shiro-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bdem...@apache.org
Subject svn commit: r1830935 - in /shiro/site/publish: 10-minute-tutorial.html authentication-features.html authentication.html java-authentication-guide.html java-authorization-guide.html what-is-shiro.html
Date Fri, 04 May 2018 19:28:08 GMT
Author: bdemers
Date: Fri May  4 19:28:08 2018
New Revision: 1830935

URL: http://svn.apache.org/viewvc?rev=1830935&view=rev
Log:
merging handful of shiro site PRs

Modified:
    shiro/site/publish/10-minute-tutorial.html
    shiro/site/publish/authentication-features.html
    shiro/site/publish/authentication.html
    shiro/site/publish/java-authentication-guide.html
    shiro/site/publish/java-authorization-guide.html
    shiro/site/publish/what-is-shiro.html

Modified: shiro/site/publish/10-minute-tutorial.html
URL: http://svn.apache.org/viewvc/shiro/site/publish/10-minute-tutorial.html?rev=1830935&r1=1830934&r2=1830935&view=diff
==============================================================================
--- shiro/site/publish/10-minute-tutorial.html (original)
+++ shiro/site/publish/10-minute-tutorial.html Fri May  4 19:28:08 2018
@@ -233,7 +233,7 @@
 <script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#pubid=ra-4d66ef016022c3bd"></script>
 <a name="10MinuteTutorial-Introduction"></a>
 <h2><a href="#introduction" name="introduction">Introduction</a></h2>
-<p>Welcome to Apache Shiro&rsquo;s 10 Minute Tutoral!</p>
+<p>Welcome to Apache Shiro&rsquo;s 10 Minute Tutorial!</p>
 <p>By going through this quick and simple tutorial you should fully understand how
a developer uses Shiro in their application. And you should be able to do it in under 10 minutes.</p>
 <a name="10MinuteTutorial-Overview"></a>
 <h2><a href="#overview" name="overview">Overview</a></h2>

Modified: shiro/site/publish/authentication-features.html
URL: http://svn.apache.org/viewvc/shiro/site/publish/authentication-features.html?rev=1830935&r1=1830934&r2=1830935&view=diff
==============================================================================
--- shiro/site/publish/authentication-features.html (original)
+++ shiro/site/publish/authentication-features.html Fri May  4 19:28:08 2018
@@ -251,7 +251,7 @@
   <li>
   <p><strong>Rich Exception Hierarchy</strong> - Shiro offers a rich exception
hierarchy to offered detailed explanations for why a login failed. The hierarchy can help
you more easily diagnose code bugs or customer services issues related to authentication.
In addition, the richness can help you create more complex authentication functionality if
needed.</p></li>
   <li>
-  <p><strong>&lsquo;Remember Me&rsquo; built in</strong> - Standard
in the Shiro API is the ability to remember your users if they return to your application.
You can offer a better user experience to your them with minimal development effort.</p></li>
+  <p><strong>&lsquo;Remember Me&rsquo; built in</strong> - Standard
in the Shiro API is the ability to remember your users if they return to your application.
You can offer a better user experience to them with minimal development effort.</p></li>
   <li>
   <p><strong>Pluggable data sources</strong> - Shiro uses pluggable data
access objects (DAOs), called Realms, to connect to security data sources like LDAP and Active
Directory. To help you avoid building and maintaining integrations yourself, Shiro provides
out-of-the-box realms for popular data sources like LDAP, Active Directory, and JDBC. If needed,
you can also create your own realms to support specific functionality not included in the
basic realms.</p></li>
   <li>

Modified: shiro/site/publish/authentication.html
URL: http://svn.apache.org/viewvc/shiro/site/publish/authentication.html?rev=1830935&r1=1830934&r2=1830935&view=diff
==============================================================================
--- shiro/site/publish/authentication.html (original)
+++ shiro/site/publish/authentication.html Fri May  4 19:28:08 2018
@@ -319,7 +319,7 @@ currentUser.login(token);
 <h3>Step 3: Handling Success or Failure</h3>
 <p>If the <code>login</code> method returns quietly, that&rsquo;s it
- we&rsquo;re done! The <code>Subject</code> has been authenticated. The application
thread can continue uninterrupted and all further calls to <code>SecurityUtils.getSubject()</code>
will return the authenticated <code>Subject</code> instance, and any calls to
<code>subject.</code> <a href="static/current/apidocs/org/apache/shiro/subject/Subject.html#isAuthenticated--"><code>isAuthenticated()</code></a>
will return <code>true</code>.</p>
 <p>But what happens if the login attempt failed? For example, what if the end-user
supplied an incorrect password, or accessed the system too many times and maybe their account
is locked?</p>
-<p>Shiro has a rich runtime <a href="static/current/apidocs/org/apache/shiro/authz/AuthorizationException.html"><code>AuthenticationException</code></a>
hierarchy that can indicate exactly why the attempt failed. You can wrap <code>login</code>
in a <code>try/catch</code> block and catch any exception you wish and react to
them accordingly. For example:</p>
+<p>Shiro has a rich runtime <a href="static/current/apidocs/org/apache/shiro/authc/AuthenticationException.html"><code>AuthenticationException</code></a>
hierarchy that can indicate exactly why the attempt failed. You can wrap <code>login</code>
in a <code>try/catch</code> block and catch any exception you wish and react to
them accordingly. For example:</p>
 <pre><code class="java">try {
     currentUser.login(token);
 } catch ( UnknownAccountException uae ) { ...

