shiro-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bdem...@apache.org
Subject [2/2] shiro git commit: Updated Spring examples
Date Tue, 13 Dec 2016 00:36:08 GMT
Updated Spring examples

* Remoting was slightly misconfigured, that is fixed.
* samples/spring is now fully annotation based
* the previous samples/spring was moved to samples/spring-xml
* Both examples can now be run with `mvn jetty:run`


Project: http://git-wip-us.apache.org/repos/asf/shiro/repo
Commit: http://git-wip-us.apache.org/repos/asf/shiro/commit/46bcb3b2
Tree: http://git-wip-us.apache.org/repos/asf/shiro/tree/46bcb3b2
Diff: http://git-wip-us.apache.org/repos/asf/shiro/diff/46bcb3b2

Branch: refs/heads/master
Commit: 46bcb3b28ed45f9dfab9c123a267e3820f576784
Parents: 9cc88cb
Author: Brian Demers <bdemers@apache.org>
Authored: Mon Dec 12 16:29:27 2016 -0800
Committer: Brian Demers <bdemers@apache.org>
Committed: Mon Dec 12 16:29:27 2016 -0800

----------------------------------------------------------------------
 samples/pom.xml                                 |   1 +
 samples/spring-client/pom.xml                   |   2 +-
 samples/spring-xml/README.md                    |  15 ++
 samples/spring-xml/pom.xml                      | 161 +++++++++++++++++
 .../samples/spring/BootstrapDataPopulator.java  | 120 +++++++++++++
 .../samples/spring/DefaultSampleManager.java    | 105 +++++++++++
 .../spring/realm/SaltAwareJdbcRealm.java        | 121 +++++++++++++
 .../samples/spring/web/IndexController.java     | 105 +++++++++++
 .../samples/spring/web/JnlpController.java      |  97 ++++++++++
 .../shiro/samples/spring/web/LoginCommand.java  |  69 +++++++
 .../samples/spring/web/LoginController.java     |  61 +++++++
 .../samples/spring/web/LogoutController.java    |  40 +++++
 .../samples/spring/web/SessionValueCommand.java |  57 ++++++
 .../spring-xml/src/main/resources/ehcache.xml   |  98 ++++++++++
 .../src/main/resources/jsecurity-sample.jks     | Bin 0 -> 1250 bytes
 .../src/main/resources/log4j.properties         |  36 ++++
 .../main/webapp/WEB-INF/applicationContext.xml  | 145 +++++++++++++++
 .../main/webapp/WEB-INF/remoting-servlet.xml    |  33 ++++
 .../main/webapp/WEB-INF/resources-servlet.xml   |  34 ++++
 .../main/webapp/WEB-INF/resources/include.jsp   |  24 +++
 .../src/main/webapp/WEB-INF/resources/login.jsp |  51 ++++++
 .../webapp/WEB-INF/resources/sampleIndex.jsp    |  85 +++++++++
 .../src/main/webapp/WEB-INF/sample-servlet.xml  |  70 ++++++++
 .../spring-xml/src/main/webapp/WEB-INF/web.xml  | 117 ++++++++++++
 samples/spring-xml/src/main/webapp/index.jsp    |  29 +++
 samples/spring-xml/src/main/webapp/logo.png     | Bin 0 -> 10883 bytes
 samples/spring-xml/src/main/webapp/shiro.css    |  48 +++++
 samples/spring/README.md                        |  13 ++
 samples/spring/pom.xml                          |  67 +++----
 .../spring/config/ApplicationConfig.java        | 180 +++++++++++++++++++
 .../samples/spring/config/JspViewsConfig.java   |  67 +++++++
 .../spring/config/RemotingServletConfig.java    |  45 +++++
 .../config/ServletApplicationInitializer.java   |  72 ++++++++
 .../samples/spring/web/IndexController.java     |  54 +++---
 .../samples/spring/web/JnlpController.java      |   9 +-
 .../shiro/samples/spring/web/LoginCommand.java  |  69 -------
 .../samples/spring/web/LoginController.java     |  39 ++--
 .../samples/spring/web/LogoutController.java    |   6 +
 .../spring/web/RootRedirectController.java      |  36 ++++
 .../samples/spring/web/SessionValueCommand.java |  57 ------
 .../src/main/resources/application.properties   |  28 +++
 .../spring/src/main/resources/log4j.properties  |   2 +-
 .../main/webapp/WEB-INF/applicationContext.xml  | 137 --------------
 .../main/webapp/WEB-INF/remoting-servlet.xml    |  33 ----
 .../src/main/webapp/WEB-INF/resources/login.jsp |   4 +-
 .../webapp/WEB-INF/resources/sampleIndex.jsp    |   6 +-
 .../src/main/webapp/WEB-INF/sample-servlet.xml  |  70 --------
 samples/spring/src/main/webapp/WEB-INF/web.xml  | 103 -----------
 samples/spring/src/main/webapp/index.jsp        |  29 ---
 49 files changed, 2258 insertions(+), 592 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/shiro/blob/46bcb3b2/samples/pom.xml
----------------------------------------------------------------------
diff --git a/samples/pom.xml b/samples/pom.xml
index 7bd9e83..3bf2f62 100644
--- a/samples/pom.xml
+++ b/samples/pom.xml
@@ -38,6 +38,7 @@
         <module>web</module>
         <module>spring-client</module>
         <module>spring</module>
+        <module>spring-xml</module>
         <module>spring-hibernate</module>
         <module>spring-boot-web</module>
         <module>guice</module>

http://git-wip-us.apache.org/repos/asf/shiro/blob/46bcb3b2/samples/spring-client/pom.xml
----------------------------------------------------------------------
diff --git a/samples/spring-client/pom.xml b/samples/spring-client/pom.xml
index bd55849..aee0ab6 100644
--- a/samples/spring-client/pom.xml
+++ b/samples/spring-client/pom.xml
@@ -119,7 +119,7 @@
                     </sign>
                     <!-- BUILDING PROCESS -->
                     <pack200>
-                        <enabled>true</enabled>
+                        <enabled>false</enabled>
                     </pack200>
                     <verbose>false</verbose>
 

http://git-wip-us.apache.org/repos/asf/shiro/blob/46bcb3b2/samples/spring-xml/README.md
----------------------------------------------------------------------
diff --git a/samples/spring-xml/README.md b/samples/spring-xml/README.md
new file mode 100644
index 0000000..9faac56
--- /dev/null
+++ b/samples/spring-xml/README.md
@@ -0,0 +1,15 @@
+Apache Shiro + Spring Web Example (XML)
+=======================================
+
+This example creates a web application (WAR packaged) to demonstrate configuring Apache Shiro via Spring.  This example also includes a Spring Remoting example.
+
+To seen an annotations based version of this example take a look [here](../spring/README.md).
+
+Run the Example
+---------------
+
+```
+mvn jetty:run
+```
+
+Browse to `http://localhost:8080/shiro-samples-spring`

