shiro-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bdem...@apache.org
Subject svn commit: r1774534 - in /shiro/site/publish: spring-boot.html spring-framework.html spring-xml.html
Date Thu, 15 Dec 2016 23:05:59 GMT
Author: bdemers
Date: Thu Dec 15 23:05:59 2016
New Revision: 1774534

URL: http://svn.apache.org/viewvc?rev=1774534&view=rev
Log:
dark launching updated spring docs, for 1.4.0+

Added:
    shiro/site/publish/spring-boot.html
    shiro/site/publish/spring-framework.html
    shiro/site/publish/spring-xml.html

Added: shiro/site/publish/spring-boot.html
URL: http://svn.apache.org/viewvc/shiro/site/publish/spring-boot.html?rev=1774534&view=auto
==============================================================================
--- shiro/site/publish/spring-boot.html (added)
+++ shiro/site/publish/spring-boot.html Thu Dec 15 23:05:59 2016
@@ -0,0 +1,508 @@
+<!--
+   Licensed to the Apache Software Foundation (ASF) under one or more
+   contributor license agreements.  See the NOTICE file distributed with
+   this work for additional information regarding copyright ownership.
+   The ASF licenses this file to You under the Apache License, Version 2.0
+   (the "License"); you may not use this file except in compliance with
+   the License.  You may obtain a copy of the License at
+
+        http://www.apache.org/licenses/LICENSE-  2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+-->
+<html>
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+<head>
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+    <meta name="description" content="Apache Shiro is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management.">
+    <meta name="google-site-verification" content="QIax6uT5UX3enoU0G8Pz2pXbQ45KaQuHZ3nCh9V27mw">
+    <meta name="google-site-verification" content="ecFap6dWJgS_GCCtxmJQJ_nFYQhM6EgSpBPZDU7xsCE">
+    <meta name="msvalidate.01" content="0B57EB46CBFAD8FD45008D2DB6B6C68C">
+    <meta name="y_key" content="e47896cd6bae4920">
+
+    <title>
+                    Apache Shiro | Simple. Java. Security.
+        </title>
+
+
+    <link rel="icon" type="image/vnd.microsoft.icon" href="./assets/images/favicon.ico">
+    <link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/font-awesome/4.6.3/css/font-awesome.min.css">
+
+    <!-- site styles and  -->
+    <link rel="stylesheet" type="text/css" href="./assets/css/style.css">
+    <script type="text/javascript" src="./assets/js/shiro-site.js"></script>
+
+    <!-- github ribbon -->
+    <link rel="stylesheet" href="./assets/css/gh-pages/gh-fork-ribbon.css" />
+    <!--[if lt IE 9]>
+      <link rel="stylesheet" href="./assets/css/gh-pages/gh-fork-ribbon.ie.css" />
+    <![endif]-->
+
+    <script src="https://code.jquery.com/jquery-3.1.1.min.js" integrity="sha256-hVVnYaiADRTO2PzUGmuLJr8BLUSjGIZsDYGmIJLv2b8=" crossorigin="anonymous"></script>
+
+    <!-- bootstrap -->
+    <link rel="stylesheet" href="./assets/bootstrap/css/bootstrap.min.css">
+    <link rel="stylesheet" href="./assets/bootstrap/css/bootstrap-theme.min.css">
+    <script src="./assets/bootstrap/js/bootstrap.min.js"></script>
+
+    <link rel="stylesheet" href="./assets/css/bootstrap-social.css">
+
+    <!-- Google Analytics -->
+    <script>
+    (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
+                (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
+            m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
+    })(window,document,'script','https://www.google-analytics.com/analytics.js','ga');
+
+    ga('create', 'UA-XXXXX-Y', 'auto');
+    ga('send', 'pageview');
+    </script>
+    <!-- End Google Analytics -->
+
+
+
+    <!-- syntax highlighting -->
+    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/9.7.0/styles/default.min.css" integrity="sha256-Zd1icfZ72UBmsId/mUcagrmN7IN5Qkrvh75ICHIQVTk=" crossorigin="anonymous" />
+    <script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/9.7.0/highlight.min.js" integrity="sha256-s63qpgPYoQk+wv3U6WZqioVJrwFNBTgD4dkeegLuwvo=" crossorigin="anonymous"></script>
+    <script>hljs.initHighlightingOnLoad();</script>
+
+    <script type="text/javascript">
+
+        $( document ).ready(function() {
+            addPageEditLink();
+        });
+    </script>
+</head>
+
+<body>
+
+    <div id="top-bar"></div>
+
+    <div class="container" style="max-width: 1200px;">
+
+    <a class="github-fork-ribbon right-top" href="https://github.com/apache/shiro" title="Fork me on GitHub">Fork me on GitHub</a>
+
+
+
+    <div class="masthead">
+        <p class="lead">
+            <a href="./index.html">
+                <img src="./assets/images/apache-shiro-logo.png" style="height:100px; width:auto; vertical-align: bottom; margin-top: 20px;">
+            </a>
+            <span class="tagline">Simple. Java. Security.</span>
+        </p>
+    </div>
+
+
+
+    <nav class="navbar navbar-default" role="navigation">
+        <!-- Brand and toggle get grouped for better mobile display -->
+        <div class="navbar-header">
+            <button type="button" class="navbar-toggle" data-toggle="collapse"
+                    data-target="#navbar-collapse-1">
+                <span class="sr-only">Toggle navigation</span>
+                <span class="icon-bar"></span>
+                <span class="icon-bar"></span>
+                <span class="icon-bar"></span>
+            </button>
+        </div>
+
+        <!-- Collect the nav links, forms, and other content for toggling -->
+        <div class="collapse navbar-collapse" id="navbar-collapse-1">
+            <ul class="nav navbar-nav">
+                <li><a href="./get-started.html">Get Started</a></li>
+                <li><a href="./documentation.html">Docs</a></li>
+
+                <li class="dropdown">
+                    <a href="#" class="dropdown-toggle" data-toggle="dropdown">
+                        Web Apps <b class="caret"></b>
+                    </a>
+
+                    <ul class="dropdown-menu">
+                        <li><a href="./web.html">General</a></li>
+                        <li class="divider"></li>
+                        <li><a href="./web-features.html">Features</a></li>
+                    </ul>
+                </li>
+
+                <li class="dropdown">
+                    <a href="#" class="dropdown-toggle" data-toggle="dropdown">
+                        Integrations <b class="caret"></b>
+                    </a>
+
+                    <ul class="dropdown-menu">
+                        <li><a href="./spring.html">Spring</a></li>
+                        <li><a href="./guice.html">Guice</a></li>
+                        <li class="divider"></li>
+                        <li><a href="./integration.html">Third-Party Integrations</a></li>
+                    </ul>
+                </li>
+
+                <li><a href="./features.html">Features</a></li>
+
+                <li class="dropdown">
+                    <a href="#" class="dropdown-toggle" data-toggle="dropdown">
+                        Community <b class="caret"></b>
+                    </a>
+                    <ul class="dropdown-menu">
+                        <li><a href="./forums.html">Community Forums</a></li>
+                        <li><a href="./mailing-lists.html">Mailing Lists</a></li>
+                        <li><a href="./articles.html">Articles</a></li>
+                        <li><a href="./news.html">News</a></li>
+                        <li><a href="./events.html">Events</a></li>
+                        <li class="divider"></li>
+                        <li><a href="./community.html">More</a></li>
+                    </ul>
+                </li>
+
+                <li class="dropdown">
+                    <a href="#" class="dropdown-toggle" data-toggle="dropdown">
+                        About <b class="caret"></b>
+                    </a>
+
+                    <ul class="dropdown-menu">
+                        <li><a href="./about.html">About</a></li>
+                        <li><a href="./security-reports.html">Vulnerability Reports</a></li>
+                    </ul>
+                </li>
+
+            </ul>
+
+            <ul class="nav navbar-nav navbar-right">
+                <li class="dropdown">
+                    <a href="http://www.apache.org/" class="dropdown-toggle" data-toggle="dropdown">
+                        Apache Software Foundation <b class="caret"></b></a>
+                    <ul class="dropdown-menu">
+                        <li><a href="http://www.apache.org/">Apache Homepage</a></li>
+                        <li><a href="http://www.apache.org/licenses/">License</a></li>
+                        <li><a href="http://www.apache.org/foundation/sponsorship.html">Sponsorship</a></li>
+                        <li><a href="http://www.apache.org/foundation/thanks.html">Thanks</a></li>
+                        <li><a href="http://www.apache.org/foundation/sponsorship.html">Donate</a></li>
+                        <li><a href="http://www.apache.org/security/">Security</a></li>
+                    </ul>
+                </li>
+            </ul>
+        </div>
+        <!-- /.navbar-collapse -->
+    </nav>
+
+
+            <a name="Spring-IntegratingApacheShirointoSpringbasedApplications"></a>
+<h1>Integrating Apache Shiro into Spring-Boot Applications</h1>
+<p>Shiro&rsquo;s Spring-Boot integration is the easiest way to integrate Shiro into a Spring-base application, for more general Spring Framework integration, take a the <a href="spring-framework.html">annotation</a> or <a href="spring-xml.html">XML</a> guides. </p>
+<a name="Spring-StandaloneApplications"></a>
+<h2><a href="#standalone-applications" name="standalone-applications">Standalone Applications</a></h2>
+<p>Include the Shiro Spring starter dependency in you application classpath (we recomend using a tool such as Apache Maven or Gradle to manage this).</p>
+<ul class="nav nav-tabs">
+    <li class="active"><a data-toggle="tab" href="#maven-cli">Apache Maven</a></li>
+    <li><a data-toggle="tab" href="#gradle-cli">Gradle</a></li>
+</ul>
+<div class="tab-content">
+    <div id="maven-cli" class="tab-pane fade in active">
+    <pre><code class='xml'>&lt;dependency&gt;
+    &lt;groupId&gt;org.apache.shiro&lt;/groupId&gt;
+    &lt;artifactId&gt;shiro-spring-boot-starter&lt;/artifactId&gt;
+    &lt;version&gt;${earlyRelease}&lt;/version&gt;
+&lt;/dependency&gt;
+</code></pre>
+    </div>
+    <div id="gradle-cli" class="tab-pane fade">
+        <pre><code class='groovy'>compile 'org.apache.shiro:shiro-spring-boot-starter:${earlyRelease}'
+</code></pre>
+    </div>
+</div>
+<p>The only thing that is left is to configure a <a href="realm.html">realm</a>:</p>
+<pre><code class="java">@Bean
+public Realm realm() {
+  ...
