shiro-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bdem...@apache.org
Subject [2/4] shiro-site git commit: Fixed a whole bunch of dead links and corrected redirects
Date Fri, 21 Oct 2016 20:06:59 GMT
http://git-wip-us.apache.org/repos/asf/shiro-site/blob/7cfde39b/tutorial.html.vtl
----------------------------------------------------------------------
diff --git a/tutorial.html.vtl b/tutorial.html.vtl
index 0e164bd..91cfe33 100644
--- a/tutorial.html.vtl
+++ b/tutorial.html.vtl
@@ -184,7 +184,7 @@ OS name: <span class="code-quote">"mac os x"</span> version:
<span class="code-q
 
 <p>While we could instantiate a <tt>SecurityManager</tt> class directly,
Shiro's <tt>SecurityManager</tt> implementations have enough configuration options
and internal components that make this a pain to do in Java source code - it would be much
easier to configure the <tt>SecurityManager</tt> with a flexible text-based configuration
format. </p>
 
-<p>To that end, Shiro provides a default &#8216;common denominator&#8217; solution
via text-based <a class="external-link" href="http://en.wikipedia.org/wiki/INI_file" rel="nofollow">INI</a>
configuration. People are pretty tired of using bulky XML files these days, and INI is easy
to read, simple to use, and requires very few dependencies. You&#8217;ll also see later
that with a simple understanding of object graph navigation, INI can be used effectively to
configure simple object graphs like the SecurityManager. </p>
+<p>To that end, Shiro provides a default &#8216;common denominator&#8217; solution
via text-based <a class="external-link" href="https://en.wikipedia.org/wiki/INI_file" rel="nofollow">INI</a>
configuration. People are pretty tired of using bulky XML files these days, and INI is easy
to read, simple to use, and requires very few dependencies. You&#8217;ll also see later
that with a simple understanding of object graph navigation, INI can be used effectively to
configure simple object graphs like the SecurityManager. </p>
 
 #tip('Many Configuration Options', 'Shiro''s <tt>SecurityManager</tt> implementations
and all supporting components are all JavaBeans compatible.  This allows Shiro to be configured
with practically any configuration format such as XML (Spring, JBoss, Guice, etc), <a class="external-link"
href="http://www.yaml.org/" rel="nofollow">YAML</a>, JSON, Groovy Builder markup,
and more.  INI is just Shiro''s ''common denominator'' format that allows configuration in
any environment in case other options are not available.')
 
@@ -254,7 +254,7 @@ goodguy = winnebago:drive:eagle5
 
 <p>Here is what the above additions are doing:</p>
 
-<ol><li>We use Shiro's <tt>IniSecurityManagerFactory</tt> implementation
to ingest our <tt>shiro.ini</tt> file which is located at the root of the classpath.
 This implementation reflects Shiro's support of the <a class="external-link" href="http://en.wikipedia.org/wiki/Factory_method_pattern"
rel="nofollow">Factory Method Design Pattern</a>.  The <tt>classpath:</tt>
prefix is an resource indicator that tells shiro where to load the ini file from (other prefixes,
like <tt>url:</tt> and <tt>file:</tt> are supported as well).
+<ol><li>We use Shiro's <tt>IniSecurityManagerFactory</tt> implementation
to ingest our <tt>shiro.ini</tt> file which is located at the root of the classpath.
 This implementation reflects Shiro's support of the <a class="external-link" href="https://en.wikipedia.org/wiki/Factory_method_pattern"
rel="nofollow">Factory Method Design Pattern</a>.  The <tt>classpath:</tt>
prefix is an resource indicator that tells shiro where to load the ini file from (other prefixes,
like <tt>url:</tt> and <tt>file:</tt> are supported as well).
 <br clear="none" class="atl-forced-newline">
 <br clear="none" class="atl-forced-newline"></li><li>The <tt>factory.getInstance()</tt>
method is called, which parses the INI file and returns a <tt>SecurityManager</tt>
instance reflecting the configuration.
 <br clear="none" class="atl-forced-newline">

http://git-wip-us.apache.org/repos/asf/shiro-site/blob/7cfde39b/web.html.vtl
----------------------------------------------------------------------
diff --git a/web.html.vtl b/web.html.vtl
index c398f88..c25a7d4 100644
--- a/web.html.vtl
+++ b/web.html.vtl
@@ -13,11 +13,11 @@
   <h3><a href="webapp-tutorial.html">Web App Tutorial</a></h3>
   <p>Step-by-step tutorial for securing a web application with Shiro. </br><span
style="font-size:11"><a href="webapp-tutorial.html">Read More &gt;&gt;</a></span></p>
 	
