+<p>We use this token to bundle the username and password we acquired in someway in our Java application.  Maybe they were submitted via a user web form, an HTTP header, or a command line. In Shiro, it does not matter how you acquire them-- it is protocol agnostic.</p>
+
+<p>In this example, we have decided that we want the application to remember users when they return.  So once the token is created, we use Shiro's built-in "Remember-me" feature by setting it to true on the token.  This is done using the token's <tt><a class="external-link" href="static/current/apidocs/org/apache/shiro/authc/UsernamePasswordToken.html#setRememberMe(boolean)">setRememberMe()</a></tt> method</p>
+
+<h3><a name="JavaAuthenticationGuide-Step2Submittheprincipalsandcredentialstoanauthenticationsystem."></a>Step 2 - Submit the principals and credentials to an authentication system.</h3>
+<p>So we&#8217;ve collected the information in a token and set it to remember returning users. The next step is in the Authentication process is to submit the token to an authentication system. Your authentication system is represented in Shiro by security-specific DAOs, that are referred to as <a class="external-link" href="static/current/apidocs/">Realms</a>.  For more information on realms please check out the <a class="external-link" href="realm.html">Shiro Realm Guide</a>.</p>
+
+<p>In Shiro we try to make this part as quick and easy as humanly possible.  We have it down to one line of Java code!</p>
+
+<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
+<pre class="code-java">
+<span class="code-comment">//With most of Shiro, you'll always want to make sure you're working with the currently executing user, referred to as the subject
+</span>Subject currentUser = SecurityUtils.getSubject();
+
+<span class="code-comment">//Authenticate the subject by passing
+</span><span class="code-comment">//the user name and password token
+</span><span class="code-comment">//into the login method
+</span>currentUser.login(token);
+</pre>
+</div></div>
+
+<p>First, we need to acquire the currently executing user, referred to as the subject.   A subject is just a security specific view of the user----it can be a human, a process, cron job, doesn&#8217;t matter. In Shiro, there is always a subject instance available to the currently executing thread.  The concept of a subject is core to Shiro and most of the framework is centered around working with subjects. In this example, we will name this instance of subject currentUser.</p>
+
+<p>To acquire the subject, we use the <a class="external-link" href="static/current/apidocs/org/apache/shiro/SecurityUtils.html">SecurityUtils</a> class which is also a core pat of Shiro's API.  It will acquire the currently executing user via the <tt><a class="external-link" href="static/current/apidocs/org/apache/shiro/SecurityUtils.html#getSubject()">getsubject()</a></tt> method call.  And we get back a subject instance that is representing who the current user is who is interacting with the system.  At this point in the example, the subject currentUser is anonymous.  There is no identity associated with them.</p>
+
+<p>Now with the user representation in hand, we authenticate them by just calling the <tt><a class="external-link" href="static/current/apidocs/org/apache/shiro/subject/Subject.html#login(org.apache.shiro.authc.AuthenticationToken))">login()</a></tt> method and submit the token we just constructed a second ago.</p>
+
+<h3><a name="JavaAuthenticationGuide-Step3Allowaccess%2Cretryauthentication%2Corblockaccess"></a>Step 3 - Allow access, retry authentication, or block access</h3>
+<p>Again really, really easy, single method call.  If the <tt>login()</tt> method call is successful, then the user is logged in and associated with a user account or identity.  From here, the user can go about using your application and retain their identity through their session or longer since we have set the "Remember Me" in our example.</p>
+
+<p>But what happens if something fails in the authentication attempt?  What if they give you the wrong password or they accessed the system too many times, maybe their account is locked?  In this case, Shiro will throw an exception. This is where Shiro's rich exception hierarchy comes into play.</p>
+
+<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
+<pre class="code-java">
+<span class="code-keyword">try</span> {
+    currentUser.login(token);
+} <span class="code-keyword">catch</span> ( UnknownAccountException uae ) { ...
+} <span class="code-keyword">catch</span> ( IncorrectCredentialsException ice ) { ...
+} <span class="code-keyword">catch</span> ( LockedAccountException lae ) { ...
+} <span class="code-keyword">catch</span> ( ExcessiveAttemptsException eae ) { ...
+} ... <span class="code-keyword">catch</span> your own ...
+} <span class="code-keyword">catch</span> ( AuthenticationException ae ) {
+    <span class="code-comment">//unexpected error?
