blob: 76aacb8767e57ae83dbb870c344c9c029b9dc5ae [file] [log] [blame]
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width,initial-scale=1">
<title>Security :: Apache Isis</title>
<link rel="canonical" href="https://isis.apache.org/security/2.0.0-M6/about.html">
<meta name="generator" content="Antora 2.3.4">
<link rel="stylesheet" href="../../_/css/site.css">
<link rel="stylesheet" href="../../_/css/site-custom.css">
<link href="https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,700,700i|Raleway:300,400,500,700,800|Montserrat:300,400,700" rel="stylesheet">
<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/docsearch.js@2/dist/cdn/docsearch.min.css"/>
<link rel="home" href="https://isis.apache.org" title="Apache Isis">
<link rel="next" href="core/about.html" title="Security Component SPI">
</head>
<body class="article">
<header class="header">
<nav class="navbar">
<div class="navbar-brand">
<a class="navbar-item" href="https://isis.apache.org">
<span class="icon">
<img src="../../_/img/isis-logo-48x48.png"></img>
</span>
<span>Apache Isis</span>
</a>
<button class="navbar-burger" data-target="topbar-nav">
<span></span>
<span></span>
<span></span>
</button>
</div>
<div id="topbar-nav" class="navbar-menu">
<a class="navbar-end">
<div class="navbar-item hide-for-print">
<span>
<input id="algolia-search-input" placeholder="Search"></span>
</span>
</div>
<div class="navbar-item has-dropdown is-hoverable">
<a class="navbar-link" href="#">Quick Start</a>
<div class="navbar-dropdown">
<span class="navbar-item navbar-heading">Starter Apps</span>
<a class="navbar-item" href="../../docs/2.0.0-M6/starters/helloworld.html">Hello World</a>
<a class="navbar-item" href="../../docs/2.0.0-M6/starters/simpleapp.html">Simple App</a>
<hr class="navbar-divider"/>
<span class="navbar-item navbar-heading">Demos &amp; Tutorials</span>
<a class="navbar-item" href="../../docs/2.0.0-M6/demo/about.html">Demo App</a>
<a class="navbar-item" href="https://danhaywood.gitlab.io/isis-petclinic-tutorial-docs/petclinic/1.16.2/intro.html">Petclinic (tutorial)</a>
<hr class="navbar-divider"/>
<span class="navbar-item navbar-heading">Resources</span>
<a class="navbar-item" href="../../docs/2.0.0-M6/resources/cheatsheet.html">Cheatsheet</a>
<a class="navbar-item" href="../../docs/2.0.0-M6/resources/icons.html">Icons</a>
</div>
</div>
<div class="navbar-item has-dropdown is-hoverable">
<a class="navbar-link" href="#">Guides</a>
<div class="navbar-dropdown">
<span class="navbar-item navbar-heading">Development</span>
<a class="navbar-item" href="../../setupguide/2.0.0-M6/about.html">Setup Guide</a>
<hr class="navbar-divider"/>
<span class="navbar-item navbar-heading">Core</span>
<a class="navbar-item" href="../../userguide/2.0.0-M6/about.html">User Guide</a>
<a class="navbar-item" href="../../refguide/2.0.0-M6/about.html">Reference Guide</a>
<a class="navbar-item" href="../../testing/2.0.0-M6/about.html">Testing Guide</a>
</div>
</div>
<div class="navbar-item has-dropdown is-hoverable">
<a class="navbar-link" href="#">Components</a>
<div class="navbar-dropdown">
<span class="navbar-item navbar-heading">Viewers</span>
<a class="navbar-item" href="../../vw/2.0.0-M6/about.html">Web UI (Wicket)</a>
<a class="navbar-item" href="../../vro/2.0.0-M6/about.html">REST API (Restful Objects)</a>
<hr class="navbar-divider"/>
<span class="navbar-item navbar-heading">Persistence</span>
<a class="navbar-item" href="../../pjpa/2.0.0-M6/about.html">JPA (EclipseLink)</a>
<a class="navbar-item" href="../../pjdo/2.0.0-M6/about.html">JDO (DataNucleus)</a>