http://git-wip-us.apache.org/repos/asf/shiro/blob/46bcb3b2/samples/spring-xml/pom.xml
----------------------------------------------------------------------
diff --git a/samples/spring-xml/pom.xml b/samples/spring-xml/pom.xml
new file mode 100644
index 0000000..0983397
--- /dev/null
+++ b/samples/spring-xml/pom.xml
@@ -0,0 +1,161 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Licensed to the Apache Software Foundation (ASF) under one
+  ~ or more contributor license agreements.  See the NOTICE file
+  ~ distributed with this work for additional information
+  ~ regarding copyright ownership.  The ASF licenses this file
+  ~ to you under the Apache License, Version 2.0 (the
+  ~ "License"); you may not use this file except in compliance
+  ~ with the License.  You may obtain a copy of the License at
+  ~
+  ~     http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing,
+  ~ software distributed under the License is distributed on an
+  ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  ~ KIND, either express or implied.  See the License for the
+  ~ specific language governing permissions and limitations
+  ~ under the License.
+  -->
+<!--suppress osmorcNonOsgiMavenDependency	-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+
+    <parent>
+        <groupId>org.apache.shiro.samples</groupId>
+        <artifactId>shiro-samples</artifactId>
+        <version>1.4.0-SNAPSHOT</version>
+        <relativePath>../pom.xml</relativePath>
+    </parent>
+
+    <modelVersion>4.0.0</modelVersion>
+    <artifactId>samples-spring-xml</artifactId>
+    <name>Apache Shiro :: Samples :: Spring XML</name>
+    <packaging>war</packaging>
+    <description>
+    	Spring-based web application sample demonstrating Shiro's capabilities. Uses samples-spring module
+    	as the web start application.
+    </description>
+
+    <build>
+        <plugins>
+            <plugin>
+                <!-- Note	that you need	to run mvn jetty:run-exploded	to test	the	webstart application -->
+                <groupId>org.eclipse.jetty</groupId>
+                <artifactId>jetty-maven-plugin</artifactId>
+                <version>${jetty.version}</version>
+                <configuration>
+                    <httpConnector>
+                        <port>8080</port>
+                    </httpConnector>
+                    <webApp>
+                        <contextPath>/shiro-samples-spring</contextPath>
+                        <baseResource implementation="org.eclipse.jetty.util.resource.ResourceCollection">
+                            <resourcesAsCSV>${project.build.directory}/extra/,src/main/webapp</resourcesAsCSV>
+                        </baseResource>
+                    </webApp>
+                </configuration>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-dependency-plugin</artifactId>
+                <executions>
+                    <execution>
+                        <phase>generate-resources</phase>
+                        <goals>
+                            <goal>unpack</goal>
+                        </goals>
+                    </execution>
+                </executions>
+                <configuration>
+                    <artifactItems>
+                        <artifactItem>
+                            <groupId>org.apache.shiro.samples</groupId>
+                            <artifactId>samples-spring-client</artifactId>
+                            <version>${project.version}</version>
+                            <type>zip</type>
+                        </artifactItem>
+                    </artifactItems>
+                    <outputDirectory>${project.build.directory}/extra/WEB-INF/resources</outputDirectory>
+                </configuration>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-war-plugin</artifactId>
+                <configuration>
+                    <webResources>
+                        <resource>
+                            <!-- this is relative to the pom.xml directory -->
+                            <directory>${project.build.directory}/extra</directory>
+                        </resource>
+                    </webResources>
+                </configuration>
+            </plugin>
+        </plugins>
+    </build>
+
+    <dependencies>
+        <dependency>
+            <groupId>org.apache.shiro.samples</groupId>
+            <artifactId>samples-spring-client</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.shiro</groupId>
+            <artifactId>shiro-core</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.shiro</groupId>
+            <artifactId>shiro-ehcache</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.shiro</groupId>
+            <artifactId>shiro-spring</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.shiro</groupId>
+            <artifactId>shiro-web</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>javax.servlet</groupId>
+            <artifactId>javax.servlet-api</artifactId>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.slf4j</groupId>
+            <artifactId>slf4j-log4j12</artifactId>
+            <scope>runtime</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.slf4j</groupId>
+            <artifactId>jcl-over-slf4j</artifactId>
+            <scope>runtime</scope>
+        </dependency>
+        <dependency>
+            <groupId>log4j</groupId>
+            <artifactId>log4j</artifactId>
+            <scope>runtime</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework</groupId>
+            <artifactId>spring-context</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework</groupId>
+            <artifactId>spring-jdbc</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework</groupId>
+            <artifactId>spring-webmvc</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>hsqldb</groupId>
+            <artifactId>hsqldb</artifactId>
+            <version>${hsqldb.version}</version>
+            <scope>runtime</scope>
+        </dependency>
+        <dependency>
+            <groupId>javax.servlet</groupId>
+            <artifactId>jstl</artifactId>
+            <scope>runtime</scope>
+        </dependency>
+    </dependencies>
+</project>

http://git-wip-us.apache.org/repos/asf/shiro/blob/46bcb3b2/samples/spring-xml/src/main/java/org/apache/shiro/samples/spring/BootstrapDataPopulator.java
----------------------------------------------------------------------
diff --git a/samples/spring-xml/src/main/java/org/apache/shiro/samples/spring/BootstrapDataPopulator.java b/samples/spring-xml/src/main/java/org/apache/shiro/samples/spring/BootstrapDataPopulator.java
new file mode 100644
index 0000000..7e50f0a
--- /dev/null
+++ b/samples/spring-xml/src/main/java/org/apache/shiro/samples/spring/BootstrapDataPopulator.java
@@ -0,0 +1,120 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.shiro.samples.spring;
+
+import javax.sql.DataSource;
+
+import org.springframework.beans.factory.InitializingBean;
+import org.springframework.jdbc.core.JdbcTemplate;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import org.apache.shiro.crypto.hash.Sha256Hash;
+
+/**
+ * A data populator that creates a set of security tables and test data that can be used by the
+ * Shiro Spring sample application to demonstrate the use of the {@link org.apache.shiro.realm.jdbc.JdbcRealm}
+ * The tables created by this class follow the default table and column names that {@link org.apache.shiro.realm.jdbc.JdbcRealm} uses.
+ *
+ */
+public class BootstrapDataPopulator implements InitializingBean {
+
+    private static final String CREATE_TABLES = "create table users (\n" +
+            "    username varchar(255) primary key,\n" +
+            "    password varchar(255) not null\n" +
+            ");\n" +
+            "\n" +
+            "create table roles (\n" +
+            "    role_name varchar(255) primary key\n" +
+            ");\n" +
+            "\n" +
+            "create table user_roles (\n" +
+            "    username varchar(255) not null,\n" +
+            "    role_name varchar(255) not null,\n" +
+            "    constraint user_roles_uq unique ( username, role_name )\n" +
+            ");\n" +
+            "\n" +
+            "create table roles_permissions (\n" +
+            "    role_name varchar(255) not null,\n" +
+            "    permission varchar(255) not null,\n" +
+            "    primary key (role_name, permission)\n" +
+            ");";
+
+    private static final Logger log = LoggerFactory.getLogger(BootstrapDataPopulator.class);
+
+    protected DataSource dataSource = null;
+
+    public void setDataSource(DataSource dataSource) {
+        this.dataSource = dataSource;
+    }
+
+    public void afterPropertiesSet() throws Exception {
+        //because we're using an in-memory hsqldb for the sample app, a new one will be created each time the
+        //app starts, so create the tables and insert the 2 sample users on bootstrap:
+
+        JdbcTemplate jdbcTemplate = new JdbcTemplate(this.dataSource);
+        jdbcTemplate.execute(CREATE_TABLES);
+
+        //password is 'user1' SHA hashed and base64 encoded:
+        //The first argument to the hash constructor is the actual value to be hased.  The 2nd is the
+        //salt.  In this simple demo scenario, the username and the password are the same, but to clarify the
+        //distinction, you would see this in practice:
+        //new Sha256Hash( <password>, <cryptographically strong randomly generated salt> (not the username!) )
+        String query = "insert into users values ('user1', '" + new Sha256Hash("user1", "user1").toBase64() + "' )";
+        jdbcTemplate.execute(query);
+        log.debug("Created user1.");
+
+        //password is 'user2' SHA hashed and base64 encoded:
+        query = "insert into users values ( 'user2', '"  + new Sha256Hash("user2", "user2").toBase64() + "' )";
+        jdbcTemplate.execute(query);
+        log.debug("Created user2.");
+
+        query = "insert into roles values ( 'role1' )";
+        jdbcTemplate.execute(query);
+        log.debug("Created role1");
+
+        query = "insert into roles values ( 'role2' )";
+        jdbcTemplate.execute(query);
+        log.debug("Created role2");
+
+        query = "insert into roles_permissions values ( 'role1', 'permission1')";
+        jdbcTemplate.execute(query);
+        log.debug("Created permission 1 for role 1");
+
+        query = "insert into roles_permissions values ( 'role1', 'permission2')";
+        jdbcTemplate.execute(query);
+        log.debug("Created permission 2 for role 1");
+
+        query = "insert into roles_permissions values ( 'role2', 'permission1')";
+        jdbcTemplate.execute(query);
+        log.debug("Created permission 1 for role 2");
+
+        query = "insert into user_roles values ( 'user1', 'role1' )";
+        jdbcTemplate.execute(query);
+        query = "insert into user_roles values ( 'user1', 'role2' )";
+        jdbcTemplate.execute(query);
+        log.debug("Assigned user1 roles role1 and role2");
+
+        query = "insert into user_roles values ( 'user2', 'role2' )";
+        jdbcTemplate.execute(query);
+        log.debug("Assigned user2 role role2");
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/shiro/blob/46bcb3b2/samples/spring-xml/src/main/java/org/apache/shiro/samples/spring/DefaultSampleManager.java
----------------------------------------------------------------------
diff --git a/samples/spring-xml/src/main/java/org/apache/shiro/samples/spring/DefaultSampleManager.java b/samples/spring-xml/src/main/java/org/apache/shiro/samples/spring/DefaultSampleManager.java
new file mode 100644
index 0000000..8321ad1
--- /dev/null
+++ b/samples/spring-xml/src/main/java/org/apache/shiro/samples/spring/DefaultSampleManager.java
@@ -0,0 +1,105 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.shiro.samples.spring;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import org.apache.shiro.SecurityUtils;
+import org.apache.shiro.session.Session;
+import org.apache.shiro.subject.Subject;
+
+
+/**
+ * Default implementation of the {@link SampleManager} interface that stores
+ * and retrieves a value from the user's session.
+ *
+ * @since 0.1
+ */
+public class DefaultSampleManager implements SampleManager {
+
+    /*--------------------------------------------
+    |             C O N S T A N T S             |
+    ============================================*/
+    /**
+     * Key used to store the value in the user's session.
+     */
+    private static final String VALUE_KEY = "sample_value";
+
+    /*--------------------------------------------
+    |    I N S T A N C E   V A R I A B L E S    |
+    ============================================*/
+    private static final Logger log = LoggerFactory.getLogger(DefaultSampleManager.class);
+
+    /*--------------------------------------------
+    |         C O N S T R U C T O R S           |
+    ============================================*/
+
+    /*--------------------------------------------
+    |  A C C E S S O R S / M O D I F I E R S    |
+    ============================================*/
+
+    /*--------------------------------------------
+    |               M E T H O D S               |
+    ============================================*/
+
+    public String getValue() {
+        String value = null;
+
+        Subject subject = SecurityUtils.getSubject();
+        Session session = subject.getSession(false);
+        if (session != null) {
+            value = (String) session.getAttribute(VALUE_KEY);
+            if (log.isDebugEnabled()) {
+                log.debug("retrieving session key [" + VALUE_KEY + "] with value [" + value + "] on session with id [" + session.getId() + "]");
+            }
+        }
+
+        return value;
+    }
+
+    public void setValue(String newValue) {
+        Subject subject = SecurityUtils.getSubject();
+        Session session = subject.getSession();
+
+        if (log.isDebugEnabled()) {
+            log.debug("saving session key [" + VALUE_KEY + "] with value [" + newValue + "] on session with id [" + session.getId() + "]");
+        }
+
+        session.setAttribute(VALUE_KEY, newValue);
+    }
+
+    public void secureMethod1() {
+        if (log.isInfoEnabled()) {
+            log.info("Secure method 1 called...");
+        }
+    }
+
+    public void secureMethod2() {
+        if (log.isInfoEnabled()) {
+            log.info("Secure method 2 called...");
+        }
+    }
+
+    public void secureMethod3() {
+        if (log.isInfoEnabled()) {
+            log.info("Secure method 3 called...");
+        }
+    }
+}