+</span>}
+<span class="code-comment">//No problems, show authenticated view&#8230;</span>
+</pre>
+</div></div>
+
+<p>You can take that method call and wrap it in a try/catch block and you can catch all sort of exceptions if you want to handle them and react accordingly.  In addition to a rich set of exceptions that Shiro offers, you can create your own if you need custom functionality.  For more information, follow this link documentation on <a class="external-link" href="static/current/apidocs/org/apache/shiro/authc/AuthenticationException.html">AuthenticationException</a>.</p>
+
+<div class="panelMacro"><table class="tipMacro"><colgroup span="1"><col span="1" width="24"><col span="1"></colgroup><tr><td colspan="1" rowspan="1" valign="top"><img align="middle" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" width="16" height="16" alt="" border="0"></td><td colspan="1" rowspan="1"><b>Security Tip</b><br clear="none">Security best practice is to give generic login failure messages to users because you do not want to aid an attacker trying to break into your system.</td></tr></table></div>
+
+<h2><a name="JavaAuthenticationGuide-%22RememberMe%22Support"></a>"Remember Me" Support</h2>
+
+<p>As shown in the example above, Shiro supports the notion of "remember me" in adition to the normal login process. &#160;</p>
+
+<p>In Shiro, the Subject object supports two methods : <tt><a class="external-link" href="static/current/apidocs/org/apache/shiro/subject/Subject.html#isRemembered()">isRemembered()</a></tt> and <tt><a class="external-link" href="static/current/apidocs/org/apache/shiro/subject/Subject.html#isAuthenticated()">isAuthenticated()</a></tt>.</p>
+
+<p>A "remembered" subject has an identity (it is not anonymous) and their identifying attributes,referred to as principals, are remembered from a successful authentication during a previous session.</p>
+
+<p>An authenticated subject has proved their identity <em>during their current session</em>.</p>
+
+<div class="panelMacro"><table class="warningMacro"><colgroup span="1"><col span="1" width="24"><col span="1"></colgroup><tr><td colspan="1" rowspan="1" valign="top"><img align="middle" src="https://cwiki.apache.org/confluence/images/icons/emoticons/forbidden.gif" width="16" height="16" alt="" border="0"></td><td colspan="1" rowspan="1"><b>Warning</b><br clear="none">If a subject is remembered, it DOES NOT mean they are authenticated.</td></tr></table></div>
+
+<h3><a name="JavaAuthenticationGuide-RememberedvsAuthenticated"></a>Remembered vs Authenticated</h3>
+<p>In shiro it is very important to note that a remembered subject is not an authenticated subject. A check against <tt>isAuthenticated()</tt> is a much more strict check because authentication is the process of proving you are who you say you are. When a user is only remembered, the remembered identity gives the system an idea who that user probably is, but in reality, has no way of absolutely guaranteeing if the remembered Subject represents the user currently using the application. Once the subject is authenticated, they are no longer considered only remembered because their identity would have been verified during the current session.</p>
+
+<p>So although many parts of the application can still perform user-specific logic based on the remembered principals, such as customized views, it should never perform highly-sensitive operations until the user has legitimately verified their identity by executing a successful authentication attempt.</p>
+
+<p>For example, a check to see if a subject can access financial information should almost always depend on <tt>isAuthenticated()</tt>, not <tt>isRemembered()</tt>, to guarantee a verified identity.</p>
+
+<p>He is a scenario to help illustrate why the the distinction between isAuthenticated and isRemembered is important.</p>
+
+<p>Let's say you're using Amazon.com. You log in and you add some books to your shopping cart.  A day goes by.  Of course your user session has expired and you've been logged out. But Amazon "remembers" you, greets you by name, and is still giving you personalized book recommendations.  To Amazon, <tt>isRemembered()</tt> would return <tt>TRUE</tt>.  What happens if you try to use one of the credit cards on file or change your account information?  While Amazon "remembers" you, <tt>isRemembered() = TRUE</tt>, it is not certain that you are in fact you, <tt>isAuthenticated()=FALSE</tt>.  So before you can perform a sensitive action Amazon needs to verify your identity by forcing an authentication process which it does through a login screen.  After the login, your identity has been verified and <tt>isAuthenticated()=TRUE</tt>.</p>
+
+<p>This scenario happens very often over the web so the functionality is built into Shiro helping you easily make the distinction yourself.</p>
+
+<h2><a name="JavaAuthenticationGuide-LoggingOut"></a>Logging Out</h2>
+<p>Finally, when the user is done using the application, they can log out.  And in Shiro, we make logging out quick and easy with a single method call.</p>
+
+<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
+<pre class="code-java">