<hr class="navbar-divider"/>
<span class="navbar-item navbar-heading">Security</span>
<a class="navbar-item" href="../../security/2.0.0-M6/about.html">Security Guide</a>
<hr class="navbar-divider"/>
</div>
</div>
<div class="navbar-item has-dropdown is-hoverable">
<a class="navbar-link" href="#">Libraries</a>
<div class="navbar-dropdown">
<span class="navbar-item navbar-heading">For Use in Apps</span>
<a class="navbar-item" href="../../subdomains/2.0.0-M6/about.html">Subdomain Libraries</a>
<a class="navbar-item" href="../../valuetypes/2.0.0-M6/about.html">Value Type Catalog</a>
<hr class="navbar-divider"/>
<span class="navbar-item navbar-heading">Integrate between Apps</span>
<a class="navbar-item" href="../../mappings/2.0.0-M6/about.html">Bounded Context Mapping Libraries</a>
<hr class="navbar-divider"/>
<span class="navbar-item navbar-heading">Extending the framework itself</span>
<a class="navbar-item" href="../../extensions/2.0.0-M6/about.html">Extensions Catalog</a>
</div>
</div>
<div class="navbar-item has-dropdown is-hoverable">
<a class="navbar-link" href="#">Support</a>
<div class="navbar-dropdown">
<span class="navbar-item navbar-heading">Contact</span>
<a class="navbar-item" href="../../docs/2.0.0-M6/support/slack-channel.html">Slack</a>
<a class="navbar-item" href="../../docs/2.0.0-M6/support/mailing-list.html">Mailing Lists</a>
<a class="navbar-item" href="https://issues.apache.org/jira/browse/ISIS">JIRA</a>
<a class="navbar-item" href="https://stackoverflow.com/questions/tagged/isis">Stack Overflow</a>
<hr class="navbar-divider"/>
<span class="navbar-item navbar-heading">Releases</span>
<a class="navbar-item" href="../../docs/2.0.0-M6/downloads/how-to.html">Downloads</a>
<a class="navbar-item" href="../../relnotes/2.0.0-M6/about.html">Release Notes</a>
<a class="navbar-item" href="../../docs/2.0.0-M6/archive/1-x.html">Archive (1.x)</a>
<hr class="navbar-divider"/>
<span class="navbar-item navbar-heading">Framework</span>
<a class="navbar-item" href="../../conguide/2.0.0-M6/about.html">Contributors' Guide</a>
<a class="navbar-item" href="../../comguide/2.0.0-M6/about.html">Committers' Guide</a>
<a class="navbar-item" href="../../core/2.0.0-M6/about.html">Core Design</a>
</div>
</div>
<div class="navbar-item has-dropdown is-hoverable">
<a class="navbar-link" href="#">ASF</a>
<div class="navbar-dropdown">
<a class="navbar-item" href="http://www.apache.org/">Apache Homepage</a>
<a class="navbar-item" href="https://www.apache.org/events/current-event">Events</a>
<a class="navbar-item" href="https://www.apache.org/licenses/">Licenses</a>
<a class="navbar-item" href="https://www.apache.org/security/">Security</a>
<a class="navbar-item" href="https://www.apache.org/foundation/sponsorship.html">Sponsorship</a>
<a class="navbar-item" href="https://www.apache.org/foundation/thanks.html">Thanks</a>
<hr class="navbar-divider"/>
<a class="navbar-item" href="https://whimsy.apache.org/board/minutes/Isis.html">PMC board minutes</a>
</div>
</div>
<a class="navbar-item" href="../../docs/2.0.0-M6/about.html">
<span class="icon">
<img src="../../_/img/home.png"></img>
</span>
</a>
</div>
</div>
</nav>
</header>
<div class="body ">
<div class="nav-container" data-component="security" data-version="2.0.0-M6">
<aside class="nav">
<div class="panels">
<div class="nav-panel-pagination">
<a class="page-previous disabled" rel="prev" href="" title=""><span></span></a>
<a class="page-next" rel="next"
href="core/about.html" title="Security Component SPI"><span></span></a>
<!--
page.parent doesn't seem to be set...