-  <h3><a href="/session-management-features.html">Session Management</a></h3>
-  <p>Shiro enables sessions for any application environment. Learn more! </br><span
style="font-size:11"><a href="/session-management-features.html">Read More &gt;&gt;</a></span></p>
+  <h3><a href="session-management-features.html">Session Management</a></h3>
+  <p>Shiro enables sessions for any application environment. Learn more! </br><span
style="font-size:11"><a href="session-management-features.html">Read More &gt;&gt;</a></span></p>
 	
-  <h3><a href="//permissions.html">Permissions</a></h3>
-  <p>Learn more about Shiro's powerful and intuitive permission syntax. </br><span
style="font-size:11"><a href="/permissions.html">Read More &gt;&gt;</a></span></p>
+  <h3><a href="permissions.html">Permissions</a></h3>
+  <p>Learn more about Shiro's powerful and intuitive permission syntax. </br><span
style="font-size:11"><a href="permissions.html">Read More &gt;&gt;</a></span></p>
 	
   <h3><a href="java-authentication-guide.html">Java Authentication Guide</a></h3>
   <p>Learn how Authentication in Java is performed in Shiro. </br><span style="font-size:11"><a
href="java-authentication-guide.html">Read More &gt;&gt;</a></span></p>

@@ -35,9 +35,9 @@
 <p><a name="Web-configuration"></a></p>
 <h2><a name="Web-Configuration"></a>Configuration</h2>
 
-<p>The simplest way to integrate Shiro into any web application is to configure a Servlet
ContextListener and Filter in web.xml that understands how to read Shiro's INI configuration.
 The bulk of the INI config format itself is defined in the Configuration pages's <a href="configuration.html\#Configuration-INISections">INI
Sections</a> section, but we'll cover some additional web-specific sections here.</p>
+<p>The simplest way to integrate Shiro into any web application is to configure a Servlet
ContextListener and Filter in web.xml that understands how to read Shiro's INI configuration.
 The bulk of the INI config format itself is defined in the Configuration pages's <a href="configuration.html#[[#]]#Configuration-INISections">INI
Sections</a> section, but we'll cover some additional web-specific sections here.</p>
 
-#info('Using Spring?', 'Spring Framework users will not perform this setup.  If you use Spring,
you will want to read about <a href="spring.html\#Spring-WebApplications">Spring-specific
web configuration</a> instead.')
+#info('Using Spring?', 'Spring Framework users will not perform this setup.  If you use Spring,
you will want to read about <a href="spring.html#[[#]]#Spring-WebApplications">Spring-specific
web configuration</a> instead.')
 
 <h3><a name="Web-%7B%7Bweb.xml%7D%7D"></a><tt>web.xml</tt></h3>
 
@@ -119,10 +119,10 @@
 </pre>
 </div></div>
 
-<p>By default, the <tt>param-value</tt> is expected to be resolvable by
the rules defined by <tt>ServletContext.</tt><tt><a class="external-link"
href="http://download.oracle.com/javaee/6/api/javax/servlet/ServletContext.html\#getResource(java.lang.String)"
rel="nofollow">getResource</a></tt> method.  For example, <tt>/WEB-INF/some/path/shiro.ini</tt>
 </p>
+<p>By default, the <tt>param-value</tt> is expected to be resolvable by
the rules defined by <tt>ServletContext.</tt><tt><a class="external-link"
href="http://docs.oracle.com/javaee/6/api/javax/servlet/ServletContext.html#[[#]]#getResource(java.lang.String)"
rel="nofollow">getResource</a></tt> method.  For example, <tt>/WEB-INF/some/path/shiro.ini</tt>
 </p>
 
 <p>But you may also specify specific file-system, classpath or URL locations by using
an appropriate resource prefix supported by Shiro's <a class="external-link" href="static/current/apidocs/org/apache/shiro/io/ResourceUtils.html">ResourceUtils
class</a>, for example:</p>
-<ul><li><tt><a class="external-link" href="file:/home/foobar/myapp/shiro.ini"
rel="nofollow">file:/home/foobar/myapp/shiro.ini</a></tt></li><li><tt>classpath:com/foo/bar/shiro.ini</tt></li><li><tt>url:<a
class="external-link" href="http://confighost.mycompany.com/myapp/shiro.ini" rel="nofollow">http://confighost.mycompany.com/myapp/shiro.ini</a></tt></li></ul>
+<ul><li><tt>file:/home/foobar/myapp/shiro.ini</tt></li><li><tt>classpath:com/foo/bar/shiro.ini</tt></li><li><tt>url:http://confighost.mycompany.com/myapp/shiro.ini</tt></li></ul>
 
 
 <h4><a name="Web-Shiro1.1andearlier"></a>Shiro 1.1 and earlier</h4>
@@ -174,7 +174,7 @@
 </div></div>
 