+currentUser.logout(); <span class="code-comment">//removes all identifying information and invalidates their session too.</span>
+</pre>
+</div></div>
+
+<p>When you log out in Shiro it will close out the user session and removes any associated identity from the subject instance.  If you're using RememberMe in a web environment, then <tt>.logout()</tt> will, by default, also delete the RememberMe cookie from the browser.</p>
+
+<h2><a name="JavaAuthenticationGuide-Lendahandwithdocumentation"></a>Lend a hand with documentation </h2>
+
+<p>While we hope this documentation helps you with the work you're doing with Apache Shiro, the community is improving and expanding the documentation all the time.  If you'd like to help the Shiro project, please consider corrected, expanding, or adding documentation where you see a need. Every little bit of help you provide expands the community and in turn improves Shiro. </p>
+
+<p>The easiest way to contribute your documentation is to send it to the <a class="external-link" href="http://shiro-user.582556.n2.nabble.com/" rel="nofollow">User Forum</a> or the <a href="mailing-lists.html" title="Mailing Lists">User Mailing List</a>.</p>
\ No newline at end of file

Added: shiro/site/trunk/java-authorization-guide.html
URL: http://svn.apache.org/viewvc/shiro/site/trunk/java-authorization-guide.html?rev=1481417&view=auto
==============================================================================
--- shiro/site/trunk/java-authorization-guide.html (added)
+++ shiro/site/trunk/java-authorization-guide.html Sat May 11 21:10:40 2013
@@ -0,0 +1,219 @@
+<h1><a name="JavaAuthorizationGuide-JavaAuthorizationGuidewithApacheShiro"></a>Java Authorization Guide with Apache Shiro</h1>
+
+
+<div class="addthis_toolbox addthis_default_style">
+<a class="addthis_button_compact" href="http://www.addthis.com/bookmark.php?v=250&amp;pubid=ra-4d66ef016022c3bd">Share</a>
+<span class="addthis_separator">|</span>
+<a class="addthis_button_preferred_1"></a>
+<a class="addthis_button_preferred_2"></a>
+<a class="addthis_button_preferred_3"></a>
+<a class="addthis_button_preferred_4"></a>
+</div>
+<script type="text/javascript">var addthis_config = {"data_track_clickback":true};</script>
+<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#pubid=ra-4d66ef016022c3bd"></script>
+
+
+<p><br clear="none" class="atl-forced-newline">
+Authorization, or access control, is the function of specifying access rights to resources.  In other words, <em>who</em> has access to <em>what</em>.</p>
+
+<p>Examples of authorization checks are: Is the user allowed to look at this webpage, edit this data, view this button, or print to this printer?  Those are all decisions determining what a user has access to.</p>
+
+<h2><a name="JavaAuthorizationGuide-ElementsofAuthorization"></a>Elements of Authorization</h2>
+<p>Authorization has three core elements that we reference quite a bit in Shiro-- permissions, roles, and users.  </p>
+
+<h3><a name="JavaAuthorizationGuide-PermissionsDefined"></a>Permissions Defined</h3>
+<p>Permissions are the most atomic level of a security policy and they are statements of functionality. Permissions represent what can be done in your application.  A well formed permission describes a resource types and what actions are possible when you interact with those resources.    Can you <em>open</em> a <em>door</em>?  Can you <em>read</em> a <em>file</em>? Can you <em>delete</em> a <em>customer record</em>? Can you <em>push</em> a <em>button</em>? </p>
+
+<p>Common actions for data-related resources are create, read, update, and delete, commonly referred to as CRUD.</p>
+
+<p>It is important to understand that permissions do not have knowledge of <em>who</em> can perform the actions-- they are just statements of <em>what</em> actions can be performed.</p>
+
+<h4><a name="JavaAuthorizationGuide-Levelsofpermissiongranularity"></a>Levels of permission granularity</h4>
+<p>The permissions above all specify an actions (open, read, delete, etc) on a resource (door, file, customer record, etc).  In Shiro, you can define a permission to any depth you like.  Here are a few common permission levels in order of granularity.</p>
+
+<ul><li>Resource Level - This is the broadest and easiest to build.  A user can edit customer records or open doors.  The resource is specified but not a specific instance of that resource.</li><li>Instance Level - The permission specifies the instance of a resource.  A user can edit the customer record for IBM or open the kitchen door.</li><li>Attribute Level - The permission now specifies an attribute of an instance or resource.  A user can edit the address on the IBM customer record.</li></ul>
+
+
+<p>For more information on Permissions please check out the <a href="permissions.html" title="Permissions">Permissions Documentation</a></p>
+
+<h3><a name="JavaAuthorizationGuide-RolesDefined"></a>Roles Defined</h3>
+<p>In the context of Authorization, Roles are effectively a collection of permissions used to simplify the management of permissions and users.  So users can be assigned roles instead of being assigned permissions directly, which can get complicated with larger user bases and more complex applications.  So, for example, a bank application might have an <em>administrator</em> role or a <em>bank teller</em> role.</p>