http://git-wip-us.apache.org/repos/asf/shiro/blob/46bcb3b2/samples/spring-xml/src/main/java/org/apache/shiro/samples/spring/realm/SaltAwareJdbcRealm.java
----------------------------------------------------------------------
diff --git a/samples/spring-xml/src/main/java/org/apache/shiro/samples/spring/realm/SaltAwareJdbcRealm.java b/samples/spring-xml/src/main/java/org/apache/shiro/samples/spring/realm/SaltAwareJdbcRealm.java
new file mode 100644
index 0000000..56448d0
--- /dev/null
+++ b/samples/spring-xml/src/main/java/org/apache/shiro/samples/spring/realm/SaltAwareJdbcRealm.java
@@ -0,0 +1,121 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.shiro.samples.spring.realm;
+
+import org.apache.shiro.authc.*;
+import org.apache.shiro.realm.jdbc.JdbcRealm;
+import org.apache.shiro.util.ByteSource;
+import org.apache.shiro.util.JdbcUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.sql.Connection;
+import java.sql.PreparedStatement;
+import java.sql.ResultSet;
+import java.sql.SQLException;
+
+/**
+ * Realm that exists to support salted credentials.  The JdbcRealm implementation needs to be updated in a future
+ * Shiro release to handle this.
+ */
+public class SaltAwareJdbcRealm extends JdbcRealm {
+
+    private static final Logger log = LoggerFactory.getLogger(SaltAwareJdbcRealm.class);
+
+    @Override
+    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
+        UsernamePasswordToken upToken = (UsernamePasswordToken) token;
+        String username = upToken.getUsername();
+
+        // Null username is invalid
+        if (username == null) {
+            throw new AccountException("Null usernames are not allowed by this realm.");
+        }
+
+        Connection conn = null;
+        AuthenticationInfo info = null;
+        try {
+            conn = dataSource.getConnection();
+
+            String password = getPasswordForUser(conn, username);
+
+            if (password == null) {
+                throw new UnknownAccountException("No account found for user [" + username + "]");
+            }
+
+            SimpleAuthenticationInfo saInfo = new SimpleAuthenticationInfo(username, password, getName());
+            /**
+             * This (very bad) example uses the username as the salt in this sample app.  DON'T DO THIS IN A REAL APP!
+             *
+             * Salts should not be based on anything that a user could enter (attackers can exploit this).  Instead
+             * they should ideally be cryptographically-strong randomly generated numbers.
+             */
+            saInfo.setCredentialsSalt(ByteSource.Util.bytes(username));
+
+            info = saInfo;
+
+        } catch (SQLException e) {
+            final String message = "There was a SQL error while authenticating user [" + username + "]";
+            if (log.isErrorEnabled()) {
+                log.error(message, e);
+            }
+
+            // Rethrow any SQL errors as an authentication exception
+            throw new AuthenticationException(message, e);
+        } finally {
+            JdbcUtils.closeConnection(conn);
+        }
+
+        return info;
+    }
+
+    private String getPasswordForUser(Connection conn, String username) throws SQLException {
+
+        PreparedStatement ps = null;
+        ResultSet rs = null;
+        String password = null;
+        try {
+            ps = conn.prepareStatement(authenticationQuery);
+            ps.setString(1, username);
+
+            // Execute query
+            rs = ps.executeQuery();
+
+            // Loop over results - although we are only expecting one result, since usernames should be unique
+            boolean foundResult = false;
+            while (rs.next()) {
+
+                // Check to ensure only one row is processed
+                if (foundResult) {
+                    throw new AuthenticationException("More than one user row found for user [" + username + "]. Usernames must be unique.");
+                }
+
+                password = rs.getString(1);
+
+                foundResult = true;
+            }
+        } finally {
+            JdbcUtils.closeResultSet(rs);
+            JdbcUtils.closeStatement(ps);
+        }
+
+        return password;
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/shiro/blob/46bcb3b2/samples/spring-xml/src/main/java/org/apache/shiro/samples/spring/web/IndexController.java
----------------------------------------------------------------------
diff --git a/samples/spring-xml/src/main/java/org/apache/shiro/samples/spring/web/IndexController.java b/samples/spring-xml/src/main/java/org/apache/shiro/samples/spring/web/IndexController.java
new file mode 100644
index 0000000..8e87e46
--- /dev/null
+++ b/samples/spring-xml/src/main/java/org/apache/shiro/samples/spring/web/IndexController.java
@@ -0,0 +1,105 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.shiro.samples.spring.web;
+
+import org.apache.shiro.SecurityUtils;
+import org.apache.shiro.samples.spring.SampleManager;
+import org.apache.shiro.session.Session;
+import org.apache.shiro.subject.Subject;
+import org.springframework.validation.BindException;
+import org.springframework.validation.Errors;
+import org.springframework.web.servlet.ModelAndView;
+import org.springframework.web.servlet.mvc.SimpleFormController;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.util.HashMap;
+import java.util.LinkedHashMap;
+import java.util.Map;
+
+/**
+ * Spring MVC controller responsible for rendering the Shiro Spring sample
+ * application index page.
+ *
+ * @since 0.1
+ */
+public class IndexController extends SimpleFormController {
+
+    /*--------------------------------------------
+    |             C O N S T A N T S             |
+    ============================================*/
+
+    /*--------------------------------------------
+    |    I N S T A N C E   V A R I A B L E S    |
+    ============================================*/
+
+    private SampleManager sampleManager;
+
+    /*--------------------------------------------
+    |         C O N S T R U C T O R S           |
+    ============================================*/
+
+    /*--------------------------------------------
+    |  A C C E S S O R S / M O D I F I E R S    |
+    ============================================*/
+
+    public void setSampleManager(SampleManager sampleManager) {
+        this.sampleManager = sampleManager;
+    }
+
+    /*--------------------------------------------
+    |               M E T H O D S               |
+    ============================================*/
+
+    protected Object formBackingObject(HttpServletRequest request) throws Exception {
+        SessionValueCommand command = (SessionValueCommand) createCommand();
+
+        command.setValue(sampleManager.getValue());
+        return command;
+    }
+
+    protected Map<String, Object> referenceData(HttpServletRequest request, Object command, Errors errors) throws Exception {
+        Subject subject = SecurityUtils.getSubject();
+        boolean hasRole1 = subject.hasRole("role1");
+        boolean hasRole2 = subject.hasRole("role2");
+
+        Map<String, Object> refData = new HashMap<String, Object>();
+        refData.put("hasRole1", hasRole1);
+        refData.put("hasRole2", hasRole2);
+
+        Session session = subject.getSession();
+        Map<Object, Object> sessionAttributes = new LinkedHashMap<Object, Object>();
+        for (Object key : session.getAttributeKeys()) {
+            sessionAttributes.put(key, session.getAttribute(key));
+        }
+        refData.put("sessionAttributes", sessionAttributes);
+
+        refData.put("subjectSession", subject.getSession());
+        return refData;
+    }
+
+    protected ModelAndView onSubmit(HttpServletRequest request, HttpServletResponse response, Object obj, BindException errors) throws Exception {
+        SessionValueCommand command = (SessionValueCommand) obj;
+
+        sampleManager.setValue(command.getValue());
+
+        return showForm(request, response, errors);
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/shiro/blob/46bcb3b2/samples/spring-xml/src/main/java/org/apache/shiro/samples/spring/web/JnlpController.java
----------------------------------------------------------------------
diff --git a/samples/spring-xml/src/main/java/org/apache/shiro/samples/spring/web/JnlpController.java b/samples/spring-xml/src/main/java/org/apache/shiro/samples/spring/web/JnlpController.java
new file mode 100644
index 0000000..09a7fc2
--- /dev/null
+++ b/samples/spring-xml/src/main/java/org/apache/shiro/samples/spring/web/JnlpController.java
@@ -0,0 +1,97 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.shiro.samples.spring.web;
+
+import java.util.HashMap;
+import java.util.Map;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.web.servlet.ModelAndView;
+import org.springframework.web.servlet.mvc.AbstractController;
+
+import org.apache.shiro.SecurityUtils;
+import org.apache.shiro.session.Session;
+import org.apache.shiro.subject.Subject;
+
+/**
+ * Controller used to dynamically build a JNLP file used to launch the Shiro
+ * Spring WebStart sample application.
+ *
+ * @since 0.1
+ */
+public class JnlpController extends AbstractController {
+
+    /*--------------------------------------------
+    |             C O N S T A N T S             |
+    ============================================*/
+
+    /*--------------------------------------------
+    |    I N S T A N C E   V A R I A B L E S    |
+    ============================================*/
+    private String jnlpView;
+
+    /*--------------------------------------------
+    |         C O N S T R U C T O R S           |
+    ============================================*/
+
+    /*--------------------------------------------
+    |  A C C E S S O R S / M O D I F I E R S    |
+    ============================================*/
+
+    public void setJnlpView(String jnlpView) {
+        this.jnlpView = jnlpView;
+    }
+
+    /*--------------------------------------------
+    |               M E T H O D S               |
+    ============================================*/
+
+    protected ModelAndView handleRequestInternal(HttpServletRequest request, HttpServletResponse response) throws Exception {
+
+        Subject subject = SecurityUtils.getSubject();
+        Session session = null;
+
+        if (subject != null) {
+            session = subject.getSession();
+        }
+        if (session == null) {
+            String msg = "Expected a non-null Shiro session.";
+            throw new IllegalArgumentException(msg);
+        }
+
+        StringBuilder sb = new StringBuilder();
+        sb.append("http://");
+        sb.append(request.getServerName());
+        if (request.getServerPort() != 80) {
+            sb.append(":");
+            sb.append(request.getServerPort());
+        }
+        sb.append(request.getContextPath());
+
+        // prevent JNLP caching by setting response headers
+        response.setHeader("cache-control", "no-cache");
+        response.setHeader("pragma", "no-cache");
+
+        Map<String, Object> model = new HashMap<String, Object>();
+        model.put("codebaseUrl", sb.toString());
+        model.put("sessionId", session.getId());
+        return new ModelAndView(jnlpView, model);
+    }
+}