+}
+</code></pre>
+<p>The easiest way to setup Shiro, so that all SecurityUtils.* methods work in all cases, is to make the <code>SecurityManager</code> bean a static singleton. DO NOT do this in web applications - see the <a href="#Spring-WebApplications">Web Applications</a> section below instead.</p>
+<pre><code class="java">@Autowired
+private SecurityManager securityManager;
+    
+ @PostConstruct
+ private void initStaticSecurityManager() {
+     SecurityUtils.setSecurityManager(securityManager);
+ }
+</code></pre>
+<p>That is it, now you can get the current <code>Subject</code> using:</p>
+<pre><code class="java">SecurityUtils.getSubject();
+</code></pre>
+<p>You can see a full example in our <a href="https://github.com/apache/shiro/tree/master/samples/spring-boot">samples on Github</a>.</p>
+<a name="Spring-WebApplications"></a>
+<h2><a href="#web-applications" name="web-applications">Web Applications</a></h2>
+<p>Shiro has first-class support for Spring web applications. In a web application, all Shiro-accessible web requests must go through a master Shiro Filter. This filter itself is extremely powerful, allowing for ad-hoc custom filter chains to be executed based on any URL path expression.</p>
+<p>First include the Shiro Spring web starter dependency in you application classpath (we recomend using a tool such as Apache Maven or Gradle to manage this).</p>
+<ul class="nav nav-tabs">
+    <li class="active"><a data-toggle="tab" href="#maven-web">Apache Maven</a></li>
+    <li><a data-toggle="tab" href="#gradle-web">Gradle</a></li>
+</ul>
+<div class="tab-content">
+    <div id="maven-web" class="tab-pane fade in active">
+    <pre><code class='xml'>&lt;dependency&gt;
+    &lt;groupId&gt;org.apache.shiro&lt;/groupId&gt;
+    &lt;artifactId&gt;shiro-spring-boot-web-starter&lt;/artifactId&gt;
+    &lt;version&gt;${earlyRelease}&lt;/version&gt;
+&lt;/dependency&gt;
+</code></pre>
+    </div>
+    <div id="gradle-web" class="tab-pane fade">
+        <pre><code class='groovy'>compile 'org.apache.shiro:shiro-spring-boot-web-starter:${earlyRelease}'
+</code></pre>
+    </div>
+</div>
+<p>Provide a Realm implementation:</p>
+<pre><code class="java">@Bean
+public Realm realm() {
+  ...
+}
+</code></pre>
+<p>And finally a <code>ShiroFilterChainDefinition</code> which will map any application specific paths to a given filter, in order to allow different paths different levels of access. </p>
+<pre><code class="java">@Bean
+public ShiroFilterChainDefinition shiroFilterChainDefinition() {
+    DefaultShiroFilterChainDefinition chainDefinition = new DefaultShiroFilterChainDefinition();
+    
+    // logged in users with the &#39;admin&#39; role
+    chainDefinition.addPathDefinition(&quot;/admin/**&quot;, &quot;authc, roles[admin]&quot;);
+    
+    // logged in users with the &#39;document:read&#39; permission
+    chainDefinition.addPathDefinition(&quot;/docs/**&quot;, &quot;authc, perms[document:read]&quot;);
+    
+    // all other paths require a logged in user
+    chainDefinition.addPathDefinition(&quot;/**&quot;, &quot;authc&quot;);
+    return chainDefinition;
+}
+</code></pre>
+<p>If you are using Shiro&rsquo;s annotations see the <a href="#Spring-annotations-web">annotation</a> section below.</p>
+<p>You can see a full example in our <a href="https://github.com/apache/shiro/tree/master/samples/spring-boot-web">samples on Github</a>.</p>
+<a name="Spring-annotations"></a>
+<h2><a href="#enabling-shiro-annotations" name="enabling-shiro-annotations">Enabling Shiro Annotations</a></h2>
+<p>In both standalone and web applications, you might want to use Shiro&rsquo;s Annotations for security checks (for example, <code>@RequiresRoles</code>, <code>@RequiresPermissions</code>, etc.) These annotations are enabled automatically in both starters listed above.</p>
+<p>Simply annotate your methods in order to use them:</p>
+<pre><code class="java">@RequiresPermissions(&quot;document:read&quot;)
+public void readDocument() {
+    ...
+}
+</code></pre>
+<a name="Spring-annotations-web"></a>
+<h3><a href="#annotations-and-web-applications" name="annotations-and-web-applications">Annotations and Web Applications</a></h3>
+<p>Shiro annotations are fully supported for use in <code>@Controller</code> classes, for example:</p>
+<pre><code class="java">@Controller
+public class AccountInfoController {
+
+    @RequiresRoles(&quot;admin&quot;)
+    @RequestMapping(&quot;/admin/config&quot;)
+    public String adminConfig(Model model) {
+        return &quot;view&quot;;
+    }
+}
+</code></pre>
+<p>A <code>ShiroFilterChainDefinition</code> bean with at least one definition is still required for this to work, either configure all paths to be accessable via the <code>anon</code> filter or a filter in &lsquo;permissive&rsquo; mode, for example: <code>authcBasic[permissive]</code>.</p>
+<pre><code class="java">@Bean
+public ShiroFilterChainDefinition shiroFilterChainDefinition() {
+    DefaultShiroFilterChainDefinition chainDefinition = new DefaultShiroFilterChainDefinition();
+    chainDefinition.addPathDefinition(&quot;/**&quot;, &quot;anon&quot;); // all paths are managed via annotations
+    
+    // or allow basic authentication, but NOT require it.
