| <!DOCTYPE html> |
| <html lang="en"> |
| <head> |
| <meta charset="utf-8"> |
| <meta name="viewport" content="width=device-width,initial-scale=1"> |
| <title>Usage by Apache Isis' Viewers :: Apache Isis</title> |
| <link rel="canonical" href="https://isis.apache.org/security/2.0.0-M6/usage-by-isis-viewers.html"> |
| <meta name="generator" content="Antora 2.3.4"> |
| <link rel="stylesheet" href="../../_/css/site.css"> |
| <link rel="stylesheet" href="../../_/css/site-custom.css"> |
| <link href="https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,700,700i|Raleway:300,400,500,700,800|Montserrat:300,400,700" rel="stylesheet"> |
| <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/docsearch.js@2/dist/cdn/docsearch.min.css"/> |
| <link rel="home" href="https://isis.apache.org" title="Apache Isis"> |
| <link rel="next" href="shiro-realm-ldap/about.html" title="Shiro LDAP Realm"> |
| <link rel="prev" href="spring/about.html" title="Spring Implementation"> |
| </head> |
| <body class="article"> |
| <header class="header"> |
| <nav class="navbar"> |
| <div class="navbar-brand"> |
| <a class="navbar-item" href="https://isis.apache.org"> |
| <span class="icon"> |
| <img src="../../_/img/isis-logo-48x48.png"></img> |
| </span> |
| <span>Apache Isis</span> |
| </a> |
| <button class="navbar-burger" data-target="topbar-nav"> |
| <span></span> |
| <span></span> |
| <span></span> |
| </button> |
| </div> |
| <div id="topbar-nav" class="navbar-menu"> |
| <a class="navbar-end"> |
| <div class="navbar-item hide-for-print"> |
| <span> |
| <input id="algolia-search-input" placeholder="Search"></span> |
| </span> |
| </div> |
| <div class="navbar-item has-dropdown is-hoverable"> |
| <a class="navbar-link" href="#">Quick Start</a> |
| <div class="navbar-dropdown"> |
| <span class="navbar-item navbar-heading">Starter Apps</span> |
| <a class="navbar-item" href="../../docs/2.0.0-M6/starters/helloworld.html">Hello World</a> |
| <a class="navbar-item" href="../../docs/2.0.0-M6/starters/simpleapp.html">Simple App</a> |
| <hr class="navbar-divider"/> |
| <span class="navbar-item navbar-heading">Demos & Tutorials</span> |
| <a class="navbar-item" href="../../docs/2.0.0-M6/demo/about.html">Demo App</a> |
| <a class="navbar-item" href="https://danhaywood.gitlab.io/isis-petclinic-tutorial-docs/petclinic/1.16.2/intro.html">Petclinic (tutorial)</a> |
| <hr class="navbar-divider"/> |
| <span class="navbar-item navbar-heading">Resources</span> |
| <a class="navbar-item" href="../../docs/2.0.0-M6/resources/cheatsheet.html">Cheatsheet</a> |
| <a class="navbar-item" href="../../docs/2.0.0-M6/resources/icons.html">Icons</a> |
| </div> |
| </div> |
| <div class="navbar-item has-dropdown is-hoverable"> |
| <a class="navbar-link" href="#">Guides</a> |
| <div class="navbar-dropdown"> |
| <span class="navbar-item navbar-heading">Development</span> |
| <a class="navbar-item" href="../../setupguide/2.0.0-M6/about.html">Setup Guide</a> |
| <hr class="navbar-divider"/> |
| <span class="navbar-item navbar-heading">Core</span> |
| <a class="navbar-item" href="../../userguide/2.0.0-M6/about.html">User Guide</a> |
| <a class="navbar-item" href="../../refguide/2.0.0-M6/about.html">Reference Guide</a> |
| <a class="navbar-item" href="../../testing/2.0.0-M6/about.html">Testing Guide</a> |
| </div> |
| </div> |
| <div class="navbar-item has-dropdown is-hoverable"> |
| <a class="navbar-link" href="#">Components</a> |
| <div class="navbar-dropdown"> |
| <span class="navbar-item navbar-heading">Viewers</span> |
| <a class="navbar-item" href="../../vw/2.0.0-M6/about.html">Web UI (Wicket)</a> |
| <a class="navbar-item" href="../../vro/2.0.0-M6/about.html">REST API (Restful Objects)</a> |
| <hr class="navbar-divider"/> |
| <span class="navbar-item navbar-heading">Persistence</span> |