+
+<p>There are two types of roles that you need to be aware of and Shiro will support both.</p>
+
+<h4><a name="JavaAuthorizationGuide-ImplicitRoles"></a>Implicit Roles</h4>
+<p>Most people view roles as what we define as an implicit role where your application <em>implies</em> a set of permissions because a user has a particular role as opposed to the role explicitly being assigned permissions or your application checking for those permissions.  Role checks in code are generally a reflection of an implicit role.  You can view patient data because you have the <em>administrator</em> role.  You can create an account because you have the <em>bank teller</em> role.  The fact that these names exist does not have a correlation to what the software can actually do.  Most people use roles in this manner.  It is easiest but it can create a lot of maintenance and management problems for all the but the simplest application.</p>
+
+<h4><a name="JavaAuthorizationGuide-ExplicitRoles"></a>Explicit Roles</h4>
+<p>An explicit role has permissions <em>explicitly</em> assigned to it and therefore is an <em>explicit</em> collection of permissions.  Permission checks in code are a reflection of an explicit role.  You can view patient data because because you have the <em>view patient data</em> permission as part of your <em>administrator</em> role.  You can create an account because you have the <em>create account</em> permission as part of your <em>bank teller</em> role.  You can perform these actions, not because of some implicit role name based on a string but because the corresponding permission was explicitly assigned to your role.</p>
+
+<p>The big benefits of explicit roles are easier manageability and lower maintenance of your application.  If you ever need to add, remove, or change a role, you can do so without touching your source code.  And in Shiro, you'll also be able to dynamically add, remove, or change roles at runtime and your authorization checks will always have up to date values.  This means you won't have to force users to log out and log back in order to get their new permissions.</p>
+
+<h3><a name="JavaAuthorizationGuide-UsersDefined"></a>Users Defined</h3>
+<p>A user is the "who" of an application.  In Shiro, though, the concept of a user is really the <a href="subject.html" title="Subject">Subject</a> instance.  We use word Subject instead of user because user usually implies a human being and in Shiro a Subject can be anything interacting with your application-- whether it be a human or a service.  </p>
+
+<p>Users are allowed to perform certain actions in your application through their association with roles or direct permissions.  So you are able to open a customer record because you've been assigned the <em>open customer record</em> permission, either through a role you've been assigned or through a direct permission assignment.</p>
+
+<p>For more information on Users, aka Subjects, please check out the <a href="subject.html" title="Subject">Subject Documentation</a>.</p>
+
+<div class="panelMacro"><table class="infoMacro"><colgroup span="1"><col span="1" width="24"><col span="1"></colgroup><tr><td colspan="1" rowspan="1" valign="top"><img align="middle" src="https://cwiki.apache.org/confluence/images/icons/emoticons/information.gif" width="16" height="16" alt="" border="0"></td><td colspan="1" rowspan="1">Ultimately, your <a href="realm.html" title="Realm">Realm</a> implementation is what communicates with your data source (RDBMS, LDAP, etc). So your realm is what will tell Shiro whether or not roles or permissions exist. You have full control over how your authorization model works.</td></tr></table></div>
+
+<h2><a name="JavaAuthorizationGuide-HowtoperformAuthorizationinJavawithShiro"></a>How to perform Authorization in Java with Shiro</h2>
+<p>Authorization in Shiro can be handled in four ways.</p>
+
+<ul><li>Programmatically - You can perform authorization checks in your java code with structures like <tt>if</tt> and <tt>else</tt> blocks.</li><li>JDK annotations - You can attach an authorization annotation to your Java methods</li><li>JSP/GSP TagLibs - You can control jsp or gsp page output based on roles and permissions</li></ul>
+
+
+<h3><a name="JavaAuthorizationGuide-ProgrammaticAuthorization"></a>Programmatic Authorization</h3>
+<p>Checking for permissions and roles, programmatically in your Java code is the traditional way of handling authorization.  Here's how you can perform a permission check or role check in Shiro.</p>
+
+<h4><a name="JavaAuthorizationGuide-RoleCheck"></a>Role Check</h4>
+<p>This is an example of how you do a role check programmatically in your application.  We want to check if a user has the <em>administrator</em> role and if they do, then we'll show a special button, otherwise we won't show it.</p>
+
+<p>First we get access to the current user, the <a href="subject.html" title="Subject">Subject</a>. Then we pass the <em>adminstrator</em> to the Subject's <tt><a class="external-link" href="static/current/apidocs/org/apache/shiro/subject/Subject.html#hasRole(java.lang.String)">.hasRole()</a></tt> method.  It will return <tt>TRUE</tt> or <tt>FALSE</tt>.  </p>