+    // chainDefinition.addPathDefinition(&quot;/**&quot;, &quot;authcBasic[permissive]&quot;); 
+    return chainDefinition;
+}
+</code></pre>
+<a name="Spring-caching"></a>
+<h1><a href="#caching" name="caching">Caching</a></h1>
+<p>Enabling caching is as simple as providing a <a href="http://shiro.apache.org/caching.html">CacheManager</a> bean:</p>
+<pre><code class="java">@Bean
+protected CacheManager cacheManager() {
+    return new MemoryConstrainedCacheManager();
+}
+</code></pre>
+<!-- Work around for table styling until, all pages are updated. -->
+<style>
+
+    table, th, td {
+        border: 1px solid black;
+        border-collapse: collapse;
+        border-color: #ccc;
+    }
+    th {
+        background-color: #f0f0f0
+    }
+    th, td {
+        padding: 8px;
+    }
+</style>
+<h1><a href="#configuration-properties" name="configuration-properties">Configuration Properties</a></h1>
+<table>
+  <thead>
+    <tr>
+      <th>Key </th>
+      <th>Default Value </th>
+      <th>Description </th>
+    </tr>
+  </thead>
+  <tbody>
+    <tr>
+      <td>shiro.enabled </td>
+      <td><code>true</code> </td>
+      <td>Enables Shiro&rsquo;s Spring module </td>
+    </tr>
+    <tr>
+      <td>shiro.web.enabled </td>
+      <td><code>true</code> </td>
+      <td>Enables Shiro&rsquo;s Spring web module </td>
+    </tr>
+    <tr>
+      <td>shiro.annotations.enabled </td>
+      <td><code>true</code> </td>
+      <td>Enables Spring support for Shiro&rsquo;s annotations </td>
+    </tr>
+    <tr>
+      <td>shiro.sessionManager.deleteInvalidSessions </td>
+      <td><code>true</code> </td>
+      <td>Remove invalid session from session storage </td>
+    </tr>
+    <tr>
+      <td>shiro.sessionManager.sessionIdCookieEnabled </td>
+      <td><code>true</code> </td>
+      <td>Enable session ID to cookie, for session tracking </td>
+    </tr>
+    <tr>
+      <td>shiro.sessionManager.sessionIdUrlRewritingEnabled </td>
+      <td><code>true</code> </td>
+      <td>Enable session URL rewriting support </td>
+    </tr>
+    <tr>
+      <td>shiro.userNativeSessionManager </td>
+      <td><code>false</code> </td>
+      <td>If enabled Shiro will manage the HTTP sessions instead of the container </td>
+    </tr>
+    <tr>
+      <td>shiro.sessionManager.cookie.name </td>
+      <td><code>JSESSIONID</code> </td>
+      <td>Session cookie name </td>
+    </tr>
+    <tr>
+      <td>shiro.sessionManager.cookie.maxAge </td>
+      <td><code>-1</code> </td>
+      <td>Session cookie max age </td>
+    </tr>
+    <tr>
+      <td>shiro.sessionManager.cookie.domain </td>
+      <td>null </td>
+      <td>Session cookie domain </td>
+    </tr>
+    <tr>
+      <td>shiro.sessionManager.cookie.path </td>
+      <td>null </td>
+      <td>Session cookie path </td>
+    </tr>
+    <tr>
+      <td>shiro.sessionManager.cookie.secure </td>
+      <td><code>false</code> </td>
+      <td>Session cookie secure flag </td>
+    </tr>
+    <tr>
+      <td>shiro.rememberMeManager.cookie.name </td>
+      <td><code>rememberMe</code> </td>
+      <td>RememberMe cookie name </td>
+    </tr>
+    <tr>
+      <td>shiro.rememberMeManager.cookie.maxAge </td>
+      <td>one year </td>
+      <td>RememberMe cookie max age </td>
+    </tr>
+    <tr>
+      <td>shiro.rememberMeManager.cookie.domain </td>
+      <td>null </td>
+      <td>RememberMe cookie domain</td>
+    </tr>
+    <tr>
+      <td>shiro.rememberMeManager.cookie.path </td>
+      <td>null </td>
+      <td>RememberMe cookie path</td>
+    </tr>
+    <tr>
+      <td>shiro.rememberMeManager.cookie.secure </td>
+      <td><code>false</code> </td>
+      <td>RememberMe cookie secure flag</td>
+    </tr>
+    <tr>
+      <td>shiro.loginUrl </td>
+      <td><code>/login.jsp</code> </td>
+      <td>Login URL used when unauthenticated users are redirected to login page </td>
+    </tr>
+    <tr>
+      <td>shiro.successUrl </td>
+      <td><code>/</code> </td>
+      <td>Default landing page after a user logs in (if alternative cannot be found in the current session) </td>
+    </tr>
+    <tr>
+      <td>shiro.unauthorizedUrl </td>
+      <td>null </td>
+      <td>Page to redirect user to if they are unauthorized (403 page) </td>
+    </tr>
+  </tbody>
+</table>
+<input type="hidden" id="ghEditPage" value="spring-boot.md.vtl"></input>
+    
+</div>
+
+    <div class="footer-padding"></div>
+    <footer class="custom-footer">
+
+        <div class="col-md-5">
+            <div class="copyright-footer">
+            <a href="http://www.apache.org/foundation/contributing.html">Donate to the ASF</a> |
+            <a href="http://www.apache.org/licenses/LICENSE-2.0.html">License</a>
+            <p>Copyright &copy; 2008-2016 The Apache Software Foundation</p>
+                </div>
+        </div>
+
+        <div class="social col-md-2">
+            <a class="btn btn-social-icon btn-sm btn-twitter" target="_blank" href="https://twitter.com/ApacheShiro"><span class="fa fa-twitter"></span></a>
+            <a class="btn btn-social-icon btn-sm btn-facebook" target="_blank" href="https://www.facebook.com/ApacheShiro"><span class="fa fa-facebook"></span></a>
+            <a class="btn btn-social-icon btn-sm btn-linkedin" target="_blank" href="https://www.linkedin.com/groups/4382576"><span class="fa fa-linkedin"></span></a>
+        </div>
+
+
+        <div class="col-md-2"></div>
+        <div class="col-md-2 editThisPage">
+            <div class="footer-shield"></div>
+        </div>
+
+    </footer> <!--END FOOTER-->
+
+</body>
+</html>

Added: shiro/site/publish/spring-framework.html
URL: http://svn.apache.org/viewvc/shiro/site/publish/spring-framework.html?rev=1774534&view=auto
==============================================================================
--- shiro/site/publish/spring-framework.html (added)
+++ shiro/site/publish/spring-framework.html Thu Dec 15 23:05:59 2016
@@ -0,0 +1,580 @@
+<!--
+   Licensed to the Apache Software Foundation (ASF) under one or more
+   contributor license agreements.  See the NOTICE file distributed with
+   this work for additional information regarding copyright ownership.
+   The ASF licenses this file to You under the Apache License, Version 2.0
+   (the "License"); you may not use this file except in compliance with
+   the License.  You may obtain a copy of the License at
+
+        http://www.apache.org/licenses/LICENSE-  2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+-->
+<html>
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+<head>
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+    <meta name="description" content="Apache Shiro is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management.">
+    <meta name="google-site-verification" content="QIax6uT5UX3enoU0G8Pz2pXbQ45KaQuHZ3nCh9V27mw">
+    <meta name="google-site-verification" content="ecFap6dWJgS_GCCtxmJQJ_nFYQhM6EgSpBPZDU7xsCE">
+    <meta name="msvalidate.01" content="0B57EB46CBFAD8FD45008D2DB6B6C68C">
+    <meta name="y_key" content="e47896cd6bae4920">
+
+    <title>
+                    Apache Shiro | Simple. Java. Security.
+        </title>
+
+
+    <link rel="icon" type="image/vnd.microsoft.icon" href="./assets/images/favicon.ico">
+    <link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/font-awesome/4.6.3/css/font-awesome.min.css">
+
+    <!-- site styles and  -->
+    <link rel="stylesheet" type="text/css" href="./assets/css/style.css">
+    <script type="text/javascript" src="./assets/js/shiro-site.js"></script>
+
+    <!-- github ribbon -->
+    <link rel="stylesheet" href="./assets/css/gh-pages/gh-fork-ribbon.css" />
+    <!--[if lt IE 9]>
+      <link rel="stylesheet" href="./assets/css/gh-pages/gh-fork-ribbon.ie.css" />
+    <![endif]-->
+
+    <script src="https://code.jquery.com/jquery-3.1.1.min.js" integrity="sha256-hVVnYaiADRTO2PzUGmuLJr8BLUSjGIZsDYGmIJLv2b8=" crossorigin="anonymous"></script>
+
+    <!-- bootstrap -->
+    <link rel="stylesheet" href="./assets/bootstrap/css/bootstrap.min.css">
+    <link rel="stylesheet" href="./assets/bootstrap/css/bootstrap-theme.min.css">
+    <script src="./assets/bootstrap/js/bootstrap.min.js"></script>
+
+    <link rel="stylesheet" href="./assets/css/bootstrap-social.css">
+
+    <!-- Google Analytics -->
+    <script>
+    (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
+                (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
+            m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
+    })(window,document,'script','https://www.google-analytics.com/analytics.js','ga');
+
+    ga('create', 'UA-XXXXX-Y', 'auto');
+    ga('send', 'pageview');
+    </script>
+    <!-- End Google Analytics -->
+
+
+
+    <!-- syntax highlighting -->
+    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/9.7.0/styles/default.min.css" integrity="sha256-Zd1icfZ72UBmsId/mUcagrmN7IN5Qkrvh75ICHIQVTk=" crossorigin="anonymous" />
+    <script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/9.7.0/highlight.min.js" integrity="sha256-s63qpgPYoQk+wv3U6WZqioVJrwFNBTgD4dkeegLuwvo=" crossorigin="anonymous"></script>
+    <script>hljs.initHighlightingOnLoad();</script>
+
+    <script type="text/javascript">
+
+        $( document ).ready(function() {
+            addPageEditLink();
+        });
+    </script>
+</head>
+
+<body>
+
+    <div id="top-bar"></div>
+
+    <div class="container" style="max-width: 1200px;">
+
+    <a class="github-fork-ribbon right-top" href="https://github.com/apache/shiro" title="Fork me on GitHub">Fork me on GitHub</a>
+
+
+
+    <div class="masthead">
+        <p class="lead">
+            <a href="./index.html">
+                <img src="./assets/images/apache-shiro-logo.png" style="height:100px; width:auto; vertical-align: bottom; margin-top: 20px;">
+            </a>
+            <span class="tagline">Simple. Java. Security.</span>
+        </p>
+    </div>
+
+
+