http://git-wip-us.apache.org/repos/asf/shiro/blob/46bcb3b2/samples/spring-xml/src/main/java/org/apache/shiro/samples/spring/web/LoginCommand.java
----------------------------------------------------------------------
diff --git a/samples/spring-xml/src/main/java/org/apache/shiro/samples/spring/web/LoginCommand.java b/samples/spring-xml/src/main/java/org/apache/shiro/samples/spring/web/LoginCommand.java
new file mode 100644
index 0000000..e818a16
--- /dev/null
+++ b/samples/spring-xml/src/main/java/org/apache/shiro/samples/spring/web/LoginCommand.java
@@ -0,0 +1,69 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.shiro.samples.spring.web;
+
+/**
+ * Command object that parameters are bound to when logging into the sample
+ * application.
+ *
+ * @since 0.1
+ */
+public class LoginCommand {
+
+    /*--------------------------------------------
+    |             C O N S T A N T S             |
+    ============================================*/
+
+    /*--------------------------------------------
+    |    I N S T A N C E   V A R I A B L E S    |
+    ============================================*/
+    private String username;
+    private String password;
+
+    /*--------------------------------------------
+    |         C O N S T R U C T O R S           |
+    ============================================*/
+
+    /*--------------------------------------------
+    |  A C C E S S O R S / M O D I F I E R S    |
+    ============================================*/
+
+    public String getUsername() {
+        return username;
+    }
+
+
+    public void setUsername(String username) {
+        this.username = username;
+    }
+
+
+    public String getPassword() {
+        return password;
+    }
+
+
+    public void setPassword(String password) {
+        this.password = password;
+    }
+
+    /*--------------------------------------------
+    |               M E T H O D S               |
+    ============================================*/
+}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/shiro/blob/46bcb3b2/samples/spring-xml/src/main/java/org/apache/shiro/samples/spring/web/LoginController.java
----------------------------------------------------------------------
diff --git a/samples/spring-xml/src/main/java/org/apache/shiro/samples/spring/web/LoginController.java b/samples/spring-xml/src/main/java/org/apache/shiro/samples/spring/web/LoginController.java
new file mode 100644
index 0000000..381802d
--- /dev/null
+++ b/samples/spring-xml/src/main/java/org/apache/shiro/samples/spring/web/LoginController.java
@@ -0,0 +1,61 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.shiro.samples.spring.web;
+
+import org.apache.shiro.SecurityUtils;
+import org.apache.shiro.authc.AuthenticationException;
+import org.apache.shiro.authc.UsernamePasswordToken;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.validation.BindException;
+import org.springframework.web.servlet.ModelAndView;
+import org.springframework.web.servlet.mvc.SimpleFormController;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+/**
+ * Spring MVC controller responsible for authenticating the user.
+ *
+ * @since 0.1
+ */
+public class LoginController extends SimpleFormController {
+
+    private static transient final Logger log = LoggerFactory.getLogger(LoginController.class);
+
+    protected ModelAndView onSubmit(HttpServletRequest request, HttpServletResponse response, Object cmd, BindException errors) throws Exception {
+
+        LoginCommand command = (LoginCommand) cmd;
+
+        UsernamePasswordToken token = new UsernamePasswordToken(command.getUsername(), command.getPassword());
+
+        try {
+            SecurityUtils.getSubject().login(token);
+        } catch (AuthenticationException e) {
+            log.debug("Error authenticating.", e);
+            errors.reject("error.invalidLogin", "The username or password was not correct.");
+        }
+
+        if (errors.hasErrors()) {
+            return showForm(request, response, errors);
+        } else {
+            return new ModelAndView(getSuccessView());
+        }
+    }
+}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/shiro/blob/46bcb3b2/samples/spring-xml/src/main/java/org/apache/shiro/samples/spring/web/LogoutController.java
----------------------------------------------------------------------
diff --git a/samples/spring-xml/src/main/java/org/apache/shiro/samples/spring/web/LogoutController.java b/samples/spring-xml/src/main/java/org/apache/shiro/samples/spring/web/LogoutController.java
new file mode 100644
index 0000000..b4dce7b
--- /dev/null
+++ b/samples/spring-xml/src/main/java/org/apache/shiro/samples/spring/web/LogoutController.java
@@ -0,0 +1,40 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.shiro.samples.spring.web;
+
+import org.apache.shiro.SecurityUtils;
+import org.springframework.web.servlet.ModelAndView;
+import org.springframework.web.servlet.mvc.AbstractController;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+/**
+ * Controller responsible for logging out the current user by invoking
+ * {@link org.apache.shiro.subject.Subject#logout()}
+ *
+ * @since 0.1
+ */
+public class LogoutController extends AbstractController {
+
+    protected ModelAndView handleRequestInternal(HttpServletRequest request, HttpServletResponse response) throws Exception {
+        SecurityUtils.getSubject().logout();
+        return new ModelAndView("redirect:login");
+    }
+}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/shiro/blob/46bcb3b2/samples/spring-xml/src/main/java/org/apache/shiro/samples/spring/web/SessionValueCommand.java
----------------------------------------------------------------------
diff --git a/samples/spring-xml/src/main/java/org/apache/shiro/samples/spring/web/SessionValueCommand.java b/samples/spring-xml/src/main/java/org/apache/shiro/samples/spring/web/SessionValueCommand.java
new file mode 100644
index 0000000..4191833
--- /dev/null
+++ b/samples/spring-xml/src/main/java/org/apache/shiro/samples/spring/web/SessionValueCommand.java
@@ -0,0 +1,57 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.shiro.samples.spring.web;
+
+/**
+ * Command object used to bind parameters when submitting a value to be
+ * stored in the user's session from the index page.
+ *
+ * @since 0.1
+ */
+public class SessionValueCommand {
+
+    /*--------------------------------------------
+    |             C O N S T A N T S             |
+    ============================================*/
+
+    /*--------------------------------------------
+    |    I N S T A N C E   V A R I A B L E S    |
+    ============================================*/
+    private String value;
+
+    /*--------------------------------------------
+    |         C O N S T R U C T O R S           |
+    ============================================*/
+
+    /*--------------------------------------------
+    |  A C C E S S O R S / M O D I F I E R S    |
+    ============================================*/
+
+    /*--------------------------------------------
+    |               M E T H O D S               |
+    ============================================*/
+
+    public String getValue() {
+        return value;
+    }
+
+    public void setValue(String value) {
+        this.value = value;
+    }
+}