+
+<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
+<pre class="code-java">
+<span class="code-comment">//get the current Subject
+</span>Subject currentUser =
+    SecurityUtils.getSubject();
+
+<span class="code-keyword">if</span> (currentUser.hasRole(&#8220;administrator&#8221;)) {
+    <span class="code-comment">//show a special button&#8207;
+</span>} <span class="code-keyword">else</span> {
+    <span class="code-comment">//don&#8217;t show the button?)&#8207;
+</span>}
+</pre>
+</div></div>
+
+<p>Now a role based check is quick and easy to implement but it has a major drawback. It is implicit.</p>
+
+<p>What if you just want to add, remove, or redefine a role later?  You'll have to crack open your source code and change all your role checks to reflect the change in your security model. You'll have to shut down the application, crack open the code, test it, and then restart it everytime.  </p>
+
+<p>In very simple applications this is probably good enough but for larger apps this can be a major problem throughout the life of your application and drive a large maintenance cost for your software.  </p>
+
+<h4><a name="JavaAuthorizationGuide-PermissionCheck"></a>Permission Check</h4>
+<p>This is an example of how you do security checks by permission. We want to check if a user has permission to print to laserjet3000n and if they do, then we'll show a print button, otherwise we won't show it. This is an example of an instance level permission or instance level authorization.</p>
+
+<p>Again, first you get access to the current user, the <a href="subject.html" title="Subject">Subject</a>.  Then you construct a <tt><a class="external-link" href="static/current/apidocs/org/apache/shiro/authz/Permission.html">Permission</a></tt> object or an instance that represents an action on a resource. In this case, the instance is named <tt>printerPermission</tt>, the resource is <em>laserjet3000n</em>, and the action is <em>print</em>.   Then we pass <tt>printerPermission</tt> to the Subject's <tt><a class="external-link" href="static/current/apidocs/org/apache/shiro/subject/Subject.html#isPermitted(java.util.List)">.isPermitted()</a></tt> method.  It will return true or false.  </p>
+
+<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
+<pre class="code-java">
+Subject currentUser =
+    SecurityUtils.getSubject();
+
+Permission printPermission = 
+<span class="code-keyword">new</span> PrinterPermission(&#8220;laserjet3000n&#8221;,&#8220;print&#8221;);
+
+If (currentUser.isPermitted(printPermission)) {
+    <span class="code-comment">//<span class="code-keyword">do</span> one thing (show the print button?)&#8207;
+</span>} <span class="code-keyword">else</span> {
+    <span class="code-comment">//don&#8217;t show the button?
+</span>}
+</pre>
+</div></div>
+
+<h4><a name="JavaAuthorizationGuide-PermissionCheck%28Stringbased%29"></a>Permission Check (String-based)</h4>
+<p>You can also a permission check using a simple string instead of a permission class.</p>
+
+<p>So, if you don't want to implement our <a class="external-link" href="static/current/apidocs/org/apache/shiro/authz/Permission.html">permission interface</a> then you just pass in a String.  In this example, we pass the <tt>.isPermitted()</tt> method a string, <tt>printer:print:LaserJet4400n</tt></p>
+
+<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
+<pre class="code-java">
+<span class="code-object">String</span> perm = &#8220;printer:print:laserjet4400n&#8221;;
+
+<span class="code-keyword">if</span>(currentUser.isPermitted(perm)){
+    <span class="code-comment">//show the print button?
+</span>} <span class="code-keyword">else</span> {
+    <span class="code-comment">//don&#8217;t show the button?
+</span>}
+</pre>
+</div></div>
+
+<p>You can construct the permission string the way you want so long as your <a href="realm.html" title="Realm">Realm</a> knows how to work with it.  In this example we use Shiro's optional permission syntax, <a href="permissions.html" title="Permissions">WildCardPermissions</a>.  WildCardPermissions are powerful and intuitive.  If you'd like to learn more about them then check out the <a class="external-link" href="static/current/apidocs/org/apache/shiro/authz/Permission.html">Permissions Documentation</a>.</p>
+
+<p>With string-based permission checks, you get the same functionality as the example before.  The benefit is that you are not forced to implement a permission interface and you can construct the permission via a simple string.  The downside is that you don't have type safety and if you needed more complicated permission capabilitues that are outside the scope of what this represents, you're going to want to implement your own permission objects based on the permission interface.</p>
+
+<h3><a name="JavaAuthorizationGuide-AnnotationAuthorization"></a>Annotation Authorization</h3>
+
+<p>If you don't want to do code level authorization checks, then you can use Java Annotations as well.  Shiro offers a number of <a href="java-annotations-list.html" title="Java Annotations List">Java annotations</a> that allow you to annotate methods.  </p>