| <a class="navbar-item" href="../../pjpa/2.0.0-M6/about.html">JPA (EclipseLink)</a> |
| <a class="navbar-item" href="../../pjdo/2.0.0-M6/about.html">JDO (DataNucleus)</a> |
| <hr class="navbar-divider"/> |
| <span class="navbar-item navbar-heading">Security</span> |
| <a class="navbar-item" href="../../security/2.0.0-M6/about.html">Security Guide</a> |
| <hr class="navbar-divider"/> |
| </div> |
| </div> |
| <div class="navbar-item has-dropdown is-hoverable"> |
| <a class="navbar-link" href="#">Libraries</a> |
| <div class="navbar-dropdown"> |
| <span class="navbar-item navbar-heading">For Use in Apps</span> |
| <a class="navbar-item" href="../../subdomains/2.0.0-M6/about.html">Subdomain Libraries</a> |
| <a class="navbar-item" href="../../valuetypes/2.0.0-M6/about.html">Value Type Catalog</a> |
| <hr class="navbar-divider"/> |
| <span class="navbar-item navbar-heading">Integrate between Apps</span> |
| <a class="navbar-item" href="../../mappings/2.0.0-M6/about.html">Bounded Context Mapping Libraries</a> |
| <hr class="navbar-divider"/> |
| <span class="navbar-item navbar-heading">Extending the framework itself</span> |
| <a class="navbar-item" href="../../extensions/2.0.0-M6/about.html">Extensions Catalog</a> |
| </div> |
| </div> |
| <div class="navbar-item has-dropdown is-hoverable"> |
| <a class="navbar-link" href="#">Support</a> |
| <div class="navbar-dropdown"> |
| <span class="navbar-item navbar-heading">Contact</span> |
| <a class="navbar-item" href="../../docs/2.0.0-M6/support/slack-channel.html">Slack</a> |
| <a class="navbar-item" href="../../docs/2.0.0-M6/support/mailing-list.html">Mailing Lists</a> |
| <a class="navbar-item" href="https://issues.apache.org/jira/browse/ISIS">JIRA</a> |
| <a class="navbar-item" href="https://stackoverflow.com/questions/tagged/isis">Stack Overflow</a> |
| <hr class="navbar-divider"/> |
| <span class="navbar-item navbar-heading">Releases</span> |
| <a class="navbar-item" href="../../docs/2.0.0-M6/downloads/how-to.html">Downloads</a> |
| <a class="navbar-item" href="../../relnotes/2.0.0-M6/about.html">Release Notes</a> |
| <a class="navbar-item" href="../../docs/2.0.0-M6/archive/1-x.html">Archive (1.x)</a> |
| <hr class="navbar-divider"/> |
| <span class="navbar-item navbar-heading">Framework</span> |
| <a class="navbar-item" href="../../conguide/2.0.0-M6/about.html">Contributors' Guide</a> |
| <a class="navbar-item" href="../../comguide/2.0.0-M6/about.html">Committers' Guide</a> |
| <a class="navbar-item" href="../../core/2.0.0-M6/about.html">Core Design</a> |
| </div> |
| </div> |
| <div class="navbar-item has-dropdown is-hoverable"> |
| <a class="navbar-link" href="#">ASF</a> |
| <div class="navbar-dropdown"> |
| <a class="navbar-item" href="http://www.apache.org/">Apache Homepage</a> |
| <a class="navbar-item" href="https://www.apache.org/events/current-event">Events</a> |
| <a class="navbar-item" href="https://www.apache.org/licenses/">Licenses</a> |
| <a class="navbar-item" href="https://www.apache.org/security/">Security</a> |
| <a class="navbar-item" href="https://www.apache.org/foundation/sponsorship.html">Sponsorship</a> |
| <a class="navbar-item" href="https://www.apache.org/foundation/thanks.html">Thanks</a> |
| <hr class="navbar-divider"/> |
| <a class="navbar-item" href="https://whimsy.apache.org/board/minutes/Isis.html">PMC board minutes</a> |
| </div> |
| </div> |
| <a class="navbar-item" href="../../docs/2.0.0-M6/about.html"> |
| <span class="icon"> |
| <img src="../../_/img/home.png"></img> |
| </span> |
| </a> |
| </div> |
| </div> |
| </nav> |
| </header> |
| <div class="body "> |
| <div class="nav-container" data-component="security" data-version="2.0.0-M6"> |
| <aside class="nav"> |
| <div class="panels"> |
| <div class="nav-panel-pagination"> |