 <p>Unqualified (schemeless or 'non-prefixed') <tt>configPath</tt> values
are assumed to be <tt>ServletContext</tt> resource paths, resolvable via the rules
defined by the<br clear="none">
-<tt>ServletContext.</tt><tt><a class="external-link" href="http://download.oracle.com/javaee/6/api/javax/servlet/ServletContext.html\#getResource(java.lang.String)"
rel="nofollow">getResource</a></tt> method.</p>
+<tt>ServletContext.</tt><tt><a class="external-link" href="http://docs.oracle.com/javaee/6/api/javax/servlet/ServletContext.html#[[#]]#getResource(java.lang.String)"
rel="nofollow">getResource</a></tt> method.</p>
 
 #warning('ServletContext resource paths - Shiro 1.2+', 'ServletContext resource paths are
available in Shiro 1.2 and later.  In 1.1 and earlier, all <tt>configPath</tt>
definitions must specify a <tt>classpath:</tt>, <tt>file:</tt> or
<tt>url:</tt> prefix.')
 
@@ -273,7 +273,7 @@
 
 <p>This line states that "Any request to my application's path of <tt>/account</tt>
or any of it's sub paths (<tt>/account/foo</tt>, <tt>/account/bar/baz</tt>,
etc) will trigger the 'ssl, authc' filter chain".  We'll cover filter chains below.</p>
 
-<p>Note that all path expressions are relative to your application's context root.
 This means that if you deploy your application one day to, say, <tt>www.somehost.com/myapp</tt>
and then later deploy it to <tt>www.anotherhost.com</tt> (no 'myapp' sub-path),
the pattern matching will still work.  All paths are relative to the <a class="external-link"
href="http://java.sun.com/j2ee/sdk_1.3/techdocs/api/javax/servlet/http/HttpServletRequest.html\#getContextPath()"
rel="nofollow">HttpServletRequest.getContextPath()</a> value.</p>
+<p>Note that all path expressions are relative to your application's context root.
 This means that if you deploy your application one day to, say, <tt>www.somehost.com/myapp</tt>
and then later deploy it to <tt>www.anotherhost.com</tt> (no 'myapp' sub-path),
the pattern matching will still work.  All paths are relative to the <a class="external-link"
href="http://docs.oracle.com/javaee/1.3/api/javax/servlet/http/HttpServletRequest.html#[[#]]#getContextPath()"
rel="nofollow">HttpServletRequest.getContextPath()</a> value.</p>
 
 
 #warning('Order Matters!', 'URL path expressions are evaluated against an incoming request
in the order they are defined and the <em>FIRST MATCH WINS</em>.  For example,
let''s asume that there are the following chain definitions:
@@ -454,7 +454,7 @@ securityManager.sessionManager = $sessionManager
 
 <h5><a name="Web-NativeSessionTimeout"></a>Native Session Timeout</h5>
 
-<p>After configuring the <tt>DefaultWebSessionManager</tt> instance, session
timeout is configured as described in <a href="session-management.html\#SessionManagement-sessionTimeout">Session
Management: Session Timeout</a></p>
+<p>After configuring the <tt>DefaultWebSessionManager</tt> instance, session
timeout is configured as described in <a href="session-management.html#[[#]]#SessionManagement-sessionTimeout">Session
Management: Session Timeout</a></p>
 
 <h5><a name="Web-SessionCookie"></a>Session Cookie</h5>
 
@@ -479,7 +479,7 @@ securityManager.sessionManager.sessionIdCookie.domain = foo.com
 
 <p>See the <a class="external-link" href="static/current/apidocs/org/apache/shiro/web/servlet/SimpleCookie.html">SimpleCookie
JavaDoc</a> for additional properties.</p>
 
-<p>The cookie's default name is <tt>JSESSIONID</tt> in accordance with
the servlet specification.  Additionally, Shiro's cookie supports the <tt><a class="external-link"
href="http://en.wikipedia.org/wiki/HTTP_cookie#HttpOnly_cookie" rel="nofollow">HttpOnly</a></tt>
flag.  The <tt>sessionIdCookie</tt> sets <tt>HttpOnly</tt> to <tt>true</tt>
by default for extra security.</p>
+<p>The cookie's default name is <tt>JSESSIONID</tt> in accordance with
the servlet specification.  Additionally, Shiro's cookie supports the <tt><a class="external-link"
href="https://en.wikipedia.org/wiki/HTTP_cookie#HttpOnly_cookie" rel="nofollow">HttpOnly</a></tt>
flag.  The <tt>sessionIdCookie</tt> sets <tt>HttpOnly</tt> to <tt>true</tt>
by default for extra security.</p>
 
 #info('Note', 'Shiro''s <tt>Cookie</tt> concept supports the <tt>HttpOnly</tt>
flag even in Servlet 2.4 and 2.5 environments (whereas the Servlet API only supports it natively
in 2.6 or later).')
 