<a class="page-parent disabled" rel="prev" href="" title=""><span></span></a>
-->
</div>
<div class="nav-panel-menu is-active" data-panel="menu">
<nav class="nav-menu">
<h3 class="title"><a href="about.html">Security Guide</a></h3>
<ul class="nav-list">
<li class="nav-item" data-depth="0">
<ul class="nav-list">
<li class="nav-item" data-depth="1">
<a class="nav-link" href="core/about.html">Security Component SPI</a>
</li>
<li class="nav-item" data-depth="1">
<a class="nav-link" href="bypass/about.html">Bypass Implementation</a>
</li>
<li class="nav-item" data-depth="1">
<a class="nav-link" href="shiro/about.html">Shiro Implementation</a>
</li>
<li class="nav-item" data-depth="1">
<a class="nav-link" href="keycloak/about.html">Keycloak Implementation</a>
</li>
<li class="nav-item" data-depth="1">
<a class="nav-link" href="spring/about.html">Spring Implementation</a>
</li>
<li class="nav-item" data-depth="1">
<a class="nav-link" href="usage-by-isis-viewers.html">Usage by Isis Viewers</a>
</li>
<li class="nav-item" data-depth="1">
<button class="nav-item-toggle"></button>
<span class="nav-text">Extensions</span>
<ul class="nav-list">
<li class="nav-item" data-depth="2">
<a class="nav-link" href="shiro-realm-ldap/about.html">Shiro LDAP Realm</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="spring-oauth2/about.html">Spring OAuth2 Integration</a>
</li>
<li class="nav-item" data-depth="2">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="secman/about.html">SecMan</a>
<ul class="nav-list">
<li class="nav-item" data-depth="3">
<a class="nav-link" href="secman/setting-up.html">Setting up</a>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="secman/setting-up-with-shiro.html">Setting up with Shiro</a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="audit-trail/about.html">Audit Trail</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="session-log/about.html">Session Log</a>
</li>
</ul>
</li>
</ul>
</li>
</ul>
</nav>
</div>
<div class="nav-panel-explore" data-panel="explore">
<div class="context">
<span class="title">Security Guide</span>
<span class="version">2.0.0-M6</span>
</div>
<ul class="components">
<li class="component">
<span class="title"> </span>
<ul class="versions">
<li class="version is-latest">
<a href="../../docs/2.0.0-M6/about.html">2.0.0-M6</a>
</li>
<li class="version">
<a href="../../docs/2.0.0-M5/about.html">2.0.0-M5</a>
</li>
</ul>
</li>
<li class="component">
<span class="title">BC Mapping Libraries</span>
<ul class="versions">
<li class="version is-latest">
<a href="../../mappings/2.0.0-M6/about.html">2.0.0-M6</a>
</li>
<li class="version">
<a href="../../mappings/2.0.0-M5/about.html">2.0.0-M5</a>
</li>
</ul>
</li>
<li class="component">
<span class="title">Committers' Guide</span>
<ul class="versions">
<li class="version is-latest">
<a href="../../comguide/2.0.0-M6/about.html">2.0.0-M6</a>
</li>
<li class="version">
<a href="../../comguide/2.0.0-M5/about.html">2.0.0-M5</a>
</li>
</ul>
</li>
<li class="component">
<span class="title">Contributors' Guide</span>
<ul class="versions">
<li class="version is-latest">
<a href="../../conguide/2.0.0-M6/about.html">2.0.0-M6</a>
</li>
<li class="version">