| <a class="page-previous" rel="prev" href="spring/about.html" title="Spring Implementation"><span></span></a> |
| <a class="page-next" rel="next" |
| href="shiro-realm-ldap/about.html" title="Shiro LDAP Realm"><span></span></a> |
| <!-- |
| page.parent doesn't seem to be set... |
| <a class="page-parent disabled" rel="prev" href="" title="Spring Implementation"><span></span></a> |
| --> |
| </div> |
| <div class="nav-panel-menu is-active" data-panel="menu"> |
| <nav class="nav-menu"> |
| <h3 class="title"><a href="about.html">Security Guide</a></h3> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="0"> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="1"> |
| <a class="nav-link" href="core/about.html">Security Component SPI</a> |
| </li> |
| <li class="nav-item" data-depth="1"> |
| <a class="nav-link" href="bypass/about.html">Bypass Implementation</a> |
| </li> |
| <li class="nav-item" data-depth="1"> |
| <a class="nav-link" href="shiro/about.html">Shiro Implementation</a> |
| </li> |
| <li class="nav-item" data-depth="1"> |
| <a class="nav-link" href="keycloak/about.html">Keycloak Implementation</a> |
| </li> |
| <li class="nav-item" data-depth="1"> |
| <a class="nav-link" href="spring/about.html">Spring Implementation</a> |
| </li> |
| <li class="nav-item is-current-page" data-depth="1"> |
| <a class="nav-link" href="usage-by-isis-viewers.html">Usage by Isis Viewers</a> |
| </li> |
| <li class="nav-item" data-depth="1"> |
| <button class="nav-item-toggle"></button> |
| <span class="nav-text">Extensions</span> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="shiro-realm-ldap/about.html">Shiro LDAP Realm</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="spring-oauth2/about.html">Spring OAuth2 Integration</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <button class="nav-item-toggle"></button> |
| <a class="nav-link" href="secman/about.html">SecMan</a> |
| <ul class="nav-list"> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="secman/setting-up.html">Setting up</a> |
| </li> |
| <li class="nav-item" data-depth="3"> |
| <a class="nav-link" href="secman/setting-up-with-shiro.html">Setting up with Shiro</a> |
| </li> |
| </ul> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="audit-trail/about.html">Audit Trail</a> |
| </li> |
| <li class="nav-item" data-depth="2"> |
| <a class="nav-link" href="session-log/about.html">Session Log</a> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| </nav> |
| </div> |
| <div class="nav-panel-explore" data-panel="explore"> |
| <div class="context"> |
| <span class="title">Security Guide</span> |
| <span class="version">2.0.0-M6</span> |
| </div> |
| <ul class="components"> |
| <li class="component"> |
| <span class="title"> </span> |
| <ul class="versions"> |
| <li class="version is-latest"> |
| <a href="../../docs/2.0.0-M6/about.html">2.0.0-M6</a> |
| </li> |
| <li class="version"> |
| <a href="../../docs/2.0.0-M5/about.html">2.0.0-M5</a> |
| </li> |
| </ul> |
| </li> |
| <li class="component"> |
| <span class="title">BC Mapping Libraries</span> |
| <ul class="versions"> |
| <li class="version is-latest"> |
| <a href="../../mappings/2.0.0-M6/about.html">2.0.0-M6</a> |
| </li> |
| <li class="version"> |
| <a href="../../mappings/2.0.0-M5/about.html">2.0.0-M5</a> |
| </li> |
| </ul> |
| </li> |
| <li class="component"> |
| <span class="title">Committers' Guide</span> |
| <ul class="versions"> |
| <li class="version is-latest"> |
| <a href="../../comguide/2.0.0-M6/about.html">2.0.0-M6</a> |
| </li> |
| <li class="version"> |
| <a href="../../comguide/2.0.0-M5/about.html">2.0.0-M5</a> |
| </li> |
| </ul> |
| </li> |
| <li class="component"> |
| <span class="title">Contributors' Guide</span> |
| <ul class="versions"> |
| <li class="version is-latest"> |
| <a href="../../conguide/2.0.0-M6/about.html">2.0.0-M6</a> |
| </li> |
| <li class="version"> |