+    <nav class="navbar navbar-default" role="navigation">
+        <!-- Brand and toggle get grouped for better mobile display -->
+        <div class="navbar-header">
+            <button type="button" class="navbar-toggle" data-toggle="collapse"
+                    data-target="#navbar-collapse-1">
+                <span class="sr-only">Toggle navigation</span>
+                <span class="icon-bar"></span>
+                <span class="icon-bar"></span>
+                <span class="icon-bar"></span>
+            </button>
+        </div>
+
+        <!-- Collect the nav links, forms, and other content for toggling -->
+        <div class="collapse navbar-collapse" id="navbar-collapse-1">
+            <ul class="nav navbar-nav">
+                <li><a href="./get-started.html">Get Started</a></li>
+                <li><a href="./documentation.html">Docs</a></li>
+
+                <li class="dropdown">
+                    <a href="#" class="dropdown-toggle" data-toggle="dropdown">
+                        Web Apps <b class="caret"></b>
+                    </a>
+
+                    <ul class="dropdown-menu">
+                        <li><a href="./web.html">General</a></li>
+                        <li class="divider"></li>
+                        <li><a href="./web-features.html">Features</a></li>
+                    </ul>
+                </li>
+
+                <li class="dropdown">
+                    <a href="#" class="dropdown-toggle" data-toggle="dropdown">
+                        Integrations <b class="caret"></b>
+                    </a>
+
+                    <ul class="dropdown-menu">
+                        <li><a href="./spring.html">Spring</a></li>
+                        <li><a href="./guice.html">Guice</a></li>
+                        <li class="divider"></li>
+                        <li><a href="./integration.html">Third-Party Integrations</a></li>
+                    </ul>
+                </li>
+
+                <li><a href="./features.html">Features</a></li>
+
+                <li class="dropdown">
+                    <a href="#" class="dropdown-toggle" data-toggle="dropdown">
+                        Community <b class="caret"></b>
+                    </a>
+                    <ul class="dropdown-menu">
+                        <li><a href="./forums.html">Community Forums</a></li>
+                        <li><a href="./mailing-lists.html">Mailing Lists</a></li>
+                        <li><a href="./articles.html">Articles</a></li>
+                        <li><a href="./news.html">News</a></li>
+                        <li><a href="./events.html">Events</a></li>
+                        <li class="divider"></li>
+                        <li><a href="./community.html">More</a></li>
+                    </ul>
+                </li>
+
+                <li class="dropdown">
+                    <a href="#" class="dropdown-toggle" data-toggle="dropdown">
+                        About <b class="caret"></b>
+                    </a>
+
+                    <ul class="dropdown-menu">
+                        <li><a href="./about.html">About</a></li>
+                        <li><a href="./security-reports.html">Vulnerability Reports</a></li>
+                    </ul>
+                </li>
+
+            </ul>
+
+            <ul class="nav navbar-nav navbar-right">
+                <li class="dropdown">
+                    <a href="http://www.apache.org/" class="dropdown-toggle" data-toggle="dropdown">
+                        Apache Software Foundation <b class="caret"></b></a>
+                    <ul class="dropdown-menu">
+                        <li><a href="http://www.apache.org/">Apache Homepage</a></li>
+                        <li><a href="http://www.apache.org/licenses/">License</a></li>
+                        <li><a href="http://www.apache.org/foundation/sponsorship.html">Sponsorship</a></li>
+                        <li><a href="http://www.apache.org/foundation/thanks.html">Thanks</a></li>
+                        <li><a href="http://www.apache.org/foundation/sponsorship.html">Donate</a></li>
+                        <li><a href="http://www.apache.org/security/">Security</a></li>
+                    </ul>
+                </li>
+            </ul>
+        </div>
+        <!-- /.navbar-collapse -->
+    </nav>
+
+
+            <a name="SpringFramework-IntegratingApacheShirointoSpringbasedApplications"></a>
+<h1>Integrating Apache Shiro into Spring-based Applications</h1>
+<p>This page covers the ways to integrate Shiro into <a href="http://spring.io">Spring</a>-based applications.</p>
+<a name="SpringFramework-StandaloneApplications"></a>
+<h2><a href="#standalone-applications" name="standalone-applications">Standalone Applications</a></h2>
+<p>Include the Shiro Spring dependency in you application classpath (we recomend using a tool such as Apache Maven or Gradle to manage this).</p>
+<ul class="nav nav-tabs">
+    <li class="active"><a data-toggle="tab" href="#maven-cli">Apache Maven</a></li>
+    <li><a data-toggle="tab" href="#gradle-cli">Gradle</a></li>
+</ul>
+<div class="tab-content">
+    <div id="maven-cli" class="tab-pane fade in active">
+    <pre><code class='xml'>&lt;dependency&gt;
+    &lt;groupId&gt;org.apache.shiro&lt;/groupId&gt;
+    &lt;artifactId&gt;shiro-spring&lt;/artifactId&gt;
+    &lt;version&gt;${earlyRelease}&lt;/version&gt;
+&lt;/dependency&gt;
+&lt;dependency&gt;
+    &lt;groupId&gt;org.springframework&lt;/groupId&gt;
+    &lt;artifactId&gt;spring-context&lt;/artifactId&gt;
+    &lt;version&gt;${spring.version}&lt;/version&gt;
+&lt;/dependency&gt;
+</code></pre>
+    </div>
+    <div id="gradle-cli" class="tab-pane fade">
+        <pre><code class='groovy'>compile 'org.apache.shiro:shiro-spring:${earlyRelease}'
+compile 'org.springframework:spring-context:${spring.version}'
+</code></pre>
+    </div>
+</div>
+<p>Import the Shiro Spring configurations:</p>
+<pre><code class="java">@Configuration
+@Import({ShiroBeanConfiguration.class,
+         ShiroConfiguration.class,
+         ShiroAnnotationProcessorConfiguration.class})
+public class CliAppConfig {
+   ...
+}
+</code></pre>
+<p>The above configurations do the following:</p>
+<table>
+  <thead>
+    <tr>
+      <th>Configuration Class </th>
+      <th>Description </th>
+    </tr>
+  </thead>
+  <tbody>
+    <tr>
+      <td>org.apache.shiro.spring.config.ShiroBeanConfiguration </td>
+      <td>Configures Shiro&rsquo;s lifecycle and events </td>
+    </tr>
+    <tr>
+      <td>org.apache.shiro.spring.config.ShiroConfiguration </td>
+      <td>Configures Shiro Beans (SecurityManager, SessionManager, etc) </td>
+    </tr>
+    <tr>
+      <td>org.apache.shiro.spring.config.ShiroAnnotationProcessorConfiguration </td>
+      <td>Enables Shiro&rsquo;s annotation processing </td>
+    </tr>
+  </tbody>
+</table>
+<p>The only thing that is left is to configure a <a href="realm.html">realm</a>:</p>
+<pre><code class="java">@Bean
+public Realm realm() {
+  ...
+}
+</code></pre>
+<p>The easiest way to setup Shiro, so that all SecurityUtils.* methods work in all cases, is to make the <code>SecurityManager</code> bean a static singleton. DO NOT do this in web applications - see the <a href="#Spring-WebApplications">Web Applications</a> section below instead.</p>
+<pre><code class="java">@Autowired
+private SecurityManager securityManager;
+    
+ @PostConstruct
+ private void initStaticSecurityManager() {
+     SecurityUtils.setSecurityManager(securityManager);
+ }
+</code></pre>
+<p>That is it, now you can get the current <code>Subject</code> using:</p>
+<pre><code class="java">SecurityUtils.getSubject();
+</code></pre>
+<p>You can see a full example in our <a href="https://github.com/apache/shiro/tree/master/samples/spring">samples on Github</a>.</p>
+<a name="SpringFramework-WebApplications"></a>
+<h2><a href="#web-applications" name="web-applications">Web Applications</a></h2>
+<p>Shiro has first-class support for Spring web applications. In a web application, all Shiro-accessible web requests must go through a master Shiro Filter. This filter itself is extremely powerful, allowing for ad-hoc custom filter chains to be executed based on any URL path expression.</p>
+<p>Include the Shiro Spring web dependencies in you application classpath (we recomend using a tool such as Apache Maven or Gradle to manage this).</p>
+<ul class="nav nav-tabs">
+    <li class="active"><a data-toggle="tab" href="#maven-web">Apache Maven</a></li>
+    <li><a data-toggle="tab" href="#gradle-web">Gradle</a></li>
+</ul>
+<div class="tab-content">
+    <div id="maven-web" class="tab-pane fade in active">
+    <pre><code class='xml'>&lt;dependency&gt;
+    &lt;groupId&gt;org.apache.shiro&lt;/groupId&gt;
+    &lt;artifactId&gt;shiro-spring&lt;/artifactId&gt;
+    &lt;version&gt;${earlyRelease}&lt;/version&gt;
+&lt;/dependency&gt;
+&lt;dependency&gt;
+    &lt;groupId&gt;org.apache.shiro&lt;/groupId&gt;
+    &lt;artifactId&gt;shiro-web&lt;/artifactId&gt;
+    &lt;version&gt;${earlyRelease}&lt;/version&gt;
+&lt;/dependency&gt;
+&lt;dependency&gt;
+    &lt;groupId&gt;org.springframework&lt;/groupId&gt;
+    &lt;artifactId&gt;spring-webmvc&lt;/artifactId&gt;
+    &lt;version&gt;${spring.version}&lt;/version&gt;
+&lt;/dependency&gt;
+</code></pre>
+    </div>
+    <div id="gradle-web" class="tab-pane fade">
+        <pre><code class='groovy'>compile 'org.apache.shiro:shiro-spring:${earlyRelease}'
+compile 'org.apache.shiro:shiro-web:${earlyRelease}'
+compile 'org.springframework:spring-webmvc:${spring.version}'
+</code></pre>
+    </div>
+</div>
+<p>Import the Shiro Spring configurations:</p>
+<pre><code class="java">@Configuration
+@Import({ShiroBeanConfiguration.class,
+        ShiroAnnotationProcessorConfiguration.class,
+        ShiroWebConfiguration.class,
+        ShiroWebFilterConfiguration.class})
+public class ApplicationConfig {
+  ...