http://git-wip-us.apache.org/repos/asf/shiro/blob/46bcb3b2/samples/spring-xml/src/main/resources/ehcache.xml
----------------------------------------------------------------------
diff --git a/samples/spring-xml/src/main/resources/ehcache.xml b/samples/spring-xml/src/main/resources/ehcache.xml
new file mode 100644
index 0000000..eb3504d
--- /dev/null
+++ b/samples/spring-xml/src/main/resources/ehcache.xml
@@ -0,0 +1,98 @@
+<!--
+  ~ Licensed to the Apache Software Foundation (ASF) under one
+  ~ or more contributor license agreements.  See the NOTICE file
+  ~ distributed with this work for additional information
+  ~ regarding copyright ownership.  The ASF licenses this file
+  ~ to you under the Apache License, Version 2.0 (the
+  ~ "License"); you may not use this file except in compliance
+  ~ with the License.  You may obtain a copy of the License at
+  ~
+  ~     http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing,
+  ~ software distributed under the License is distributed on an
+  ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  ~ KIND, either express or implied.  See the License for the
+  ~ specific language governing permissions and limitations
+  ~ under the License.
+  -->
+
+<!-- EhCache XML configuration file used for Shiro spring sample application -->
+<ehcache>
+
+    <!-- Sets the path to the directory where cache .data files are created.
+
+If the path is a Java System Property it is replaced by
+its value in the running VM.
+
+The following properties are translated:
+user.home - User's home directory
+user.dir - User's current working directory
+java.io.tmpdir - Default temp file path -->
+    <diskStore path="java.io.tmpdir/shiro-spring-sample"/>
+
+
+    <!--Default Cache configuration. These will applied to caches programmatically created through
+    the CacheManager.
+
+    The following attributes are required:
+
+    maxElementsInMemory            - Sets the maximum number of objects that will be created in memory
+    eternal                        - Sets whether elements are eternal. If eternal,  timeouts are ignored and the
+                                     element is never expired.
+    overflowToDisk                 - Sets whether elements can overflow to disk when the in-memory cache
+                                     has reached the maxInMemory limit.
+
+    The following attributes are optional:
+    timeToIdleSeconds              - Sets the time to idle for an element before it expires.
+                                     i.e. The maximum amount of time between accesses before an element expires
+                                     Is only used if the element is not eternal.
+                                     Optional attribute. A value of 0 means that an Element can idle for infinity.
+                                     The default value is 0.
+    timeToLiveSeconds              - Sets the time to live for an element before it expires.
+                                     i.e. The maximum time between creation time and when an element expires.
+                                     Is only used if the element is not eternal.
+                                     Optional attribute. A value of 0 means that and Element can live for infinity.
+                                     The default value is 0.
+    diskPersistent                 - Whether the disk store persists between restarts of the Virtual Machine.
+                                     The default value is false.
+    diskExpiryThreadIntervalSeconds- The number of seconds between runs of the disk expiry thread. The default value
+                                     is 120 seconds.
+    memoryStoreEvictionPolicy      - Policy would be enforced upon reaching the maxElementsInMemory limit. Default
+                                     policy is Least Recently Used (specified as LRU). Other policies available -
+                                     First In First Out (specified as FIFO) and Less Frequently Used
+                                     (specified as LFU)
+    -->
+
+    <defaultCache
+            maxElementsInMemory="10000"
+            eternal="false"
+            timeToIdleSeconds="120"
+            timeToLiveSeconds="120"
+            overflowToDisk="false"
+            diskPersistent="false"
+            diskExpiryThreadIntervalSeconds="120"
+            />
+
+    <!-- We want eternal="true" (with no timeToIdle or timeToLive settings) because Shiro manages session
+expirations explicitly.  If we set it to false and then set corresponding timeToIdle and timeToLive properties,
+ehcache would evict sessions without Shiro's knowledge, which would cause many problems
+(e.g. "My Shiro session timeout is 30 minutes - why isn't a session available after 2 minutes?"
+Answer - ehcache expired it due to the timeToIdle property set to 120 seconds.)
+
+diskPersistent=true since we want an enterprise session management feature - ability to use sessions after
+even after a JVM restart.  -->
+    <cache name="shiro-activeSessionCache"
+           maxElementsInMemory="10000"
+           eternal="true"
+           overflowToDisk="true"
+           diskPersistent="true"
+           diskExpiryThreadIntervalSeconds="600"/>
+
+    <cache name="org.apache.shiro.realm.SimpleAccountRealm.authorization"
+           maxElementsInMemory="100"
+           eternal="false"
+           timeToLiveSeconds="600"
+           overflowToDisk="false"/>
+
+</ehcache>

http://git-wip-us.apache.org/repos/asf/shiro/blob/46bcb3b2/samples/spring-xml/src/main/resources/jsecurity-sample.jks
----------------------------------------------------------------------
diff --git a/samples/spring-xml/src/main/resources/jsecurity-sample.jks b/samples/spring-xml/src/main/resources/jsecurity-sample.jks
new file mode 100644
index 0000000..eb2ff9b
Binary files /dev/null and b/samples/spring-xml/src/main/resources/jsecurity-sample.jks differ

http://git-wip-us.apache.org/repos/asf/shiro/blob/46bcb3b2/samples/spring-xml/src/main/resources/log4j.properties
----------------------------------------------------------------------
diff --git a/samples/spring-xml/src/main/resources/log4j.properties b/samples/spring-xml/src/main/resources/log4j.properties
new file mode 100644
index 0000000..779033d
--- /dev/null
+++ b/samples/spring-xml/src/main/resources/log4j.properties
@@ -0,0 +1,36 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+log4j.rootLogger=INFO, stdout
+
+log4j.appender.stdout=org.apache.log4j.ConsoleAppender
+log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
+log4j.appender.stdout.layout.ConversionPattern=%d %p [%c] - %m %n
+
+# General Apache libraries
+log4j.logger.org.apache=WARN
+
+# Spring
+log4j.logger.org.springframework=WARN
+
+# Default Shiro logging
+log4j.logger.org.apache.shiro=TRACE
+
+# Disable verbose logging
+log4j.logger.org.apache.shiro.util.ThreadContext=WARN
+log4j.logger.org.apache.shiro.cache.ehcache.EhCache=WARN