<a href="../../conguide/2.0.0-M5/about.html">2.0.0-M5</a>
</li>
</ul>
</li>
<li class="component">
<span class="title">Design Docs</span>
<ul class="versions">
<li class="version is-latest">
<a href="../../core/2.0.0-M6/about.html">2.0.0-M6</a>
</li>
<li class="version">
<a href="../../core/2.0.0-M5/about.html">2.0.0-M5</a>
</li>
</ul>
</li>
<li class="component">
<span class="title">Extensions Catalog</span>
<ul class="versions">
<li class="version is-latest">
<a href="../../extensions/2.0.0-M6/about.html">2.0.0-M6</a>
</li>
<li class="version">
<a href="../../extensions/2.0.0-M5/about.html">2.0.0-M5</a>
</li>
</ul>
</li>
<li class="component">
<span class="title">Incubator Catalog</span>
<ul class="versions">
<li class="version is-latest">
<a href="../../incubator/2.0.0-M6/about.html">2.0.0-M6</a>
</li>
<li class="version">
<a href="../../incubator/2.0.0-M5/about.html">2.0.0-M5</a>
</li>
</ul>
</li>
<li class="component">
<span class="title">JDO/DataNucleus</span>
<ul class="versions">
<li class="version is-latest">
<a href="../../pjdo/2.0.0-M6/about.html">2.0.0-M6</a>
</li>
<li class="version">
<a href="../../pjdo/2.0.0-M5/about.html">2.0.0-M5</a>
</li>
</ul>
</li>
<li class="component">
<span class="title">JPA</span>
<ul class="versions">
<li class="version is-latest">
<a href="../../pjpa/2.0.0-M6/about.html">2.0.0-M6</a>
</li>
<li class="version">
<a href="../../pjpa/2.0.0-M5/about.html">2.0.0-M5</a>
</li>
</ul>
</li>
<li class="component">
<span class="title">Reference Guide</span>
<ul class="versions">
<li class="version is-latest">
<a href="../../refguide/2.0.0-M6/about.html">2.0.0-M6</a>
</li>
<li class="version">
<a href="../../refguide/2.0.0-M5/about.html">2.0.0-M5</a>
</li>
</ul>
</li>
<li class="component">
<span class="title">Release Notes</span>
<ul class="versions">
<li class="version is-latest">
<a href="../../relnotes/2.0.0-M6/about.html">2.0.0-M6</a>
</li>
<li class="version">
<a href="../../relnotes/2.0.0-M5/about.html">2.0.0-M5</a>
</li>
</ul>
</li>
<li class="component">
<span class="title">REST API (Restful Objects Viewer)</span>
<ul class="versions">
<li class="version is-latest">
<a href="../../vro/2.0.0-M6/about.html">2.0.0-M6</a>
</li>
<li class="version">
<a href="../../vro/2.0.0-M5/about.html">2.0.0-M5</a>
</li>
</ul>
</li>
<li class="component is-current">
<span class="title">Security Guide</span>
<ul class="versions">
<li class="version is-current is-latest">
<a href="about.html">2.0.0-M6</a>
</li>
<li class="version">
<a href="../2.0.0-M5/about.html">2.0.0-M5</a>
</li>
</ul>
</li>
<li class="component">
<span class="title">Setup Guide</span>
<ul class="versions">
<li class="version is-latest">
<a href="../../setupguide/2.0.0-M6/about.html">2.0.0-M6</a>
</li>
<li class="version">
<a href="../../setupguide/2.0.0-M5/about.html">2.0.0-M5</a>
</li>
</ul>
</li>
<li class="component">
<span class="title">Subdomains Catalog</span>
<ul class="versions">
<li class="version is-latest">
<a href="../../subdomains/2.0.0-M6/about.html">2.0.0-M6</a>
</li>
<li class="version">
<a href="../../subdomains/2.0.0-M5/about.html">2.0.0-M5</a>
</li>
</ul>
</li>
<li class="component">
<span class="title">Testing Guide</span>