Modified: shiro/site/publish/java-authentication-guide.html
URL: http://svn.apache.org/viewvc/shiro/site/publish/java-authentication-guide.html?rev=1830935&r1=1830934&r2=1830935&view=diff
==============================================================================
--- shiro/site/publish/java-authentication-guide.html (original)
+++ shiro/site/publish/java-authentication-guide.html Fri May  4 19:28:08 2018
@@ -245,7 +245,7 @@
 <h2>Terminology you&rsquo;ll need</h2>
 <ul>
   <li>
-  <p><strong>Subject</strong> - Security specific user &lsquo;view&rsquo;
of an application user. It can be a human being, a third-party process, a server connecting
to you application application, or even a cron job. Basically, it is anything or anyone communicating
with your application.</p></li>
+  <p><strong>Subject</strong> - Security specific user &lsquo;view&rsquo;
of an application user. It can be a human being, a third-party process, a server connecting
to you application, or even a cron job. Basically, it is anything or anyone communicating
with your application.</p></li>
   <li>
   <p><strong>Principals</strong> - A subjects identifying attributes. First
name, last name, social security number, username</p></li>
   <li>

Modified: shiro/site/publish/java-authorization-guide.html
URL: http://svn.apache.org/viewvc/shiro/site/publish/java-authorization-guide.html?rev=1830935&r1=1830934&r2=1830935&view=diff
==============================================================================
--- shiro/site/publish/java-authorization-guide.html (original)
+++ shiro/site/publish/java-authorization-guide.html Fri May  4 19:28:08 2018
@@ -266,7 +266,7 @@
 <p>There are two types of roles that you need to be aware of and Shiro will support
both.</p>
 <a name="JavaAuthorizationGuide-ImplicitRoles"></a>
 <h4><a href="#implicit-roles" name="implicit-roles">Implicit Roles</a></h4>
-<p>Most people view roles as what we define as an implicit role where your application
<em>implies</em> a set of permissions because a user has a particular role as
opposed to the role explicitly being assigned permissions or your application checking for
those permissions. Role checks in code are generally a reflection of an implicit role. You
can view patient data because you have the <em>administrator</em> role. You can
create an account because you have the <em>bank teller</em> role. The fact that
these names exist does not have a correlation to what the software can actually do. Most people
use roles in this manner. It is easiest but it can create a lot of maintenance and management
problems for all the but the simplest application.</p>
+<p>Most people view roles as what we define as an implicit role where your application
<em>implies</em> a set of permissions because a user has a particular role as
opposed to the role explicitly being assigned permissions or your application checking for
those permissions. Role checks in code are generally a reflection of an implicit role. You
can view patient data because you have the <em>administrator</em> role. You can
create an account because you have the <em>bank teller</em> role. The fact that
these names exist does not have a correlation to what the software can actually do. Most people
use roles in this manner. It is easiest but it can create a lot of maintenance and management
problems for all but the simplest application.</p>
 <a name="JavaAuthorizationGuide-ExplicitRoles"></a>
 <h4><a href="#explicit-roles" name="explicit-roles">Explicit Roles</a></h4>
 <p>An explicit role has permissions <em>explicitly</em> assigned to it
and therefore is an <em>explicit</em> collection of permissions. Permission checks
in code are a reflection of an explicit role. You can view patient data because because you
have the <em>view patient data</em> permission as part of your <em>administrator</em>
role. You can create an account because you have the <em>create account</em> permission
as part of your <em>bank teller</em> role. You can perform these actions, not
because of some implicit role name based on a string but because the corresponding permission
was explicitly assigned to your role.</p>

Modified: shiro/site/publish/what-is-shiro.html
URL: http://svn.apache.org/viewvc/shiro/site/publish/what-is-shiro.html?rev=1830935&r1=1830934&r2=1830935&view=diff
==============================================================================
--- shiro/site/publish/what-is-shiro.html (original)
+++ shiro/site/publish/what-is-shiro.html Fri May  4 19:28:08 2018
@@ -230,7 +230,7 @@
   <li>Java security should be <em>really easy</em> to understand and use
in your own applications.</li>
   <li>Existing Java security mechanisms (like JAAS) are too confusing and fall way
short in the area of application-level security.</li>
   <li>Authentication and Authorization functionality should be as pluggable and flexible
as possible.</li>
-  <li>Authentication and Authorization are only half of a robust security framework.
Enterprise Session Management and easy Cryptography services are the the other half.</li>
+  <li>Authentication and Authorization are only half of a robust security framework.
Enterprise Session Management and easy Cryptography services are the other half.</li>
   <li><b>Session Management should not be tied to web or EJB applications</b>.
We believe Sessions are a business-tier concern that should be accessible in any client or
server environment.</li>
   <li>Heterogeneous client mediums (HTTP requests, Applets, Java Web Start, C# applications,
etc) should be able to participate in the same Session, regardless of the client technology.</li>
   <li>Security code should be eliminated as much as possible in favor of a cleaner
declarative security model utilizing JDK 1.5 Annotations or XML, whichever you prefer.</li>



Mime
View raw message