| <a href="../../conguide/2.0.0-M5/about.html">2.0.0-M5</a> |
| </li> |
| </ul> |
| </li> |
| <li class="component"> |
| <span class="title">Design Docs</span> |
| <ul class="versions"> |
| <li class="version is-latest"> |
| <a href="../../core/2.0.0-M6/about.html">2.0.0-M6</a> |
| </li> |
| <li class="version"> |
| <a href="../../core/2.0.0-M5/about.html">2.0.0-M5</a> |
| </li> |
| </ul> |
| </li> |
| <li class="component"> |
| <span class="title">Extensions Catalog</span> |
| <ul class="versions"> |
| <li class="version is-latest"> |
| <a href="../../extensions/2.0.0-M6/about.html">2.0.0-M6</a> |
| </li> |
| <li class="version"> |
| <a href="../../extensions/2.0.0-M5/about.html">2.0.0-M5</a> |
| </li> |
| </ul> |
| </li> |
| <li class="component"> |
| <span class="title">Incubator Catalog</span> |
| <ul class="versions"> |
| <li class="version is-latest"> |
| <a href="../../incubator/2.0.0-M6/about.html">2.0.0-M6</a> |
| </li> |
| <li class="version"> |
| <a href="../../incubator/2.0.0-M5/about.html">2.0.0-M5</a> |
| </li> |
| </ul> |
| </li> |
| <li class="component"> |
| <span class="title">JDO/DataNucleus</span> |
| <ul class="versions"> |
| <li class="version is-latest"> |
| <a href="../../pjdo/2.0.0-M6/about.html">2.0.0-M6</a> |
| </li> |
| <li class="version"> |
| <a href="../../pjdo/2.0.0-M5/about.html">2.0.0-M5</a> |
| </li> |
| </ul> |
| </li> |
| <li class="component"> |
| <span class="title">JPA</span> |
| <ul class="versions"> |
| <li class="version is-latest"> |
| <a href="../../pjpa/2.0.0-M6/about.html">2.0.0-M6</a> |
| </li> |
| <li class="version"> |
| <a href="../../pjpa/2.0.0-M5/about.html">2.0.0-M5</a> |
| </li> |
| </ul> |
| </li> |
| <li class="component"> |
| <span class="title">Reference Guide</span> |
| <ul class="versions"> |
| <li class="version is-latest"> |
| <a href="../../refguide/2.0.0-M6/about.html">2.0.0-M6</a> |
| </li> |
| <li class="version"> |
| <a href="../../refguide/2.0.0-M5/about.html">2.0.0-M5</a> |
| </li> |
| </ul> |
| </li> |
| <li class="component"> |
| <span class="title">Release Notes</span> |
| <ul class="versions"> |
| <li class="version is-latest"> |
| <a href="../../relnotes/2.0.0-M6/about.html">2.0.0-M6</a> |
| </li> |
| <li class="version"> |
| <a href="../../relnotes/2.0.0-M5/about.html">2.0.0-M5</a> |
| </li> |
| </ul> |
| </li> |
| <li class="component"> |
| <span class="title">REST API (Restful Objects Viewer)</span> |
| <ul class="versions"> |
| <li class="version is-latest"> |
| <a href="../../vro/2.0.0-M6/about.html">2.0.0-M6</a> |
| </li> |
| <li class="version"> |
| <a href="../../vro/2.0.0-M5/about.html">2.0.0-M5</a> |
| </li> |
| </ul> |
| </li> |
| <li class="component is-current"> |
| <span class="title">Security Guide</span> |
| <ul class="versions"> |
| <li class="version is-current is-latest"> |
| <a href="about.html">2.0.0-M6</a> |
| </li> |
| <li class="version"> |
| <a href="../2.0.0-M5/about.html">2.0.0-M5</a> |
| </li> |
| </ul> |
| </li> |
| <li class="component"> |
| <span class="title">Setup Guide</span> |
| <ul class="versions"> |
| <li class="version is-latest"> |
| <a href="../../setupguide/2.0.0-M6/about.html">2.0.0-M6</a> |
| </li> |
| <li class="version"> |
| <a href="../../setupguide/2.0.0-M5/about.html">2.0.0-M5</a> |
| </li> |
| </ul> |
| </li> |
| <li class="component"> |
| <span class="title">Subdomains Catalog</span> |
| <ul class="versions"> |
| <li class="version is-latest"> |
| <a href="../../subdomains/2.0.0-M6/about.html">2.0.0-M6</a> |
| </li> |
| <li class="version"> |
| <a href="../../subdomains/2.0.0-M5/about.html">2.0.0-M5</a> |
| </li> |
| </ul> |
| </li> |
| <li class="component"> |
| <span class="title">Testing Guide</span> |
| <ul class="versions"> |
| <li class="version is-latest"> |
| <a href="../../testing/2.0.0-M6/about.html">2.0.0-M6</a> |