<ul class="versions">
<li class="version is-latest">
<a href="../../testing/2.0.0-M6/about.html">2.0.0-M6</a>
</li>
<li class="version">
<a href="../../testing/2.0.0-M5/about.html">2.0.0-M5</a>
</li>
</ul>
</li>
<li class="component">
<span class="title">Tooling</span>
<ul class="versions">
<li class="version is-latest">
<a href="../../tooling/2.0.0-M6/about.html">2.0.0-M6</a>
</li>
<li class="version">
<a href="../../tooling/2.0.0-M5/about.html">2.0.0-M5</a>
</li>
</ul>
</li>
<li class="component">
<span class="title">User Guide</span>
<ul class="versions">
<li class="version is-latest">
<a href="../../userguide/2.0.0-M6/about.html">2.0.0-M6</a>
</li>
<li class="version">
<a href="../../userguide/2.0.0-M5/about.html">2.0.0-M5</a>
</li>
</ul>
</li>
<li class="component">
<span class="title">Value Types Catalog</span>
<ul class="versions">
<li class="version is-latest">
<a href="../../valuetypes/2.0.0-M6/about.html">2.0.0-M6</a>
</li>
<li class="version">
<a href="../../valuetypes/2.0.0-M5/about.html">2.0.0-M5</a>
</li>
</ul>
</li>
<li class="component">
<span class="title">Web UI (Wicket Viewer)</span>
<ul class="versions">
<li class="version is-latest">
<a href="../../vw/2.0.0-M6/about.html">2.0.0-M6</a>
</li>
<li class="version">
<a href="../../vw/2.0.0-M5/about.html">2.0.0-M5</a>
</li>
</ul>
</li>
</ul>
</div>
</div>
</aside>
</div>
<main role="main">
<div class="toolbar" role="navigation">
<button class="nav-toggle"></button>
<a href="../../docs/2.0.0-M6/about.html" class="home-link"></a>
<nav class="breadcrumbs" aria-label="breadcrumbs">
<ul>
<li><a href="about.html">Security Guide</a></li>
<li><a href="about.html">Security</a></li>
</ul>
</nav>
<div class="page-versions">
<button class="version-menu-toggle" title="Show other versions of page">2.0.0-M6</button>
<div class="version-menu">
<a class="version is-current" href="about.html">2.0.0-M6</a>
<a class="version" href="../2.0.0-M5/about.html">2.0.0-M5</a>
</div>
</div>
<div class="edit-this-page"><a href="https://github.com/apache/isis/edit/2.0.0-M6/security/adoc/modules/ROOT/pages/about.adoc">Edit</a></div>
</div>
<article class="doc">
<a name="section-top"></a>
<h1 class="page">Security</h1>
<div id="preamble">
<div class="sectionbody">
<div class="paragraph">
<p>This guide describes how to secure your Apache Isis application by configuring an appropriate implementation of its authentication and authorization SPIs.</p>
</div>
</div>
</div>
<div class="sect1">
<h2 id="security-architecture"><a class="anchor" href="#security-architecture"></a>Security Architecture</h2>
<div class="sectionbody">
<div class="paragraph">
<p>Apache Isis defines an SPI for both authentication and authorization:</p>
</div>
<div class="ulist">
<ul>
<li>
<p>By "authentication" we mean logging into the application using some credentials, typically a username and password.
Authentication also means looking up the set of roles to which a user belongs.</p>
<div class="paragraph">
<p>The framework allows for different authentication mechanisms through the <a href="../../refguide/2.0.0-M6/core/index/security/authentication/Authenticator.html" class="page">Authenticator</a> SPI.
