shiro-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bdem...@apache.org
Subject svn commit: r1778445 - in /shiro/site/publish: authorization-features.html java-authentication-guide.html
Date Thu, 12 Jan 2017 15:41:34 GMT
Author: bdemers
Date: Thu Jan 12 15:41:34 2017
New Revision: 1778445

URL: http://svn.apache.org/viewvc?rev=1778445&view=rev
Log:
updates from PR-5 and PR-6

Modified:
    shiro/site/publish/authorization-features.html
    shiro/site/publish/java-authentication-guide.html

Modified: shiro/site/publish/authorization-features.html
URL: http://svn.apache.org/viewvc/shiro/site/publish/authorization-features.html?rev=1778445&r1=1778444&r2=1778445&view=diff
==============================================================================
--- shiro/site/publish/authorization-features.html (original)
+++ shiro/site/publish/authorization-features.html Thu Jan 12 15:41:34 2017
@@ -251,7 +251,7 @@
   <li>
   <p><strong>Strong caching support</strong> - Any of the modern open-source
and/or enterprise caching products can be plugged in to Shiro to provide a fast and efficient
user-experience. For authorization, caching is crucial for performance in larger environments
or with more complex policies using back-end security data sources.</p></li>
   <li>
-  <p><strong>Pluggable data sources</strong> - Shiro uses pluggable data
access objects, referred to as Realms, to connect to security data sources where you keep
your access control information, like a LDAP or a relational database. To help you avoid building
and maintaining integrations yourself, Shiro provides out-of-the-box realms for popular data
sources like LDAP, Active Directory, Kerboros, and JDBC. If needed, you can also create your
own realms to support specific functionality not included in the basic realms.</p></li>
+  <p><strong>Pluggable data sources</strong> - Shiro uses pluggable data
access objects, referred to as Realms, to connect to security data sources where you keep
your access control information, like a LDAP or a relational database. To help you avoid building
and maintaining integrations yourself, Shiro provides out-of-the-box realms for popular data
sources like LDAP, Active Directory, Kerberos, and JDBC. If needed, you can also create your
own realms to support specific functionality not included in the basic realms.</p></li>
   <li>
   <p><strong>Supports any data model</strong> - Shiro can support any data
model for access control&ndash; it doesn&rsquo;t force a model on you. Your realm
implementation ultimately decides how your permissions and roles are grouped together and
whether to return a &ldquo;yes&rdquo; or a &ldquo;no&rdquo; answer to Shiro.
This feature allows you to architect your application in the manner you chose and Shiro will
bend to support you.<br/><input type="hidden" id="ghEditPage" value="authorization-features.md"></input></p></li>
 </ul>    

Modified: shiro/site/publish/java-authentication-guide.html
URL: http://svn.apache.org/viewvc/shiro/site/publish/java-authentication-guide.html?rev=1778445&r1=1778444&r2=1778445&view=diff
==============================================================================
--- shiro/site/publish/java-authentication-guide.html (original)
+++ shiro/site/publish/java-authentication-guide.html Thu Jan 12 15:41:34 2017
@@ -288,7 +288,7 @@ Subject currentUser = SecurityUtils.getS
 //into the login method 
 currentUser.login(token);
 </code></pre>
-<p>First, we need to acquire the currently executing user, referred to as the subject.
A subject is just a security specific view of the user&mdash;-it can be a human, a process,
cron job, doesn&amp;#8217;t matter. In Shiro, there is always a subject instance available
to the currently executing thread. The concept of a subject is core to Shiro and most of the
framework is centered around working with subjects. In this example, we will name this instance
of subject currentUser.</p>
+<p>First, we need to acquire the currently executing user, referred to as the subject.
A subject is just a security specific view of the user&mdash;-it can be a human, a process,
cron job, doesn&rsquo;t matter. In Shiro, there is always a subject instance available
to the currently executing thread. The concept of a subject is core to Shiro and most of the
framework is centered around working with subjects. In this example, we will name this instance
of subject currentUser.</p>
 <p>To acquire the subject, we use the <a href="static/current/apidocs/org/apache/shiro/SecurityUtils.html">SecurityUtils</a>
class which is also a core pat of Shiro&rsquo;s API. It will acquire the currently executing
user via the <a href="static/current/apidocs/org/apache/shiro/SecurityUtils.html#getSubject--"><code>getsubject()</code></a>
method call. And we get back a subject instance that is representing who the current user
is who is interacting with the system. At this point in the example, the subject currentUser
is anonymous. There is no identity associated with them.</p>
 <p>Now with the user representation in hand, we authenticate them by just calling the
<a href="static/current/apidocs/org/apache/shiro/subject/Subject.html#login-org.apache.shiro.authc.AuthenticationToken-"><code>login()</code></a>)
method and submit the token we just constructed a second ago.</p>
 <a name="JavaAuthenticationGuide-Step3Allowaccess%2Cretryauthentication%2Corblockaccess"></a>



Mime
View raw message