+
+<h4><a name="JavaAuthorizationGuide-EnablingAnnotationSupport"></a>Enabling Annotation Support</h4>
+<p>Before you can use Java annotations, you'll need to enable AOP support in your application. There are a number of different AOP frameworks so, unfortunately, there is no standard way to enable AOP in an application.</p>
+
+<p>For AspectJ, you can review our <a class="external-link" href="http://svn.apache.org/repos/asf/shiro/trunk/samples/aspectj/">AspectJ sample application</a>.</p>
+
+<p>For Spring, you can look into our <a href="spring.html" title="Spring">Spring Integration</a> documentation.</p>
+
+<p>For Guice, you can look into our <a href="guice.html" title="Guice">Guice Integration</a> documentation.</p>
+
+<h4><a name="JavaAuthorizationGuide-PermissionCheck"></a>Permission Check</h4>
+<p>In this example, we want to check that a user has the <tt>account:create</tt> permission before they can invoke the <tt>openAccount</tt> method.  If they do, then the method is called as expected, and if they don't, then an exception is thrown. </p>
+
+<p>Like programmatic checks, you can use the <a class="external-link" href="static/current/apidocs/org/apache/shiro/authz/Permission.html">Permission</a> objects or the simple string methods with this annotation.</p>
+
+<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
+<pre class="code-java">
+<span class="code-comment">//Will <span class="code-keyword">throw</span> an AuthorizationException <span class="code-keyword">if</span> none
+</span><span class="code-comment">//of the caller&#8217;s roles imply the Account 
+</span><span class="code-comment">//'create' permission&#65533;
+</span>@RequiresPermissions(&#8220;account:create&#8221;)&#8207;
+<span class="code-keyword">public</span> void openAccount( Account acct ) { 
+    <span class="code-comment">//create the account
+</span>}
+</pre>
+</div></div>
+
+<h4><a name="JavaAuthorizationGuide-RoleCheck"></a>Role Check</h4>
+<p>In this example, we want to check that a user has the <tt>teller</tt> role before they can invoke the <tt>openAccount</tt> method.  If they do, then the method is called as expected, and if they don't, then an exception is thrown.</p>
+
+<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
+<pre class="code-java">
+<span class="code-comment">//Throws an AuthorizationException <span class="code-keyword">if</span> the caller
+</span><span class="code-comment">//doesn&#8217;t have the &#8216;teller&#8217; role:
+</span>
+@RequiresRoles( &#8220;teller&#8221; )
+<span class="code-keyword">public</span> void openAccount( Account acct ) { 
+    <span class="code-comment">//<span class="code-keyword">do</span> something in here that only a teller
+</span>    <span class="code-comment">//should <span class="code-keyword">do</span>
+</span>}
+</pre>
+</div></div>
+
+<h3><a name="JavaAuthorizationGuide-JSPTagLibAuthorization"></a>JSP TagLib Authorization</h3>
+<p>For JSP/GSP based web applications, Shiro also offers a <a href="jsp-tag-library.html" title="JSP Tag Library">tag library</a> for you to use. </p>
+
+<p>In this example, we're going to show users with the <em>users:manage</em> permission a link to the Manage Users page.  If they do not have the permission, then we'll show them a nice message.</p>
+
+<p>First, we'll need to add the Shiro taglib to our web application. Next, we add the <tt>&lt;shiro:hasPermission&gt;</tt> tag with a check for <em>users:manage</em>.  Within the <tt>&lt;shiro:hasPermission&gt;</tt> tags we will place the code we want to execute if the user has the permission we're checking for.  If we want to take an action if the user lacks the permission, then we need to also add the <tt>&lt;shiro:lacksPermission&gt;</tt> tag, again checking for <em>users:manage</em>.  And any code we want to excute if the user lacks the permission will need to be placed within the <tt>&lt;shiro:lacksPermission&gt;</tt> tags.</p>
+
+<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
+<pre class="code-java">
+&lt;%@ taglib prefix=&#8220;shiro&#8221; uri=http:<span class="code-comment">//shiro.apache.org/tags %&gt;
+</span>&lt;html&gt;
+&lt;body&gt;
+    &lt;shiro:hasPermission name=&#8220;users:manage&#8221;&gt;
+        &lt;a href=&#8220;manageUsers.jsp&#8221;&gt;
+            Click here to manage users
+        &lt;/a&gt;
+    &lt;/shiro:hasPermission&gt;
+    &lt;shiro:lacksPermission name=&#8220;users:manage&#8221;&gt;
+        No user management <span class="code-keyword">for</span> you!
+    &lt;/shiro:lacksPermission&gt;
+&lt;/body&gt;
+&lt;/html&gt;
+</pre>
+</div></div>
+
+<p>Of course, there also tags for checking roles and other user data and states.</p>
+
+<p>For more information on JSP/GSP Tags please check out the <a href="jsp-tag-library.html" title="JSP Tag Library">JSP Tag Library</a> and for more information on integration your application in your web application, please read the <a href="web.html" title="Web">Web Integration Documentation</a></p>
+
+<h2><a name="JavaAuthorizationGuide-CachingAuthorization"></a>Caching Authorization</h2>
+<p>TBD</p>
+
+<h2><a name="JavaAuthorizationGuide-Lendahandwithdocumentation"></a>Lend a hand with documentation </h2>