http://git-wip-us.apache.org/repos/asf/shiro/blob/46bcb3b2/samples/spring-xml/src/main/webapp/WEB-INF/applicationContext.xml
----------------------------------------------------------------------
diff --git a/samples/spring-xml/src/main/webapp/WEB-INF/applicationContext.xml b/samples/spring-xml/src/main/webapp/WEB-INF/applicationContext.xml
new file mode 100644
index 0000000..d91b3c0
--- /dev/null
+++ b/samples/spring-xml/src/main/webapp/WEB-INF/applicationContext.xml
@@ -0,0 +1,145 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Licensed to the Apache Software Foundation (ASF) under one
+  ~ or more contributor license agreements.  See the NOTICE file
+  ~ distributed with this work for additional information
+  ~ regarding copyright ownership.  The ASF licenses this file
+  ~ to you under the Apache License, Version 2.0 (the
+  ~ "License"); you may not use this file except in compliance
+  ~ with the License.  You may obtain a copy of the License at
+  ~
+  ~     http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing,
+  ~ software distributed under the License is distributed on an
+  ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  ~ KIND, either express or implied.  See the License for the
+  ~ specific language governing permissions and limitations
+  ~ under the License.
+  -->
+<beans xmlns="http://www.springframework.org/schema/beans"
+       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+       xmlns:mvc="http://www.springframework.org/schema/mvc"
+       xmlns:tx="http://www.springframework.org/schema/tx"
+       xmlns:context="http://www.springframework.org/schema/context"
+       xsi:schemaLocation="http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.1.xsd
+                    http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.1.xsd
+                    http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
+                    http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd">
+
+
+    <!-- Sample RDBMS data source that would exist in any application - not Shiro related. -->
+    <bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
+        <property name="driverClassName" value="org.hsqldb.jdbcDriver"/>
+        <property name="url" value="jdbc:hsqldb:mem:shiro-spring"/>
+        <property name="username" value="sa"/>
+    </bean>
+    <!-- Populates the sample database with sample users and roles. -->
+    <bean id="bootstrapDataPopulator" class="org.apache.shiro.samples.spring.BootstrapDataPopulator">
+        <property name="dataSource" ref="dataSource"/>
+    </bean>
+
+    <!-- Simulated business-tier "Manager", not Shiro related, just an example -->
+    <bean id="sampleManager" class="org.apache.shiro.samples.spring.DefaultSampleManager"/>
+
+    <!-- =========================================================
+         Shiro Core Components - Not Spring Specific
+         ========================================================= -->
+    <!-- Shiro's main business-tier object for web-enabled applications
+         (use DefaultSecurityManager instead when there is no web environment)-->
+    <bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
+        <property name="cacheManager" ref="cacheManager"/>
+        <!-- Single realm app.  If you have multiple realms, use the 'realms' property instead. -->
+        <property name="sessionMode" value="native"/>
+        <property name="realm" ref="jdbcRealm"/>
+    </bean>
+
+    <!-- Let's use some enterprise caching support for better performance.  You can replace this with any enterprise
+         caching framework implementation that you like (Terracotta+Ehcache, Coherence, GigaSpaces, etc -->
+    <bean id="cacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager">
+        <!-- Set a net.sf.ehcache.CacheManager instance here if you already have one.  If not, a new one
+             will be creaed with a default config:
+             <property name="cacheManager" ref="ehCacheManager"/> -->
+        <!-- If you don't have a pre-built net.sf.ehcache.CacheManager instance to inject, but you want
+             a specific Ehcache configuration to be used, specify that here.  If you don't, a default
+             will be used.:
+        <property name="cacheManagerConfigFile" value="classpath:some/path/to/ehcache.xml"/> -->
+    </bean>
+
+    <!-- Used by the SecurityManager to access security data (users, roles, etc).
+         Many other realm implementations can be used too (PropertiesRealm,
+         LdapRealm, etc. -->
+    <bean id="jdbcRealm" class="org.apache.shiro.samples.spring.realm.SaltAwareJdbcRealm">
+        <property name="name" value="jdbcRealm"/>
+        <property name="dataSource" ref="dataSource"/>
+        <property name="credentialsMatcher">
+            <!-- The 'bootstrapDataPopulator' Sha256 hashes the password
+                 (using the username as the salt) then base64 encodes it: -->
+            <bean class="org.apache.shiro.authc.credential.HashedCredentialsMatcher">
+                <property name="hashAlgorithmName" value="SHA-256"/>
+                <!-- true means hex encoded, false means base64 encoded -->
+                <property name="storedCredentialsHexEncoded" value="false"/>
+            </bean>
+        </property>
+    </bean>
+
+    <!-- =========================================================
+         Shiro Spring-specific integration
+         ========================================================= -->
+    <!-- Post processor that automatically invokes init() and destroy() methods
+         for Spring-configured Shiro objects so you don't have to
+         1) specify an init-method and destroy-method attributes for every bean
+            definition and
+         2) even know which Shiro objects require these methods to be
+            called. -->
+    <bean id="lifecycleBeanPostProcessor" class="org.apache.shiro.spring.LifecycleBeanPostProcessor"/>
+
+    <!-- Enable Shiro Annotations for Spring-configured beans.  Only run after
+         the lifecycleBeanProcessor has run: -->
+    <bean class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator"
+          depends-on="lifecycleBeanPostProcessor"/>
+    <bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor">
+        <property name="securityManager" ref="securityManager"/>
+    </bean>
+
+    <!-- Secure Spring remoting:  Ensure any Spring Remoting method invocations can be associated
+         with a Subject for security checks. -->
+    <bean id="secureRemoteInvocationExecutor" class="org.apache.shiro.spring.remoting.SecureRemoteInvocationExecutor">
+        <property name="securityManager" ref="securityManager"/>
+    </bean>
+
+    <!-- Define the Shiro Filter here (as a FactoryBean) instead of directly in web.xml -
+         web.xml uses the DelegatingFilterProxy to access this bean.  This allows us
+         to wire things with more control as well utilize nice Spring things such as
+         PropertiesPlaceholderConfigurer and abstract beans or anything else we might need: -->
+    <bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
+        <property name="securityManager" ref="securityManager"/>
+        <property name="loginUrl" value="/s/login"/>
+        <property name="successUrl" value="/s/index"/>
+        <property name="unauthorizedUrl" value="/s/unauthorized"/>
+        <!-- The 'filters' property is not necessary since any declared javax.servlet.Filter bean
+             defined will be automatically acquired and available via its beanName in chain
+             definitions, but you can perform overrides or parent/child consolidated configuration
+             here if you like: -->
+        <!-- <property name="filters">
+            <util:map>
+                <entry key="aName" value-ref="someFilterPojo"/>
+            </util:map>
+        </property> -->
+        <property name="filterChainDefinitions">
+            <value>
+                /favicon.ico = anon
+                /logo.png = anon
+                /shiro.css = anon
+                /s/login = anon
+                # allow WebStart to pull the jars for the swing app:
+                /*.jar = anon
+                # protected using SecureRemoteInvocationExecutor
+                /remoting/** = anon
+                # everything else requires authentication:
+                /** = authc
+            </value>
+        </property>
+    </bean>
+
+</beans>

http://git-wip-us.apache.org/repos/asf/shiro/blob/46bcb3b2/samples/spring-xml/src/main/webapp/WEB-INF/remoting-servlet.xml
----------------------------------------------------------------------
diff --git a/samples/spring-xml/src/main/webapp/WEB-INF/remoting-servlet.xml b/samples/spring-xml/src/main/webapp/WEB-INF/remoting-servlet.xml
new file mode 100644
index 0000000..ac08b71
--- /dev/null
+++ b/samples/spring-xml/src/main/webapp/WEB-INF/remoting-servlet.xml
@@ -0,0 +1,33 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Licensed to the Apache Software Foundation (ASF) under one
+  ~ or more contributor license agreements.  See the NOTICE file
+  ~ distributed with this work for additional information
+  ~ regarding copyright ownership.  The ASF licenses this file
+  ~ to you under the Apache License, Version 2.0 (the
+  ~ "License"); you may not use this file except in compliance
+  ~ with the License.  You may obtain a copy of the License at
+  ~
+  ~     http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing,
+  ~ software distributed under the License is distributed on an
+  ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  ~ KIND, either express or implied.  See the License for the
+  ~ specific language governing permissions and limitations
+  ~ under the License.
+  -->
+<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
+
+<!--
+  - Application context definition for "remoting" DispatcherServlet.
+  -->
+<beans>
+
+    <bean name="/sampleManager" class="org.springframework.remoting.httpinvoker.HttpInvokerServiceExporter">
+        <property name="service" ref="sampleManager"/>
+        <property name="serviceInterface" value="org.apache.shiro.samples.spring.SampleManager"/>
+        <property name="remoteInvocationExecutor" ref="secureRemoteInvocationExecutor"/>
+    </bean>
+
+</beans>