+}
+</code></pre>
+<p>The above configurations do the following:</p>
+<table>
+  <thead>
+    <tr>
+      <th>Configuration Class </th>
+      <th>Description </th>
+    </tr>
+  </thead>
+  <tbody>
+    <tr>
+      <td>org.apache.shiro.spring.config.ShiroBeanConfiguration </td>
+      <td>Configures Shiro&rsquo;s lifecycle and events </td>
+    </tr>
+    <tr>
+      <td>org.apache.shiro.spring.config.ShiroAnnotationProcessorConfiguration </td>
+      <td>Enables Shiro&rsquo;s annotation processing </td>
+    </tr>
+    <tr>
+      <td>org.apache.shiro.spring.web.config.ShiroWebConfiguration </td>
+      <td>Configures Shiro Beans for web usage (SecurityManager, SessionManager, etc) </td>
+    </tr>
+    <tr>
+      <td>org.apache.shiro.spring.web.config.ShiroWebFilterConfiguration </td>
+      <td>Configures Shiro&rsquo;s web filter </td>
+    </tr>
+  </tbody>
+</table>
+<p>Provide a Realm implementation:</p>
+<pre><code class="java">@Bean
+public Realm realm() {
+  ...
+}
+</code></pre>
+<p>And finally a <code>ShiroFilterChainDefinition</code> which will map any application specific paths to a given filter, in order to allow different paths different levels of access. </p>
+<pre><code class="java">@Bean
+public ShiroFilterChainDefinition shiroFilterChainDefinition() {
+    DefaultShiroFilterChainDefinition chainDefinition = new DefaultShiroFilterChainDefinition();
+    
+    // logged in users with the &#39;admin&#39; role
+    chainDefinition.addPathDefinition(&quot;/admin/**&quot;, &quot;authc, roles[admin]&quot;);
+    
+    // logged in users with the &#39;document:read&#39; permission
+    chainDefinition.addPathDefinition(&quot;/docs/**&quot;, &quot;authc, perms[document:read]&quot;);
+    
+    // all other paths require a logged in user
+    chainDefinition.addPathDefinition(&quot;/**&quot;, &quot;authc&quot;);
+    return chainDefinition;
+}
+</code></pre>
+<p>If you are using Shiro&rsquo;s annotations see the <a href="#Spring-annotations-web">annotation</a> section below.</p>
+<p>You can see a full example in our <a href="https://github.com/apache/shiro/tree/master/samples/spring-mvc">samples on Github</a>.</p>
+<a name="Spring-annotations"></a>
+<h2><a href="#enabling-shiro-annotations" name="enabling-shiro-annotations">Enabling Shiro Annotations</a></h2>
+<p>In both standalone and web applications, you might want to use Shiro&rsquo;s Annotations for security checks (for example, <code>@RequiresRoles</code>, <code>@RequiresPermissions</code>, etc.) These annotations are enabled by importing the <code>ShiroAnnotationProcessorConfiguration</code> Spring configuration in both sections above.</p>
+<p>Simply annotate your methods in order to use them:</p>
+<pre><code class="java">@RequiresPermissions(&quot;document:read&quot;)
+public void readDocument() {
+    ...
+}
+</code></pre>
+<a name="Spring-annotations-web"></a>
+<h3><a href="#annotations-and-web-applications" name="annotations-and-web-applications">Annotations and Web Applications</a></h3>
+<p>Shiro annotations are fully supported for use in <code>@Controller</code> classes, for example:</p>
+<pre><code class="java">@Controller
+public class AccountInfoController {
+
+    @RequiresRoles(&quot;admin&quot;)
+    @RequestMapping(&quot;/admin/config&quot;)
+    public String adminConfig(Model model) {
+        return &quot;view&quot;;
+    }
+}
+</code></pre>
+<p>A <code>ShiroFilterChainDefinition</code> bean with at least one definition is still required for this to work, either configure all paths to be accessable via the <code>anon</code> filter or a filter in &lsquo;permissive&rsquo; mode, for example: <code>authcBasic[permissive]</code>.</p>
+<pre><code class="java">@Bean
+public ShiroFilterChainDefinition shiroFilterChainDefinition() {
+    DefaultShiroFilterChainDefinition chainDefinition = new DefaultShiroFilterChainDefinition();
+    chainDefinition.addPathDefinition(&quot;/**&quot;, &quot;anon&quot;); // all paths are managed via annotations
+    
+    // or allow basic authentication, but NOT require it.
+    // chainDefinition.addPathDefinition(&quot;/**&quot;, &quot;authcBasic[permissive]&quot;); 
+    return chainDefinition;
+}
+</code></pre>
+<a name="Spring-caching"></a>
+<h1><a href="#caching" name="caching">Caching</a></h1>
+<p>Enabling caching is as simple as providing a <a href="http://shiro.apache.org/caching.html">CacheManager</a> bean:</p>
+<pre><code class="java">@Bean
+protected CacheManager cacheManager() {
+    return new MemoryConstrainedCacheManager();
+}
+</code></pre>
+<!-- Work around for table styling until, all pages are updated. -->
+<style>
+
+    table, th, td {
+        border: 1px solid black;
+        border-collapse: collapse;
+        border-color: #ccc;
+    }
+    th {
+        background-color: #f0f0f0
+    }
+    th, td {
+        padding: 8px;
+    }
+</style>
+<h1><a href="#configuration-properties" name="configuration-properties">Configuration Properties</a></h1>
+<table>
+  <thead>
+    <tr>
+      <th>Key </th>
+      <th>Default Value </th>
+      <th>Description </th>
+    </tr>
+  </thead>
+  <tbody>
+    <tr>
+      <td>shiro.sessionManager.deleteInvalidSessions </td>
+      <td><code>true</code> </td>
+      <td>Remove invalid session from session storage </td>
+    </tr>
+    <tr>
+      <td>shiro.sessionManager.sessionIdCookieEnabled </td>
+      <td><code>true</code> </td>
+      <td>Enable session ID to cookie, for session tracking </td>
+    </tr>
+    <tr>
+      <td>shiro.sessionManager.sessionIdUrlRewritingEnabled </td>
+      <td><code>true</code> </td>
+      <td>Enable session URL rewriting support </td>
+    </tr>
+    <tr>
+      <td>shiro.userNativeSessionManager </td>
+      <td><code>false</code> </td>
+      <td>If enabled Shiro will manage the HTTP sessions instead of the container </td>
+    </tr>
+    <tr>
+      <td>shiro.sessionManager.cookie.name </td>
+      <td><code>JSESSIONID</code> </td>
+      <td>Session cookie name </td>
+    </tr>
+    <tr>
+      <td>shiro.sessionManager.cookie.maxAge </td>
+      <td><code>-1</code> </td>
+      <td>Session cookie max age </td>
+    </tr>
+    <tr>
+      <td>shiro.sessionManager.cookie.domain </td>
+      <td>null </td>
+      <td>Session cookie domain </td>
+    </tr>
+    <tr>
+      <td>shiro.sessionManager.cookie.path </td>
+      <td>null </td>
+      <td>Session cookie path </td>
+    </tr>
+    <tr>
+      <td>shiro.sessionManager.cookie.secure </td>
+      <td><code>false</code> </td>
+      <td>Session cookie secure flag </td>
+    </tr>
+    <tr>
+      <td>shiro.rememberMeManager.cookie.name </td>
+      <td><code>rememberMe</code> </td>
+      <td>RememberMe cookie name </td>
+    </tr>
+    <tr>
+      <td>shiro.rememberMeManager.cookie.maxAge </td>
+      <td>one year </td>
+      <td>RememberMe cookie max age </td>
+    </tr>
+    <tr>
+      <td>shiro.rememberMeManager.cookie.domain </td>
+      <td>null </td>
+      <td>RememberMe cookie domain</td>
+    </tr>
+    <tr>
+      <td>shiro.rememberMeManager.cookie.path </td>
+      <td>null </td>
+      <td>RememberMe cookie path</td>
+    </tr>
+    <tr>
+      <td>shiro.rememberMeManager.cookie.secure </td>
+      <td><code>false</code> </td>
+      <td>RememberMe cookie secure flag</td>
+    </tr>
+    <tr>
+      <td>shiro.loginUrl </td>
+      <td><code>/login.jsp</code> </td>
+      <td>Login URL used when unauthenticated users are redirected to login page </td>
+    </tr>
+    <tr>
+      <td>shiro.successUrl </td>
+      <td><code>/</code> </td>
+      <td>Default landing page after a user logs in (if alternative cannot be found in the current session) </td>
+    </tr>
+    <tr>
+      <td>shiro.unauthorizedUrl </td>
+      <td>null </td>
+      <td>Page to redirect user to if they are unauthorized (403 page) </td>
+    </tr>
+  </tbody>
+</table>
+<input type="hidden" id="ghEditPage" value="spring-framework.md.vtl"></input>
+    
+</div>
+
+    <div class="footer-padding"></div>
+    <footer class="custom-footer">
+
+        <div class="col-md-5">
+            <div class="copyright-footer">
+            <a href="http://www.apache.org/foundation/contributing.html">Donate to the ASF</a> |
+            <a href="http://www.apache.org/licenses/LICENSE-2.0.html">License</a>
+            <p>Copyright &copy; 2008-2016 The Apache Software Foundation</p>
+                </div>
+        </div>
+
+        <div class="social col-md-2">
+            <a class="btn btn-social-icon btn-sm btn-twitter" target="_blank" href="https://twitter.com/ApacheShiro"><span class="fa fa-twitter"></span></a>
+            <a class="btn btn-social-icon btn-sm btn-facebook" target="_blank" href="https://www.facebook.com/ApacheShiro"><span class="fa fa-facebook"></span></a>
+            <a class="btn btn-social-icon btn-sm btn-linkedin" target="_blank" href="https://www.linkedin.com/groups/4382576"><span class="fa fa-linkedin"></span></a>
+        </div>
+
+
+        <div class="col-md-2"></div>
+        <div class="col-md-2 editThisPage">
+            <div class="footer-shield"></div>
+        </div>
+
+    </footer> <!--END FOOTER-->
+
+</body>
+</html>

Added: shiro/site/publish/spring-xml.html
URL: http://svn.apache.org/viewvc/shiro/site/publish/spring-xml.html?rev=1774534&view=auto
==============================================================================
--- shiro/site/publish/spring-xml.html (added)