+
+<p>While we hope this documentation helps you with the work you're doing with Apache Shiro, the community is improving and expanding the documentation all the time.  If you'd like to help the Shiro project, please consider corrected, expanding, or adding documentation where you see a need. Every little bit of help you provide expands the community and in turn improves Shiro. </p>
+
+<p>The easiest way to contribute your documentation is to send it to the <a class="external-link" href="http://shiro-user.582556.n2.nabble.com/" rel="nofollow">User Forum</a> or the <a href="mailing-lists.html" title="Mailing Lists">User Mailing List</a>.</p>
\ No newline at end of file

Added: shiro/site/trunk/java-cryptography-guide.html
URL: http://svn.apache.org/viewvc/shiro/site/trunk/java-cryptography-guide.html?rev=1481417&view=auto
==============================================================================
--- shiro/site/trunk/java-cryptography-guide.html (added)
+++ shiro/site/trunk/java-cryptography-guide.html Sat May 11 21:10:40 2013
@@ -0,0 +1,95 @@
+<h1><a name="JavaCryptographyGuide-JavaCryptographyGuidewithApacheShiro"></a>Java Cryptography Guide with Apache Shiro</h1>
+
+
+<div class="addthis_toolbox addthis_default_style">
+<a class="addthis_button_compact" href="http://www.addthis.com/bookmark.php?v=250&amp;pubid=ra-4d66ef016022c3bd">Share</a>
+<span class="addthis_separator">|</span>
+<a class="addthis_button_preferred_1"></a>
+<a class="addthis_button_preferred_2"></a>
+<a class="addthis_button_preferred_3"></a>
+<a class="addthis_button_preferred_4"></a>
+</div>
+<script type="text/javascript">var addthis_config = {"data_track_clickback":true};</script>
+<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#pubid=ra-4d66ef016022c3bd"></script>
+
+
+<p><br clear="none" class="atl-forced-newline">
+Cryptography is the protecting of information from undesired access by hiding it or converting it into nonsense so that no one can read it.</p>
+
+<p>Shiro is a major part of Shiro because we wanted to provide you with simplicity on what is typically a very complex topic.  For example, the Java Cryptophay Environments (JCE) already handles cryptogrpahy in a Java environment but is very difficult to learn and use.  So we grabbed the concepts made available by the JCE API and make them available to us mortals.  In addition, all of the calls in the JCE are procedural which doesn't fit in Java's Object Oriented paradigm.  So in Shiro, our cryptography features are all object oriented.</p>
+
+<h2><a name="JavaCryptographyGuide-ElementsofCryptography"></a>Elements of Cryptography</h2>
+<p>Cryptogrpahy has two core elements in Shiro-- ciphers and hashes.  </p>
+
+<h3><a name="JavaCryptographyGuide-CiphersDefined"></a>Ciphers Defined</h3>
+<p>Ciphers are algorightms that can either encrypt or decrypt based on public or private key pair. And there are two different types of ciphers:</p>
+
+<ul class="alternate" type="square"><li>Symmetric Cipher - encrypts and decrypts using the same key.</li></ul>
+
+
+<ul class="alternate" type="square"><li>Asymmetric Cipher - uses different keys for encryption and decryption.</li></ul>
+
+
+<p>Both cipher type are support in Shiro.</p>
+
+<h3><a name="JavaCryptographyGuide-HashesDefined"></a>Hashes Defined</h3>
+<p>A hash is a one-way irreversible conversion of an input source.  In the JDK, a hash is referred to as a message digest.  A cryptographic hash and a message digests are the same thing and both terms or correct.</p>
+
+<h4><a name="JavaCryptographyGuide-CommonusesforHashes"></a>Common uses for Hashes</h4>
+<p>Hashes are often used to transforms credentials like passwords or biometric data.  It's a one way transformation so you can never see what the original value was.  This is a very safe way of storing passwords so that no one other than the user will ever know a password, even if your system is compromised.</p>
+
+<p>In addition, Shiro's hashes can be used with any type of data with an underlying byte array.  Examples of this data include files, streams, byte arrays, strings, and character arrays.</p>
+
+<h2><a name="JavaCryptographyGuide-CipherFeatures"></a>Cipher Features</h2>
+<h3><a name="JavaCryptographyGuide-Shiro%27sCipherServiceInterface"></a>Shiro's CipherService Interface</h3>
+<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
+<pre class="code-java">
+<span class="code-keyword">public</span> <span class="code-keyword">interface</span> CipherService {
+
+   ByteSource encrypt( <span class="code-object">byte</span>[] raw, <span class="code-object">byte</span>[] key);
+
+   void encrypt(InputStream in, OutputStream out, <span class="code-object">byte</span>[] key);
+
+   ByteSource decrypt( <span class="code-object">byte</span>[] cipherText, <span class="code-object">byte</span>[] key);
+
+   void decrypt(InputStream in, OutputStream out, <span class="code-object">byte</span>[] key);  
+}
+</pre>
+</div></div>
+
+<h2><a name="JavaCryptographyGuide-HashFeatures"></a>Hash Features</h2>