http://git-wip-us.apache.org/repos/asf/shiro/blob/46bcb3b2/samples/spring-xml/src/main/webapp/WEB-INF/resources-servlet.xml
----------------------------------------------------------------------
diff --git a/samples/spring-xml/src/main/webapp/WEB-INF/resources-servlet.xml b/samples/spring-xml/src/main/webapp/WEB-INF/resources-servlet.xml
new file mode 100644
index 0000000..8e06bd6
--- /dev/null
+++ b/samples/spring-xml/src/main/webapp/WEB-INF/resources-servlet.xml
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Licensed to the Apache Software Foundation (ASF) under one
+  ~ or more contributor license agreements.  See the NOTICE file
+  ~ distributed with this work for additional information
+  ~ regarding copyright ownership.  The ASF licenses this file
+  ~ to you under the Apache License, Version 2.0 (the
+  ~ "License"); you may not use this file except in compliance
+  ~ with the License.  You may obtain a copy of the License at
+  ~
+  ~     http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing,
+  ~ software distributed under the License is distributed on an
+  ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  ~ KIND, either express or implied.  See the License for the
+  ~ specific language governing permissions and limitations
+  ~ under the License.
+  -->
+<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
+
+<beans xmlns="http://www.springframework.org/schema/beans"
+       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+       xmlns:mvc="http://www.springframework.org/schema/mvc"
+       xmlns:tx="http://www.springframework.org/schema/tx"
+       xmlns:context="http://www.springframework.org/schema/context"
+       xsi:schemaLocation="http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.1.xsd
+                    http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.1.xsd
+                    http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
+                    http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd">
+
+    <mvc:resources mapping="/*.jar" location="/WEB-INF/resources/" />
+
+</beans>
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/shiro/blob/46bcb3b2/samples/spring-xml/src/main/webapp/WEB-INF/resources/include.jsp
----------------------------------------------------------------------
diff --git a/samples/spring-xml/src/main/webapp/WEB-INF/resources/include.jsp b/samples/spring-xml/src/main/webapp/WEB-INF/resources/include.jsp
new file mode 100644
index 0000000..f65884f
--- /dev/null
+++ b/samples/spring-xml/src/main/webapp/WEB-INF/resources/include.jsp
@@ -0,0 +1,24 @@
+<%--
+  ~ Licensed to the Apache Software Foundation (ASF) under one
+  ~ or more contributor license agreements.  See the NOTICE file
+  ~ distributed with this work for additional information
+  ~ regarding copyright ownership.  The ASF licenses this file
+  ~ to you under the Apache License, Version 2.0 (the
+  ~ "License"); you may not use this file except in compliance
+  ~ with the License.  You may obtain a copy of the License at
+  ~
+  ~     http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing,
+  ~ software distributed under the License is distributed on an
+  ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  ~ KIND, either express or implied.  See the License for the
+  ~ specific language governing permissions and limitations
+  ~ under the License.
+  --%>
+<%@ page session="false" %>
+
+<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
+<%@ taglib prefix="fmt" uri="http://java.sun.com/jsp/jstl/fmt" %>
+<%@ taglib prefix="spring" uri="http://www.springframework.org/tags" %>
+<%@ taglib prefix="shiro" uri="http://shiro.apache.org/tags" %>
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/shiro/blob/46bcb3b2/samples/spring-xml/src/main/webapp/WEB-INF/resources/login.jsp
----------------------------------------------------------------------
diff --git a/samples/spring-xml/src/main/webapp/WEB-INF/resources/login.jsp b/samples/spring-xml/src/main/webapp/WEB-INF/resources/login.jsp
new file mode 100644
index 0000000..c1cc7cc
--- /dev/null
+++ b/samples/spring-xml/src/main/webapp/WEB-INF/resources/login.jsp
@@ -0,0 +1,51 @@
+<%--
+  ~ Licensed to the Apache Software Foundation (ASF) under one
+  ~ or more contributor license agreements.  See the NOTICE file
+  ~ distributed with this work for additional information
+  ~ regarding copyright ownership.  The ASF licenses this file
+  ~ to you under the Apache License, Version 2.0 (the
+  ~ "License"); you may not use this file except in compliance
+  ~ with the License.  You may obtain a copy of the License at
+  ~
+  ~     http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing,
+  ~ software distributed under the License is distributed on an
+  ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  ~ KIND, either express or implied.  See the License for the
+  ~ specific language governing permissions and limitations
+  ~ under the License.
+  --%>
+<%@ include file="include.jsp" %>
+
+<html>
+
+<head>
+    <link type="text/css" rel="stylesheet" href="<c:url value="/shiro.css"/>"/>
+</head>
+
+<body onload="document.forms[0].elements[0].focus();">
+
+<div id="contentBox">
+
+    <h1>Shiro Login</h1>
+
+    <p>
+        <span style="color: red;">
+            <spring:bind path="command.*">
+                ${status.errorMessage}
+            </spring:bind>
+        </span>
+    </p>
+
+    <form action="login" method="POST">
+        Username: <input id="username" name="username" type="text"/><br/><br/>
+        Password: <input name="password" type="password"/><br/><br/>
+        <input type="submit" value="Login"/>
+    </form>
+
+    <p>Try logging in with username/passwords: user1/user1 and user2/user2.</p>
+</div>
+</body>
+
+</html>

http://git-wip-us.apache.org/repos/asf/shiro/blob/46bcb3b2/samples/spring-xml/src/main/webapp/WEB-INF/resources/sampleIndex.jsp
----------------------------------------------------------------------
diff --git a/samples/spring-xml/src/main/webapp/WEB-INF/resources/sampleIndex.jsp b/samples/spring-xml/src/main/webapp/WEB-INF/resources/sampleIndex.jsp
new file mode 100644
index 0000000..f81a6ec
--- /dev/null
+++ b/samples/spring-xml/src/main/webapp/WEB-INF/resources/sampleIndex.jsp
@@ -0,0 +1,85 @@
+<%--
+  ~ Licensed to the Apache Software Foundation (ASF) under one
+  ~ or more contributor license agreements.  See the NOTICE file
+  ~ distributed with this work for additional information
+  ~ regarding copyright ownership.  The ASF licenses this file
+  ~ to you under the Apache License, Version 2.0 (the
+  ~ "License"); you may not use this file except in compliance
+  ~ with the License.  You may obtain a copy of the License at
+  ~
+  ~     http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing,
+  ~ software distributed under the License is distributed on an
+  ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  ~ KIND, either express or implied.  See the License for the
+  ~ specific language governing permissions and limitations
+  ~ under the License.
+  --%>
+<%@ include file="include.jsp" %>
+
+<html>
+
+<head>
+    <link type="text/css" rel="stylesheet" href="<c:url value="/shiro.css"/>"/>
+</head>
+
+<body>
+
+<div id="contentBox">
+    <img src="<c:url value="/logo.png"/>" style="margin-top:20px; border:0"/><br/>
+
+    <h2>You have successfully logged in as <shiro:principal/>.</h2>
+
+    Session ID: ${subjectSession.id}
+
+    <h3>Session Attribute Keys</h3>
+    <table border="1">
+        <tr>
+            <th>Key</th>
+            <th>Value</th>
+        </tr>
+        <c:forEach items="${sessionAttributes}" var="entry">
+            <tr>
+                <td>${entry.key}</td>
+                <td>${entry.value}</td>
+            </tr>
+        </c:forEach>
+    </table>
+
+    <p style="font-weight: bold;">
+        <shiro:hasRole name="role1">You have role 1.<br/></shiro:hasRole>
+        <shiro:lacksRole name="role1">You do not have role 1.<br/></shiro:lacksRole>
+        <shiro:hasRole name="role2">You have role 2.<br/></shiro:hasRole>
+        <shiro:lacksRole name="role2">You do not have role 2.<br/></shiro:lacksRole>
+    </p>
+
+    <p style="font-weight: bold;">
+        <shiro:hasPermission name="permission1">You have permission 1.<br/></shiro:hasPermission>
+        <shiro:lacksPermission name="permission1">You do not have permission 1.<br/></shiro:lacksPermission>
+        <shiro:hasPermission name="permission2">You have permission 2.<br/></shiro:hasPermission>
+        <shiro:lacksPermission name="permission2">You do not have permission 2.<br/></shiro:lacksPermission>
+    </p>
+
+
+    <form action="<c:url value="/s/index"/>" method="POST">
+        Enter value here to store in session: <input type="text" name="value" value="${command.value}" size="30"/>
+        <input type="submit" value="Save"/>
+        <button type="button" onclick="document.location.href='<c:url value="/s/index"/>';">Refresh</button>
+    </form>
+
+
+    <p>
+        Click <a href="<c:url value="/s/shiro.jnlp?sessionId=${subjectSession.id}"/>">here</a> to launch webstart
+        application. (Need to be running <span style="font-weight:bold">mvn jetty:run-exploded</span> to have webstart
+        app
+        resources available through the webapp context)
+    </p>
+
+
+    <p>
+        Click <a href="<c:url value="/s/logout"/>">here</a> to logout.
+    </p>
+</div>
+</body>
+</html>
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/shiro/blob/46bcb3b2/samples/spring-xml/src/main/webapp/WEB-INF/sample-servlet.xml
----------------------------------------------------------------------
diff --git a/samples/spring-xml/src/main/webapp/WEB-INF/sample-servlet.xml b/samples/spring-xml/src/main/webapp/WEB-INF/sample-servlet.xml
new file mode 100644
index 0000000..055487f
--- /dev/null
+++ b/samples/spring-xml/src/main/webapp/WEB-INF/sample-servlet.xml
@@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Licensed to the Apache Software Foundation (ASF) under one
+  ~ or more contributor license agreements.  See the NOTICE file
+  ~ distributed with this work for additional information
+  ~ regarding copyright ownership.  The ASF licenses this file
+  ~ to you under the Apache License, Version 2.0 (the
+  ~ "License"); you may not use this file except in compliance
+  ~ with the License.  You may obtain a copy of the License at
+  ~
+  ~     http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing,
+  ~ software distributed under the License is distributed on an
+  ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  ~ KIND, either express or implied.  See the License for the
+  ~ specific language governing permissions and limitations
+  ~ under the License.
+  -->
+<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
+
+<!--
+  - Application context definition for "sample" DispatcherServlet.
+  -->
+
+<beans>
+
+    <bean id="urlMapping" class="org.springframework.web.servlet.handler.SimpleUrlHandlerMapping">
+        <property name="mappings">
+            <props>
+                <prop key="index">indexController</prop>
+                <prop key="shiro.jnlp">jnlpController</prop>
+                <prop key="login">loginController</prop>
+                <prop key="logout">logoutController</prop>
+                <prop key="unauthorized">loginController</prop>
+            </props>
+        </property>
+    </bean>
+
+    <bean id="viewResolver" class="org.springframework.web.servlet.view.InternalResourceViewResolver">
+        <property name="viewClass" value="org.springframework.web.servlet.view.InternalResourceView"/>
+        <property name="prefix" value="/WEB-INF/resources/"/>
+        <property name="suffix" value=".jsp"/>
+    </bean>
+
+    <!-- =========================================================
+         Spring controllers
+         ========================================================= -->
+    <bean name="loginController" class="org.apache.shiro.samples.spring.web.LoginController">
+        <property name="commandClass" value="org.apache.shiro.samples.spring.web.LoginCommand"/>
+        <property name="formView" value="login"/>
+        <property name="successView" value="redirect:/s/index"/>
+    </bean>
+
+    <bean name="logoutController" class="org.apache.shiro.samples.spring.web.LogoutController"/>
+
+    <bean id="jnlpController" class="org.apache.shiro.samples.spring.web.JnlpController">
+        <property name="jnlpView" value="shiro.jnlp"/>
+    </bean>
+
+    <bean id="indexController" class="org.apache.shiro.samples.spring.web.IndexController">
+        <property name="commandClass" value="org.apache.shiro.samples.spring.web.SessionValueCommand"/>
+        <property name="formView" value="sampleIndex"/>
+        <property name="successView" value="sampleIndex"/>
+        <property name="sampleManager" ref="sampleManager"/>
+    </bean>
+
+    <bean name="urlController" class="org.springframework.web.servlet.mvc.UrlFilenameViewController"/>
+
+</beans>