+++ shiro/site/publish/spring-xml.html Thu Dec 15 23:05:59 2016
@@ -0,0 +1,405 @@
+<!--
+   Licensed to the Apache Software Foundation (ASF) under one or more
+   contributor license agreements.  See the NOTICE file distributed with
+   this work for additional information regarding copyright ownership.
+   The ASF licenses this file to You under the Apache License, Version 2.0
+   (the "License"); you may not use this file except in compliance with
+   the License.  You may obtain a copy of the License at
+
+        http://www.apache.org/licenses/LICENSE-  2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+-->
+<html>
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+<head>
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+    <meta name="description" content="Apache Shiro is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management.">
+    <meta name="google-site-verification" content="QIax6uT5UX3enoU0G8Pz2pXbQ45KaQuHZ3nCh9V27mw">
+    <meta name="google-site-verification" content="ecFap6dWJgS_GCCtxmJQJ_nFYQhM6EgSpBPZDU7xsCE">
+    <meta name="msvalidate.01" content="0B57EB46CBFAD8FD45008D2DB6B6C68C">
+    <meta name="y_key" content="e47896cd6bae4920">
+
+    <title>
+                    Apache Shiro | Simple. Java. Security.
+        </title>
+
+
+    <link rel="icon" type="image/vnd.microsoft.icon" href="./assets/images/favicon.ico">
+    <link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/font-awesome/4.6.3/css/font-awesome.min.css">
+
+    <!-- site styles and  -->
+    <link rel="stylesheet" type="text/css" href="./assets/css/style.css">
+    <script type="text/javascript" src="./assets/js/shiro-site.js"></script>
+
+    <!-- github ribbon -->
+    <link rel="stylesheet" href="./assets/css/gh-pages/gh-fork-ribbon.css" />
+    <!--[if lt IE 9]>
+      <link rel="stylesheet" href="./assets/css/gh-pages/gh-fork-ribbon.ie.css" />
+    <![endif]-->
+
+    <script src="https://code.jquery.com/jquery-3.1.1.min.js" integrity="sha256-hVVnYaiADRTO2PzUGmuLJr8BLUSjGIZsDYGmIJLv2b8=" crossorigin="anonymous"></script>
+
+    <!-- bootstrap -->
+    <link rel="stylesheet" href="./assets/bootstrap/css/bootstrap.min.css">
+    <link rel="stylesheet" href="./assets/bootstrap/css/bootstrap-theme.min.css">
+    <script src="./assets/bootstrap/js/bootstrap.min.js"></script>
+
+    <link rel="stylesheet" href="./assets/css/bootstrap-social.css">
+
+    <!-- Google Analytics -->
+    <script>
+    (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
+                (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
+            m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
+    })(window,document,'script','https://www.google-analytics.com/analytics.js','ga');
+
+    ga('create', 'UA-XXXXX-Y', 'auto');
+    ga('send', 'pageview');
+    </script>
+    <!-- End Google Analytics -->
+
+
+
+    <!-- syntax highlighting -->
+    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/9.7.0/styles/default.min.css" integrity="sha256-Zd1icfZ72UBmsId/mUcagrmN7IN5Qkrvh75ICHIQVTk=" crossorigin="anonymous" />
+    <script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/9.7.0/highlight.min.js" integrity="sha256-s63qpgPYoQk+wv3U6WZqioVJrwFNBTgD4dkeegLuwvo=" crossorigin="anonymous"></script>
+    <script>hljs.initHighlightingOnLoad();</script>
+
+    <script type="text/javascript">
+
+        $( document ).ready(function() {
+            addPageEditLink();
+        });
+    </script>
+</head>
+
+<body>
+
+    <div id="top-bar"></div>
+
+    <div class="container" style="max-width: 1200px;">
+
+    <a class="github-fork-ribbon right-top" href="https://github.com/apache/shiro" title="Fork me on GitHub">Fork me on GitHub</a>
+
+
+
+    <div class="masthead">
+        <p class="lead">
+            <a href="./index.html">
+                <img src="./assets/images/apache-shiro-logo.png" style="height:100px; width:auto; vertical-align: bottom; margin-top: 20px;">
+            </a>
+            <span class="tagline">Simple. Java. Security.</span>
+        </p>
+    </div>
+
+
+
+    <nav class="navbar navbar-default" role="navigation">
+        <!-- Brand and toggle get grouped for better mobile display -->
+        <div class="navbar-header">
+            <button type="button" class="navbar-toggle" data-toggle="collapse"
+                    data-target="#navbar-collapse-1">
+                <span class="sr-only">Toggle navigation</span>
+                <span class="icon-bar"></span>
+                <span class="icon-bar"></span>
+                <span class="icon-bar"></span>
+            </button>
+        </div>
+
+        <!-- Collect the nav links, forms, and other content for toggling -->
+        <div class="collapse navbar-collapse" id="navbar-collapse-1">
+            <ul class="nav navbar-nav">
+                <li><a href="./get-started.html">Get Started</a></li>
+                <li><a href="./documentation.html">Docs</a></li>
+
+                <li class="dropdown">
+                    <a href="#" class="dropdown-toggle" data-toggle="dropdown">
+                        Web Apps <b class="caret"></b>
+                    </a>
+
+                    <ul class="dropdown-menu">
+                        <li><a href="./web.html">General</a></li>
+                        <li class="divider"></li>
+                        <li><a href="./web-features.html">Features</a></li>
+                    </ul>
+                </li>
+
+                <li class="dropdown">
+                    <a href="#" class="dropdown-toggle" data-toggle="dropdown">
+                        Integrations <b class="caret"></b>
+                    </a>
+
+                    <ul class="dropdown-menu">
+                        <li><a href="./spring.html">Spring</a></li>
+                        <li><a href="./guice.html">Guice</a></li>
+                        <li class="divider"></li>
+                        <li><a href="./integration.html">Third-Party Integrations</a></li>
+                    </ul>
+                </li>
+
+                <li><a href="./features.html">Features</a></li>
+
+                <li class="dropdown">
+                    <a href="#" class="dropdown-toggle" data-toggle="dropdown">
+                        Community <b class="caret"></b>
+                    </a>
+                    <ul class="dropdown-menu">
+                        <li><a href="./forums.html">Community Forums</a></li>
+                        <li><a href="./mailing-lists.html">Mailing Lists</a></li>
+                        <li><a href="./articles.html">Articles</a></li>
+                        <li><a href="./news.html">News</a></li>
+                        <li><a href="./events.html">Events</a></li>
+                        <li class="divider"></li>
+                        <li><a href="./community.html">More</a></li>
+                    </ul>
+                </li>
+
+                <li class="dropdown">
+                    <a href="#" class="dropdown-toggle" data-toggle="dropdown">
+                        About <b class="caret"></b>
+                    </a>
+
+                    <ul class="dropdown-menu">
+                        <li><a href="./about.html">About</a></li>
+                        <li><a href="./security-reports.html">Vulnerability Reports</a></li>
+                    </ul>
+                </li>
+
+            </ul>
+
+            <ul class="nav navbar-nav navbar-right">
+                <li class="dropdown">
+                    <a href="http://www.apache.org/" class="dropdown-toggle" data-toggle="dropdown">
+                        Apache Software Foundation <b class="caret"></b></a>
+                    <ul class="dropdown-menu">
+                        <li><a href="http://www.apache.org/">Apache Homepage</a></li>
+                        <li><a href="http://www.apache.org/licenses/">License</a></li>
+                        <li><a href="http://www.apache.org/foundation/sponsorship.html">Sponsorship</a></li>
+                        <li><a href="http://www.apache.org/foundation/thanks.html">Thanks</a></li>
+                        <li><a href="http://www.apache.org/foundation/sponsorship.html">Donate</a></li>
+                        <li><a href="http://www.apache.org/security/">Security</a></li>
+                    </ul>
+                </li>
+            </ul>
+        </div>
+        <!-- /.navbar-collapse -->
+    </nav>
+
+
+            <a name="SpringXml-IntegratingApacheShirointoSpringbasedApplications"></a>
+<h1>Integrating Apache Shiro into Spring-based Applications</h1>
+<p>This page covers the ways to integrate Shiro into <a href="http://spring.io">Spring</a>-based applications.</p>
+<p>Shiro&rsquo;s JavaBeans compatibility makes it perfectly suited to be configured via Spring XML or other Spring-based configuration mechanisms. Shiro applications need an application singleton <code>SecurityManager</code> instance. Note that this does not have to be a <em>static</em> singleton, but there should only be a single instance used by the application, whether its a static singleton or not.</p>
+<h2><a name="SpringXml-StandaloneApplications"></a>Standalone Applications</h2>
+<p>Here is the simplest way to enable an application singleton <code>SecurityManager</code> in Spring applications:</p>
+<pre><code class="xml">&lt;!-- Define the realm you want to use to connect to your back-end security datasource: --&gt;
+&lt;bean id=&quot;myRealm&quot; class=&quot;...&quot;&gt;
+    ...