+<div class="panelMacro"><table class="tipMacro"><colgroup span="1"><col span="1" width="24"><col span="1"></colgroup><tr><td colspan="1" rowspan="1" valign="top"><img align="middle" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" width="16" height="16" alt="" border="0"></td><td colspan="1" rowspan="1">Salts are important when hashing ...</td></tr></table></div>
+
+<div class="panelMacro"><table class="tipMacro"><colgroup span="1"><col span="1" width="24"><col span="1"></colgroup><tr><td colspan="1" rowspan="1" valign="top"><img align="middle" src="https://cwiki.apache.org/confluence/images/icons/emoticons/check.gif" width="16" height="16" alt="" border="0"></td><td colspan="1" rowspan="1">Repeated hashes are important when hashing ...</td></tr></table></div>
+
+<h3><a name="JavaCryptographyGuide-Shiro%27sHashInterface"></a>Shiro's Hash Interface</h3>
+<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
+<pre class="code-java">
+<span class="code-keyword">public</span> <span class="code-keyword">interface</span> Hash {
+   <span class="code-object">byte</span>[] getBytes();
+   <span class="code-object">String</span> toHex();
+   <span class="code-object">String</span> toBase64();
+}
+</pre>
+</div></div>
+
+<h3><a name="JavaCryptographyGuide-ExamplesofhowtouseHashesinyourcode"></a>Examples of how to use Hashes in your code</h3>
+<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
+<pre class="code-java">
+<span class="code-comment">//some examples:
+</span><span class="code-keyword">new</span> Md5Hash(&#8220;foo&#8221;).toHex();
+
+<span class="code-comment">//File MD5 Hash value <span class="code-keyword">for</span> checksum:
+</span><span class="code-keyword">new</span> MD5Hash( aFile ).toHex();
+
+<span class="code-comment">//store a password, but not raw:
+</span><span class="code-keyword">new</span> Sha256(aPassword, salt,
+           1024).toBase64();
+</pre>
+</div></div>
+
+<h2><a name="JavaCryptographyGuide-Lendahandwithdocumentation"></a>Lend a hand with documentation </h2>
+
+<p>While we hope this documentation helps you with the work you're doing with Apache Shiro, the community is improving and expanding the documentation all the time.  If you'd like to help the Shiro project, please consider corrected, expanding, or adding documentation where you see a need. Every little bit of help you provide expands the community and in turn improves Shiro. </p>
+
+<p>The easiest way to contribute your documentation is to send it to the <a class="external-link" href="http://shiro-user.582556.n2.nabble.com/" rel="nofollow">User Forum</a> or the <a href="mailing-lists.html" title="Mailing Lists">User Mailing List</a>.</p>
\ No newline at end of file

Added: shiro/site/trunk/jsp-tag-library.html
URL: http://svn.apache.org/viewvc/shiro/site/trunk/jsp-tag-library.html?rev=1481417&view=auto
==============================================================================
--- shiro/site/trunk/jsp-tag-library.html (added)
+++ shiro/site/trunk/jsp-tag-library.html Sat May 11 21:10:40 2013
@@ -0,0 +1,30 @@
+<h1><a name="JSPTagLibrary-JSP%2FGSPTagLibraryforApacheShiro"></a>JSP/GSP Tag Library for Apache Shiro</h1>
+
+<ul><li><b>&lt;shiro:guest/&gt;</b> - Displays body content only if the current Subject IS NOT known to the system, either because they have not logged in or they have no corresponding 'RememberMe' identity. It is logically opposite to the 'user' tag.</li></ul>
+
+
+<ul><li><b>&lt;shiro:user/&gt;</b> - Displays body content only if the current Subject has a known identity, either from a previous login or from 'RememberMe' services. Note that this is semantically different from the 'authenticated' tag, which is more restrictive. It is logically opposite to the 'guest' tag.</li></ul>
+
+
+<ul><li><b>&lt;shiro:principal/&gt;</b> - Displays the user's principal or a property of the user's principal.</li></ul>
+
+
+<ul><li><b>&lt;shiro:hasPermission/&gt;</b> - Displays body content only if the current Subject (user) 'has' (implies) the specified permission (i.e the user has the specified ability).</li></ul>
+
+
+<ul><li><b>&lt;shiro:lacksPermission/&gt;</b> - Displays body content only if the current Subject (user) does NOT have (not imply) the specified permission (i.e. the user lacks the specified ability)</li></ul>
+
+
+<ul><li><b>&lt;shiro:hasRole/&gt;</b> - Displays body content only if the current user has the specified role.</li></ul>
+
+
+<ul><li><b>&lt;shiro:lacksRole/&gt;</b> - Displays body content only if the current user does NOT have the specified role (i.e. they explicitly lack the specified role)</li></ul>
+
+
+<ul><li><b>&lt;shiro:hasAnyRoles/&gt;</b> - Displays body content only if the current user has one of the specified roles from a comma-separated list of role names</li></ul>
+
+
+<ul><li><b>&lt;shiro:authenticated/&gt;</b> - Displays body content only if the current user has successfully authenticated <em>during their current session</em>. It is more restrictive than the 'user' tag. It is logically opposite to the 'notAuthenticated' tag.</li></ul>
+
+
+<ul><li><b>&lt;shiro:notAuthenticated/&gt;</b> - Displays body content only if the current user has NOT succesfully authenticated <em>during their current session</em>. It is logically opposite to the 'authenticated' tag.</li></ul>



Mime
View raw message