http://git-wip-us.apache.org/repos/asf/shiro/blob/46bcb3b2/samples/spring-xml/src/main/webapp/WEB-INF/web.xml
----------------------------------------------------------------------
diff --git a/samples/spring-xml/src/main/webapp/WEB-INF/web.xml b/samples/spring-xml/src/main/webapp/WEB-INF/web.xml
new file mode 100644
index 0000000..bd3ef28
--- /dev/null
+++ b/samples/spring-xml/src/main/webapp/WEB-INF/web.xml
@@ -0,0 +1,117 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+  ~ Licensed to the Apache Software Foundation (ASF) under one
+  ~ or more contributor license agreements.  See the NOTICE file
+  ~ distributed with this work for additional information
+  ~ regarding copyright ownership.  The ASF licenses this file
+  ~ to you under the Apache License, Version 2.0 (the
+  ~ "License"); you may not use this file except in compliance
+  ~ with the License.  You may obtain a copy of the License at
+  ~
+  ~     http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing,
+  ~ software distributed under the License is distributed on an
+  ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  ~ KIND, either express or implied.  See the License for the
+  ~ specific language governing permissions and limitations
+  ~ under the License.
+  -->
+<web-app version="2.4"
+         xmlns="http://java.sun.com/xml/ns/j2ee"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
+
+    <!-- ==================================================================
+         Context parameters
+         ================================================================== -->
+    <context-param>
+        <param-name>contextConfigLocation</param-name>
+        <param-value>/WEB-INF/applicationContext.xml</param-value>
+    </context-param>
+
+    <!--
+    - Key of the system property that should specify the root directory of this
+    - web app. Applied by WebAppRootListener or Log4jConfigListener.
+    -->
+    <context-param>
+        <param-name>webAppRootKey</param-name>
+        <param-value>spring-sample.webapp.root</param-value>
+    </context-param>
+
+    <!-- ==================================================================
+         Servlet listeners
+         ================================================================== -->
+    <listener>
+        <listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
+    </listener>
+    <listener>
+        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
+    </listener>
+
+    <!-- ==================================================================
+         Filters
+         ================================================================== -->
+    <!-- Shiro Filter is defined in the spring application context: -->
+    <filter>
+        <filter-name>shiroFilter</filter-name>
+        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
+        <init-param>
+            <param-name>targetFilterLifecycle</param-name>
+            <param-value>true</param-value>
+        </init-param>
+    </filter>
+
+    <filter-mapping>
+        <filter-name>shiroFilter</filter-name>
+        <url-pattern>/*</url-pattern>
+    </filter-mapping>
+
+    <!-- ==================================================================
+         Servlets
+         ================================================================== -->
+    <servlet>
+        <servlet-name>resources</servlet-name>
+        <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
+        <load-on-startup>1</load-on-startup>
+    </servlet>
+
+
+
+    <servlet>
+        <servlet-name>sample</servlet-name>
+        <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
+        <load-on-startup>1</load-on-startup>
+    </servlet>
+
+    <servlet-mapping>
+        <servlet-name>sample</servlet-name>
+        <url-pattern>/s/*</url-pattern>
+    </servlet-mapping>
+
+    <servlet>
+        <servlet-name>remoting</servlet-name>
+        <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
+        <load-on-startup>1</load-on-startup>
+    </servlet>
+
+    <servlet-mapping>
+        <servlet-name>remoting</servlet-name>
+        <url-pattern>/remoting/*</url-pattern>
+    </servlet-mapping>
+
+
+    <servlet-mapping>
+        <servlet-name>resources</servlet-name>
+        <url-pattern>/</url-pattern>
+    </servlet-mapping>
+
+    <!-- ==================================================================
+         Welcome file list
+         ================================================================== -->
+    <welcome-file-list>
+        <welcome-file>index.jsp</welcome-file>
+    </welcome-file-list>
+
+</web-app>

http://git-wip-us.apache.org/repos/asf/shiro/blob/46bcb3b2/samples/spring-xml/src/main/webapp/index.jsp
----------------------------------------------------------------------
diff --git a/samples/spring-xml/src/main/webapp/index.jsp b/samples/spring-xml/src/main/webapp/index.jsp
new file mode 100644
index 0000000..152cdc4
--- /dev/null
+++ b/samples/spring-xml/src/main/webapp/index.jsp
@@ -0,0 +1,29 @@
+<%--
+  ~ Licensed to the Apache Software Foundation (ASF) under one
+  ~ or more contributor license agreements.  See the NOTICE file
+  ~ distributed with this work for additional information
+  ~ regarding copyright ownership.  The ASF licenses this file
+  ~ to you under the Apache License, Version 2.0 (the
+  ~ "License"); you may not use this file except in compliance
+  ~ with the License.  You may obtain a copy of the License at
+  ~
+  ~     http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing,
+  ~ software distributed under the License is distributed on an
+  ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  ~ KIND, either express or implied.  See the License for the
+  ~ specific language governing permissions and limitations
+  ~ under the License.
+  --%>
+<%@ page session="false" %>
+<%@ include file="/WEB-INF/resources/include.jsp" %>
+<html>
+<head>
+    <meta http-equiv="Refresh" content="0; url=<c:url value="/s/login"/>">
+</head>
+<body>
+Please wait...
+</body>
+
+</html>
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/shiro/blob/46bcb3b2/samples/spring-xml/src/main/webapp/logo.png
----------------------------------------------------------------------
diff --git a/samples/spring-xml/src/main/webapp/logo.png b/samples/spring-xml/src/main/webapp/logo.png
new file mode 100644
index 0000000..901d6ec
Binary files /dev/null and b/samples/spring-xml/src/main/webapp/logo.png differ

http://git-wip-us.apache.org/repos/asf/shiro/blob/46bcb3b2/samples/spring-xml/src/main/webapp/shiro.css
----------------------------------------------------------------------
diff --git a/samples/spring-xml/src/main/webapp/shiro.css b/samples/spring-xml/src/main/webapp/shiro.css
new file mode 100644
index 0000000..4bb9bdf
--- /dev/null
+++ b/samples/spring-xml/src/main/webapp/shiro.css
@@ -0,0 +1,48 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+body {
+    margin: 1px;
+    padding: 1px;
+    background: #fff;
+    font: 12px 'Lucida Grande', Geneva, Verdana, Arial, sans-serif;
+    color: #000;
+}
+
+table, td {
+    font: 12px 'Lucida Grande', Geneva, Verdana, Arial, sans-serif;
+    color: #000;
+}
+
+h1 {
+    font: 24px;
+}
+
+img {
+    border: thin black solid;
+}
+
+#contentBox {
+    text-align: center;
+    width: 50%;
+    margin: auto;
+    margin-top: 50px;
+    color: black;
+    background: #eee;
+    border: thick #ccc solid;
+}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/shiro/blob/46bcb3b2/samples/spring/README.md
----------------------------------------------------------------------
diff --git a/samples/spring/README.md b/samples/spring/README.md
new file mode 100644
index 0000000..6c3861e
--- /dev/null
+++ b/samples/spring/README.md
@@ -0,0 +1,13 @@
+Apache Shiro + Spring Web Example
+=================================
+
+This example creates a web application (WAR packaged) to demonstrate configuring Apache Shiro via Spring.  This example also includes a Spring Remoting example.
+
+Run the Example
+---------------
+
+```
+mvn jetty:run
+```
+
+Browse to `http://localhost:8080/shiro-samples-spring`


Mime
View raw message