+&lt;/bean&gt;
+
+&lt;bean id=&quot;securityManager&quot; class=&quot;org.apache.shiro.mgt.DefaultSecurityManager&quot;&gt;
+    &lt;!-- Single realm app.  If you have multiple realms, use the &#39;realms&#39; property instead. --&gt;
+    &lt;property name=&quot;realm&quot; ref=&quot;myRealm&quot;/&gt;
+&lt;/bean&gt;
+
+&lt;bean id=&quot;lifecycleBeanPostProcessor&quot; class=&quot;org.apache.shiro.spring.LifecycleBeanPostProcessor&quot;/&gt;
+
+&lt;!-- For simplest integration, so that all SecurityUtils.* methods work in all cases, --&gt;
+&lt;!-- make the securityManager bean a static singleton.  DO NOT do this in web         --&gt;
+&lt;!-- applications - see the &#39;Web Applications&#39; section below instead.                 --&gt;
+&lt;bean class=&quot;org.springframework.beans.factory.config.MethodInvokingFactoryBean&quot;&gt;
+    &lt;property name=&quot;staticMethod&quot; value=&quot;org.apache.shiro.SecurityUtils.setSecurityManager&quot;/&gt;
+    &lt;property name=&quot;arguments&quot; ref=&quot;securityManager&quot;/&gt;
+&lt;/bean&gt;
+</code></pre>
+<a name="SpringXml-WebApplications"></a>
+<h2><a href="#web-applications" name="web-applications">Web Applications</a></h2>
+<p>Shiro has first-rate support for Spring web applications. In a web application, all Shiro-accessible web requests must go through a master Shiro Filter. This filter itself is extremely powerful, allowing for<br/>ad-hoc custom filter chains to be executed based on any URL path expression.</p>
+<p>Prior to Shiro 1.0, you had to use a hybrid approach in Spring web applications, defining the Shiro filter and<br/>all of its configuration properties in web.xml but define the <code>SecurityManager</code> in Spring XML. This was a little frustrating since you couldn&rsquo;t 1) consolidate your configuration in one place and 2) leverage the configuration power of the more advanced Spring features, like the <code>PropertyPlaceholderConfigurer</code> or abstract beans to consolidate common configuration.</p>
+<p>Now in Shiro 1.0 and later, all Shiro configuration is done in Spring XML providing access to the more robust Spring configuration mechanisms.</p>
+<p>Here is how to configure Shiro in a Spring-based web application:</p>
+<a name="SpringXml-web.xml"></a>
+<h3>web.xml</h3>
+<p>In addition to your other Spring web.xml elements (<code>ContextLoaderListener</code>, <code>Log4jConfigListener</code>, etc), define the following filter and filter mapping:</p>
+<pre><code class="xml">&lt;!-- The filter-name matches name of a &#39;shiroFilter&#39; bean inside applicationContext.xml --&gt;
+&lt;filter&gt;
+    &lt;filter-name&gt;shiroFilter&lt;/filter-name&gt;
+    &lt;filter-class&gt;org.springframework.web.filter.DelegatingFilterProxy&lt;/filter-class&gt;
+    &lt;init-param&gt;
+        &lt;param-name&gt;targetFilterLifecycle&lt;/param-name&gt;
+        &lt;param-value&gt;true&lt;/param-value&gt;
+    &lt;/init-param&gt;
+&lt;/filter&gt;
+
+...
+
+&lt;!-- Make sure any request you want accessible to Shiro is filtered. /* catches all --&gt;
+&lt;!-- requests.  Usually this filter mapping is defined first (before all others) to --&gt;
+&lt;!-- ensure that Shiro works in subsequent filters in the filter chain:             --&gt;
+&lt;filter-mapping&gt;
+    &lt;filter-name&gt;shiroFilter&lt;/filter-name&gt;
+    &lt;url-pattern&gt;/*&lt;/url-pattern&gt;
+&lt;/filter-mapping&gt;
+</code></pre>
+<p>You can see a full example in our <a href="https://github.com/apache/shiro/tree/master/samples/spring-xml">samples on Github</a>.</p>
+<a name="SpringXml-applicationContext.xml"></a>
+<h3>applicationContext.xml</h3>
+<p>In your applicationContext.xml file, define the web-enabled <code>SecurityManager</code> and the &lsquo;shiroFilter&rsquo; bean that will be referenced from <code>web.xml</code>.</p>
+<pre><code class="xml">&lt;bean id=&quot;shiroFilter&quot; class=&quot;org.apache.shiro.spring.web.ShiroFilterFactoryBean&quot;&gt;
+    &lt;property name=&quot;securityManager&quot; ref=&quot;securityManager&quot;/&gt;
+    &lt;!-- override these for application-specific URLs if you like:
+    &lt;property name=&quot;loginUrl&quot; value=&quot;/login.jsp&quot;/&gt;
+    &lt;property name=&quot;successUrl&quot; value=&quot;/home.jsp&quot;/&gt;
+    &lt;property name=&quot;unauthorizedUrl&quot; value=&quot;/unauthorized.jsp&quot;/&gt; --&gt;
+    &lt;!-- The &#39;filters&#39; property is not necessary since any declared javax.servlet.Filter bean  --&gt;
+    &lt;!-- defined will be automatically acquired and available via its beanName in chain        --&gt;
+    &lt;!-- definitions, but you can perform instance overrides or name aliases here if you like: --&gt;
+    &lt;!-- &lt;property name=&quot;filters&quot;&gt;
+        &lt;util:map&gt;
+            &lt;entry key=&quot;anAlias&quot; value-ref=&quot;someFilter&quot;/&gt;
+        &lt;/util:map&gt;
+    &lt;/property&gt; --&gt;
+    &lt;property name=&quot;filterChainDefinitions&quot;&gt;
+        &lt;value&gt;
+            # some example chain definitions:
+            /admin/** = authc, roles[admin]
+            /docs/** = authc, perms[document:read]
+            /** = authc
+            # more URL-to-FilterChain definitions here
+        &lt;/value&gt;
+    &lt;/property&gt;
+&lt;/bean&gt;
+
+&lt;!-- Define any javax.servlet.Filter beans you want anywhere in this application context.   --&gt;
+&lt;!-- They will automatically be acquired by the &#39;shiroFilter&#39; bean above and made available --&gt;
+&lt;!-- to the &#39;filterChainDefinitions&#39; property.  Or you can manually/explicitly add them     --&gt;
+&lt;!-- to the shiroFilter&#39;s &#39;filters&#39; Map if desired. See its JavaDoc for more details.       --&gt;
+&lt;bean id=&quot;someFilter&quot; class=&quot;...&quot;/&gt;
+&lt;bean id=&quot;anotherFilter&quot; class=&quot;...&quot;&gt; ... &lt;/bean&gt;
+...