| </li> |
| <li class="version"> |
| <a href="../../testing/2.0.0-M5/about.html">2.0.0-M5</a> |
| </li> |
| </ul> |
| </li> |
| <li class="component"> |
| <span class="title">Tooling</span> |
| <ul class="versions"> |
| <li class="version is-latest"> |
| <a href="../../tooling/2.0.0-M6/about.html">2.0.0-M6</a> |
| </li> |
| <li class="version"> |
| <a href="../../tooling/2.0.0-M5/about.html">2.0.0-M5</a> |
| </li> |
| </ul> |
| </li> |
| <li class="component"> |
| <span class="title">User Guide</span> |
| <ul class="versions"> |
| <li class="version is-latest"> |
| <a href="../../userguide/2.0.0-M6/about.html">2.0.0-M6</a> |
| </li> |
| <li class="version"> |
| <a href="../../userguide/2.0.0-M5/about.html">2.0.0-M5</a> |
| </li> |
| </ul> |
| </li> |
| <li class="component"> |
| <span class="title">Value Types Catalog</span> |
| <ul class="versions"> |
| <li class="version is-latest"> |
| <a href="../../valuetypes/2.0.0-M6/about.html">2.0.0-M6</a> |
| </li> |
| <li class="version"> |
| <a href="../../valuetypes/2.0.0-M5/about.html">2.0.0-M5</a> |
| </li> |
| </ul> |
| </li> |
| <li class="component"> |
| <span class="title">Web UI (Wicket Viewer)</span> |
| <ul class="versions"> |
| <li class="version is-latest"> |
| <a href="../../vw/2.0.0-M6/about.html">2.0.0-M6</a> |
| </li> |
| <li class="version"> |
| <a href="../../vw/2.0.0-M5/about.html">2.0.0-M5</a> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| </div> |
| </div> |
| </aside> |
| </div> |
| <main role="main"> |
| <div class="toolbar" role="navigation"> |
| <button class="nav-toggle"></button> |
| <a href="../../docs/2.0.0-M6/about.html" class="home-link"></a> |
| <nav class="breadcrumbs" aria-label="breadcrumbs"> |
| <ul> |
| <li><a href="about.html">Security Guide</a></li> |
| <li><a href="usage-by-isis-viewers.html">Usage by Isis Viewers</a></li> |
| </ul> |
| </nav> |
| <div class="page-versions"> |
| <button class="version-menu-toggle" title="Show other versions of page">2.0.0-M6</button> |
| <div class="version-menu"> |
| <a class="version is-current" href="usage-by-isis-viewers.html">2.0.0-M6</a> |
| <a class="version" href="../2.0.0-M5/usage-by-isis-viewers.html">2.0.0-M5</a> |
| </div> |
| </div> |
| <div class="edit-this-page"><a href="https://github.com/apache/isis/edit/2.0.0-M6/security/adoc/modules/ROOT/pages/usage-by-isis-viewers.adoc">Edit</a></div> |
| </div> |
| <article class="doc"> |
| <a name="section-top"></a> |
| <h1 class="page">Usage by Apache Isis' Viewers</h1> |
| <div id="preamble"> |
| <div class="sectionbody"> |
| <div class="paragraph"> |
| <p>By and large the security mechanisms within Isis are transparent to the rest of the framework. |
| That said, it is the responsibility of the viewers to ensure that for each request there is a valid user session present. |
| The sections below explain how this works.</p> |
| </div> |
| <div class="admonitionblock note"> |
| <table> |
| <tr> |
| <td class="icon"> |
| <i class="fa icon-note" title="Note"></i> |
| </td> |
| <td class="content"> |
| the content below also appears in the respective user guides for the <a href="../../vw/2.0.0-M6/about.html" class="page">Web UI (Wicket viewer)</a> and the <a href="../../vro/2.0.0-M6/about.html" class="page">REST API (Restful Objects viewer)</a>. |
| </td> |
| </tr> |
| </table> |
| </div> |
| </div> |
| </div> |
| <div class="sect1"> |
| <h2 id="wicket-viewer"><a class="anchor" href="#wicket-viewer"></a>Wicket Viewer</h2> |
| <div class="sectionbody"> |
| <div class="paragraph"> |
| <p>The <a href="../../vw/2.0.0-M6/about.html" class="page">Web UI (Wicket viewer)</a> defines a relatively small number of pages (subclasses of <code>org.apache.wicket.markup.html.WebPage</code>). |
| There are two main groups:</p> |
| </div> |
| <div class="ulist"> |
| <ul> |