@@ -689,7 +689,7 @@ securityManager.rememberMeManager = $rememberMeManager
 <a name="Web-principaltag"></a></p>
 <h3><a name="Web-The%7B%7Bprincipal%7D%7Dtag"></a>The <tt>principal</tt>
tag</h3>
 
-<p>The <tt>principal</tt> tag will output the Subject's <tt><a
class="external-link" href="static/current/apidocs/org/apache/shiro/subject/Subject.html\#getPrincipal()">principal</a></tt>
(identifying attribute) or a property of that principal.</p>
+<p>The <tt>principal</tt> tag will output the Subject's <tt><a
class="external-link" href="static/current/apidocs/org/apache/shiro/subject/Subject.html#[[#]]#getPrincipal()">principal</a></tt>
(identifying attribute) or a property of that principal.</p>
 
 <p>Without any tag attributes, the tag will render the <tt>toString()</tt>
value of the principal.  For example (assuming the principal is a String username):</p>
 
@@ -709,7 +709,7 @@ Hello, <span class="code-tag">&lt;%= SecurityUtils.getSubject().getPrincipal().t
 
 <h4><a name="Web-Typedprincipal"></a>Typed principal</h4>
 
-<p>The <tt>principal</tt> tag assumes by default that the principal to
print is the <tt>subject.getPrincipal()</tt> value.  But if you wanted to print
a value that is <em>not</em> the primary principal, but another in the Subject's
{<a class="external-link" href="static/current/apidocs/org/apache/shiro/subject/Subject.html\#getPrincipals()">principal
collection</a>, you can acquire that principal by type and print that value instead.</p>
+<p>The <tt>principal</tt> tag assumes by default that the principal to
print is the <tt>subject.getPrincipal()</tt> value.  But if you wanted to print
a value that is <em>not</em> the primary principal, but another in the Subject's
{<a class="external-link" href="static/current/apidocs/org/apache/shiro/subject/Subject.html#[[#]]#getPrincipals()">principal
collection</a>, you can acquire that principal by type and print that value instead.</p>
 
 <p>For example, printing the Subject's user ID (and not the username), assuming the
ID was in the principal collection:</p>
 

http://git-wip-us.apache.org/repos/asf/shiro-site/blob/7cfde39b/what-is-shiro.html
----------------------------------------------------------------------
diff --git a/what-is-shiro.html b/what-is-shiro.html
index 7b47dc9..833a788 100644
--- a/what-is-shiro.html
+++ b/what-is-shiro.html
@@ -19,7 +19,7 @@
 
 <p>Standard JAAS and EJB security models couldn't cut it - they required static definitions
that only programmers could change, requiring the application to re-deployed all over again.
And although those 20% of clients required dynamic functionality, there were many more that
would have liked that capability, even though it wasn't a pure requirement for their applications.
I quickly realized how useful something like this was and tried to see how I could achieve
what many people wanted.</p>
 
-<p>Like most of the Java community, I looked into <a class="external-link" href="http://java.sun.com/products/jaas"
rel="nofollow">JAAS</a> to see if it could do what I wanted. After all, it was really
the only security technology out there widely accessible to Java developers at the time. I
did a <em>lot</em> of research, looking for ways that I might be able to coerce
JAAS into doing what I wanted. Sometimes it came close. JAAS Authentication could meet my
needs with a decent amount of effort, but JAAS Authorization didn't even come close.</p>
+<p>Like most of the Java community, I looked into <a class="external-link" href="http://docs.oracle.com/javase/7/docs/technotes/guides/security/jaas/JAASRefGuide.html"
rel="nofollow">JAAS</a> to see if it could do what I wanted. After all, it was really
the only security technology out there widely accessible to Java developers at the time. I
did a <em>lot</em> of research, looking for ways that I might be able to coerce
JAAS into doing what I wanted. Sometimes it came close. JAAS Authentication could meet my
needs with a decent amount of effort, but JAAS Authorization didn't even come close.</p>
 
 <p>JAAS is tied too heavily tied to virtual machine-level concerns. As an application
architect, I usually didn't care one bit about whether or not a <em>Class</em>
could execute inside the virtual machine.  What I really wanted to control is whether or not
the <em>current user</em> could execute a given method, often based on the method's
arguments. So, I hobbled a bit, creating some functionality to piggy-back JAAS and custom-coded
the rest. The result was only usable on a few applications and wasn't nearly as robust as
I wanted.</p>
 


Mime
View raw message