+
+&lt;bean id=&quot;securityManager&quot; class=&quot;org.apache.shiro.web.mgt.DefaultWebSecurityManager&quot;&gt;
+    &lt;!-- Single realm app.  If you have multiple realms, use the &#39;realms&#39; property instead. --&gt;
+    &lt;property name=&quot;realm&quot; ref=&quot;myRealm&quot;/&gt;
+    &lt;!-- By default the servlet container sessions will be used.  Uncomment this line
+         to use shiro&#39;s native sessions (see the JavaDoc for more): --&gt;
+    &lt;!-- &lt;property name=&quot;sessionMode&quot; value=&quot;native&quot;/&gt; --&gt;
+&lt;/bean&gt;
+&lt;bean id=&quot;lifecycleBeanPostProcessor&quot; class=&quot;org.apache.shiro.spring.LifecycleBeanPostProcessor&quot;/&gt;
+
+&lt;!-- Define the Shiro Realm implementation you want to use to connect to your back-end --&gt;
+&lt;!-- security datasource: --&gt;
+&lt;bean id=&quot;myRealm&quot; class=&quot;...&quot;&gt;
+    ...
+&lt;/bean&gt;
+</code></pre>
+<a name="SpringXml-EnablingShiroAnnotations"></a>
+<h2><a href="#enabling-shiro-annotations" name="enabling-shiro-annotations">Enabling Shiro Annotations</a></h2>
+<p>In both standalone and web applications, you might want to use Shiro&rsquo;s Annotations for security checks (for example, <code>@RequiresRoles</code>, <code>@RequiresPermissions</code>, etc. This requires Shiro&rsquo;s Spring AOP integration to scan for the appropriate annotated classes and perform security logic as necessary.</p>
+<p>Here is how to enable these annotations. Just add these two bean definitions to <code>applicationContext.xml</code>:</p>
+<pre><code class="xml">&lt;!-- Enable Shiro Annotations for Spring-configured beans.  Only run after --&gt;
+&lt;!-- the lifecycleBeanProcessor has run: --&gt;
+&lt;bean class=&quot;org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator&quot; depends-on=&quot;lifecycleBeanPostProcessor&quot;/&gt;
+    &lt;bean class=&quot;org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor&quot;&gt;
+    &lt;property name=&quot;securityManager&quot; ref=&quot;securityManager&quot;/&gt;
+&lt;/bean&gt;
+</code></pre>
+<a name="SpringXml-SecureSpringRemoting"></a>
+<h2><a href="#secure-spring-remoting" name="secure-spring-remoting">Secure Spring Remoting</a></h2>
+<p>There are two parts to Shiro&rsquo;s Spring remoting support: Configuration for the client making the remoting call and configuration for the server receiving and processing the remoting call.</p>
+<a name="SpringXml-ServersideConfiguration"></a>
+<h3>Server-side Configuration</h3>
+<p>When a remote method invocation comes in to a Shiro-enabled server, the <a href="subject.html" title="Subject">Subject</a> associated with that RPC call must be bound to the receiving thread for access during the thread&rsquo;s execution. This is done by defining Shiro&rsquo;s <code>SecureRemoteInvocationExecutor</code> bean in <code>applicationContext.xml</code>:</p>
+<pre><code class="xml">&lt;!-- Secure Spring remoting:  Ensure any Spring Remoting method invocations --&gt;
+&lt;!-- can be associated with a Subject for security checks. --&gt;
+&lt;bean id=&quot;secureRemoteInvocationExecutor&quot; class=&quot;org.apache.shiro.spring.remoting.SecureRemoteInvocationExecutor&quot;&gt;
+    &lt;property name=&quot;securityManager&quot; ref=&quot;securityManager&quot;/&gt;
+&lt;/bean&gt;
+</code></pre>
+<p>Once you have defined this bean, you must plug it in to whatever remoting <code>Exporter</code> you are using to export/expose your services. <code>Exporter</code> implementations are defined according to the remoting mechanism/protocol in use. See Spring&rsquo;s <a href="http://docs.spring.io/spring/docs/2.5.x/reference/remoting.html">Remoting chapter</a> on defining <code>Exporter</code> beans.</p>
+<p>For example, if using HTTP-based remoting (notice the property reference to the <code>secureRemoteInvocationExecutor</code> bean):</p>
+<pre><code class="xml">&lt;bean name=&quot;/someService&quot; class=&quot;org.springframework.remoting.httpinvoker.HttpInvokerServiceExporter&quot;&gt;
+    &lt;property name=&quot;service&quot; ref=&quot;someService&quot;/&gt;
+    &lt;property name=&quot;serviceInterface&quot; value=&quot;com.pkg.service.SomeService&quot;/&gt;
+    &lt;property name=&quot;remoteInvocationExecutor&quot; ref=&quot;secureRemoteInvocationExecutor&quot;/&gt;
+&lt;/bean&gt;
+</code></pre>
+<a name="SpringXml-ClientsideConfiguration"></a>
+<h3>Client-side Configuration</h3>
+<p>When a remote call is being executed, the <code>Subject</code> identifying information must be attached to the remoting payload to let the server know who is making the call. If the client is a Spring-based client, that association is done via Shiro&rsquo;s <code>SecureRemoteInvocationFactory</code>:</p>
+<pre><code class="xml">&lt;bean id=&quot;secureRemoteInvocationFactory&quot; class=&quot;org.apache.shiro.spring.remoting.SecureRemoteInvocationFactory&quot;/&gt;
+</code></pre>
+<p>Then after you&rsquo;ve defined this bean, you need to plug it in to the protocol-specific Spring remoting <code>ProxyFactoryBean</code> you&rsquo;re using.</p>
+<p>For example, if you were using HTTP-based remoting (notice the property reference to the <code>secureRemoteInvocationFactory</code> bean defined above):</p>
+<pre><code class="xml">&lt;bean id=&quot;someService&quot; class=&quot;org.springframework.remoting.httpinvoker.HttpInvokerProxyFactoryBean&quot;&gt;
+    &lt;property name=&quot;serviceUrl&quot; value=&quot;http://host:port/remoting/someService&quot;/&gt;
+    &lt;property name=&quot;serviceInterface&quot; value=&quot;com.pkg.service.SomeService&quot;/&gt;
+    &lt;property name=&quot;remoteInvocationFactory&quot; ref=&quot;secureRemoteInvocationFactory&quot;/&gt;
+&lt;/bean&gt;
+</code></pre>
+<a name="SpringXml-Lendahandwithdocumentation"></a>
+<h2><a href="#lend-a-hand-with-documentation" name="lend-a-hand-with-documentation">Lend a hand with documentation</a></h2>
+<p>While we hope this documentation helps you with the work you&rsquo;re doing with Apache Shiro, the community is improving and expanding the documentation all the time. If you&rsquo;d like to help the Shiro project, please consider corrected, expanding, or adding documentation where you see a need. Every little bit of help you provide expands the community and in turn improves Shiro.</p>
+<p>The easiest way to contribute your documentation is to send it to the <a href="http://shiro-user.582556.n2.nabble.com/">User Forum</a> or the <a href="mailing-lists.html" title="Mailing Lists">User Mailing List</a>.<br/><input type="hidden" id="ghEditPage" value="spring-xml.md"></input></p>
+    
+</div>
+
+    <div class="footer-padding"></div>
+    <footer class="custom-footer">
+
+        <div class="col-md-5">
+            <div class="copyright-footer">
+            <a href="http://www.apache.org/foundation/contributing.html">Donate to the ASF</a> |
+            <a href="http://www.apache.org/licenses/LICENSE-2.0.html">License</a>
+            <p>Copyright &copy; 2008-2016 The Apache Software Foundation</p>
+                </div>
+        </div>
+
+        <div class="social col-md-2">
+            <a class="btn btn-social-icon btn-sm btn-twitter" target="_blank" href="https://twitter.com/ApacheShiro"><span class="fa fa-twitter"></span></a>
+            <a class="btn btn-social-icon btn-sm btn-facebook" target="_blank" href="https://www.facebook.com/ApacheShiro"><span class="fa fa-facebook"></span></a>
+            <a class="btn btn-social-icon btn-sm btn-linkedin" target="_blank" href="https://www.linkedin.com/groups/4382576"><span class="fa fa-linkedin"></span></a>
+        </div>
+
+
+        <div class="col-md-2"></div>
+        <div class="col-md-2 editThisPage">
+            <div class="footer-shield"></div>
+        </div>
+
+    </footer> <!--END FOOTER-->
+
+</body>
+</html>



Mime
View raw message