.</p>
</div>
</li>
<li>
<p>By "authorization" we mean permissions: granting roles to have access to features (domain object members) of the app, and granting users to those roles.</p>
<div class="paragraph">
<p>The framework allows for different authorization mechanisms through the <a href="../../refguide/2.0.0-M6/core/index/security/authorization/Authorizor.html" class="page">Authorizor</a> SPI.</p>
</div>
</li>
</ul>
</div>
<div class="paragraph">
<p>There are several implementations of these SPIs to choose from; these make up the bulk of this guide.</p>
</div>
<div class="ulist">
<ul>
<li>
<p><a href="bypass/about.html" class="page">Bypass Implementation</a></p>
</li>
<li>
<p><a href="shiro/about.html" class="page">Shiro Implementation</a></p>
</li>
<li>
<p><a href="keycloak/about.html" class="page">Keycloak Implementation</a></p>
</li>
<li>
<p><a href="spring/about.html" class="page">Spring Implementation</a></p>
</li>
</ul>
</div>
</div>
</div>
<div class="sect1">
<h2 id="permissions"><a class="anchor" href="#permissions"></a>Permissions</h2>
<div class="sectionbody">
<div class="paragraph">
<p>The <a href="../../refguide/2.0.0-M6/core/index/security/authorization/Authorizor.html" class="page">Authorizor</a> SPI defines two types of permissions:</p>
</div>
<div class="ulist">
<ul>
<li>
<p><em>Read</em> permission means that the user can view the object member; it will be rendered in the UI.</p>
<div class="paragraph">
<p>An action with only read permission will be shown disabled ("greyed out"); a property with read-only permission cannot be edited.</p>
</div>
</li>
<li>
<p><em>Write</em> permission means that the object member can be changed.</p>
<div class="paragraph">
<p>For actions this means that they can be invoked.</p>
</div>
</li>
</ul>
</div>
<div class="paragraph">
<p>If there is neither <em>read</em> nor <em>write</em> permissions then the feature will be invisible to the user.</p>
</div>
</div>
</div>
<div class="sect1">
<h2 id="auditing"><a class="anchor" href="#auditing"></a>Auditing</h2>
<div class="sectionbody">
<div class="paragraph">
<p>A further aspect of security is auditing: recording what data was modified by which user.</p>
</div>
<div class="paragraph">
<p>Apache Isis provides the <a href="#refguide:applib:index/services/iactn/InteractionContext.adoc" class="page unresolved">InteractionContext</a> can be used to track the actions being invoked, and the <a href="../../refguide/2.0.0-M6/applib/index/services/publishing/spi/EntityPropertyChangeSubscriber.html" class="page">EntityPropertyChangeSubscriber</a> captures what data was modified as a result (auditing).
When <a href="../../refguide/2.0.0-M6/applib/index/services/iactn/Interaction.html" class="page">Interaction</a>s are persisted (eg by way of the <a href="../../mappings/2.0.0-M6/outbox-publisher/about.html" class="page">Outbox Publisher</a> mapping module) then this provides excellent traceability.
The <a href="audit-trail/about.html" class="page">Audit Trail</a> module provides an implementation of the <a href="../../refguide/2.0.0-M6/applib/index/services/publishing/spi/EntityPropertyChangeSubscriber.html" class="page">EntityPropertyChangeSubscriber</a> that persists audit entries to the database.</p>
</div>
<div class="paragraph">
<p>For <a href="../../refguide/2.0.0-M6/applib/index/services/publishing/spi/CommandSubscriber.html" class="page">CommandSubscriber</a> SPI can be also be used to capture actions.
The <a href="../../userguide/2.0.0-M6/command-log/about.html" class="page">Command Log</a> extension provides a simple implementation of this SPI.</p>
</div>
</div>
</div>
<div class="sect1">
<h2 id="programmers-api"><a class="anchor" href="#programmers-api"></a>Programmers' API</h2>
<div class="sectionbody">
<div class="paragraph">
<p>Generally speaking your domain objects (or more generally your application) should be agnostic of the user/roles that are interacting with them; applying security permissions is the responsibility of the framework.</p>
</div>
<div class="paragraph">
<p>If you need to determine the identity of the current user, you can usually use Apache Isis' <a href="../../refguide/2.0.0-M6/applib/index/services/user/UserService.html" class="page">UserService</a> API, in the form of <a href="../../refguide/2.0.0-M6/applib/index/services/user/UserMemento.html" class="page">UserMemento</a>.</p>
</div>
<div class="paragraph">
<p>For example:</p>
</div>
<div class="listingblock">
<div class="content">
<pre class="highlightjs highlight"><code class="language-java hljs" data-lang="java">final UserMemento user = userService.getUser();
final List&lt;RoleMemento&gt; roles = user.getRoles();
for (RoleMemento role : roles) {
String roleName = role.getName();
...
}</code></pre>
</div>
</div>
<div class="paragraph">
<p>Each role&#8217;s <code>name</code> property encodes both the realm that provided the role, and the role identity itself.</p>
</div>
<div class="paragraph">
<p>If using the <a href="../../vw/2.0.0-M6/about.html" class="page">Wicket viewer</a>, then note there will also be another role which is used internally (namely <code>org.apache.isis.viewer.wicket.roles.USER</code>).</p>
</div>
</div>
</div>
<div class="sect1">
<h2 id="extensions"><a class="anchor" href="#extensions"></a>Extensions</h2>
<div class="sectionbody">
<div class="paragraph">
<p>In addition to the security SPI implementations, there are a number of security-related extesions.</p>
</div>
<div class="paragraph">
<p>The most significant of these is probably <a href="secman/about.html" class="page">SecMan</a>, which uses a database of users, roles and permission entities (either <a href="../../pjpa/2.0.0-M6/about.html" class="page">JPA</a> or <a href="../../pjdo/2.0.0-M6/about.html" class="page">JDO</a>) to manage authorisation.
As these users, roles and permissions are domain objects, they can be administered through Apache Isis itself.</p>
</div>
</div>
</div>
</article>
<aside class="article-aside toc hide-for-print" role="navigation">
<p class="toc-title">On this page</p>
<div id="article-toc"></div>
</aside>
</main>
</div>
<footer class="footer">
<div class="content">
<div class="copyright">
<p>
Copyright © 2010~2021 The Apache Software Foundation, licensed under the Apache License, v2.0.
<br/>
Apache, the Apache feather logo, Apache Isis, and the Apache Isis project logo are all trademarks of The Apache Software Foundation.
</p>
</div>
<div class="revision">
<p>Revision: 2.0.0-M6-site-build.20210826-1021</p>
</div>
</div>
</footer>
<script src="../../_/js/site.js"></script>
<script async src="../../_/js/vendor/highlight.js"></script>
<script src="../../_/js/vendor/jquery-3.4.1.min.js"></script>
<script src="../../_/js/vendor/jquery-ui-1.12.1.custom.widget-only.min.js"></script>
<script src="../../_/js/vendor/jquery.tocify.min.js"></script>
<script>
$(function() {
$("#article-toc").tocify( {
showEffect: "slideDown",
hashGenerator: "pretty",
hideEffect: "slideUp",
selectors: "h2, h3",
scrollTo: 120,
smoothScroll: true,
theme: "jqueryui",
highlightOnScroll: true
} );
});
</script>
<script src="https://cdn.jsdelivr.net/npm/docsearch.js@2/dist/cdn/docsearch.min.js"></script>
<script>
function focusSearchInput () { document.querySelector('#algolia-search-input').focus() }
var search = docsearch({
appId: '5ISP5TFAEN',
apiKey: '0fc51c28b4ad46e7318e96d4e97fab7c',
indexName: 'isis-apache-org',
inputSelector: '#algolia-search-input',
autocompleteOptions: { hint: false, keyboardShortcuts: ['s'] },
debug: false,
}).autocomplete
search.on('autocomplete:closed', function () { search.autocomplete.setVal() })
focusSearchInput()
window.addEventListener('load', focusSearchInput);
</script>
<!--
docsearch options:
https://docsearch.algolia.com/docs/behavior/
-->
<!--
https://www.algolia.com/doc/api-reference/api-parameters/
algoliaOptions: { hitsPerPage: 6 },
-->
</body>
</html>