| <li> |
| <p>subclasses of <code>PageAbstract</code>, and</p> |
| </li> |
| <li> |
| <p>subclasses of <code>AccountManagementPageAbstract</code></p> |
| </li> |
| </ul> |
| </div> |
| <div class="paragraph"> |
| <p>The subclasses of <code>PageAbstract</code> are annotated with the Wicket annotation:</p> |
| </div> |
| <div class="listingblock"> |
| <div class="content"> |
| <pre class="highlightjs highlight"><code class="language-java hljs" data-lang="java">@AuthorizeInstantiation("org.apache.isis.viewer.wicket.roles.USER")</code></pre> |
| </div> |
| </div> |
| <div class="paragraph"> |
| <p>which means that they can only be accessed by a user with an authenticated session that has this special, reserved role. |
| If not, Wicket will automatically redirect the user to the sign-in page.</p> |
| </div> |
| <div class="paragraph"> |
| <p>In the sign-in page the viewer calls to the <a href="../../refguide/2.0.0-M6/core/index/security/authentication/Authenticator.html" class="page">Authenticator</a> API, and obtains back a user/role. |
| It also adds in its special reserved role (per the annotation above) and then continues on to whichever page the user was attempting to access (usually the home page).</p> |
| </div> |
| <div class="paragraph"> |
| <p>And that’s really all there is to it. |
| When the viewer renders a domain object it queries the Apache Isis metamodel, and suppresses from the view any object members (properties, actions etc) that are invisible. |
| These may be invisible because the user has no (read ) permission, or they may be invisible because of domain object logic (eg a <code>hideXxx()</code> method). |
| The viewer neither knows nor cares.</p> |
| </div> |
| <div class="paragraph"> |
| <p>Similarly, for those object members that <em>are</em> visible, the viewer also checks if they are enabled or disabled. |
| Again, an object member will be disabled if the user does not have (write) permission, or it could be disabled because of domain object logic (eg a <code>disableXxx()</code> method).</p> |
| </div> |
| <div class="sect2"> |
| <h3 id="vw-user-registration"><a class="anchor" href="#vw-user-registration"></a>User-registration</h3> |
| <div class="paragraph"> |
| <p>As well as providing a sign-in screen, the Wicket viewer also provides the ability for users to self-register. |
| By and large this operates outside of Apache Isis' security mechanisms; indeed the various pages (sign-up, sign-up verification, password reset) are all rendered <em>without</em> there being any current user session. |
| These pages all "reach inside" Apache Isis framework in order to actually do their stuff.</p> |
| </div> |
| <div class="paragraph"> |
| <p>User registration is only available if the <a href="../../refguide/2.0.0-M6/applib/index/services/userreg/UserRegistrationService.html" class="page">UserRegistrationService</a> is configured; this is used by the framework to actually create new instances of the user as accessed by the corresponding (Shiro) realm.</p> |
| </div> |
| <div class="paragraph"> |
| <p>Because Shiro realms are pluggable, the Apache Isis framework does not provide default implementations of this service. |
| However, if you are using the <a href="about.html" class="page">SecMan extension</a>, then this module <em>does</em> provide an implementation (that, as you might expect, creates new "user" domain entities).</p> |
| </div> |
| </div> |
| </div> |
| </div> |
| <div class="sect1"> |
| <h2 id="restful-objects-viewer"><a class="anchor" href="#restful-objects-viewer"></a>Restful Objects Viewer</h2> |
| <div class="sectionbody"> |
| <div class="paragraph"> |
| <p>The <a href="../../vro/2.0.0-M6/about.html" class="page">REST API (Restful Objects viewer)</a> does <strong>not</strong> provide a login page. |
| Instead it defines the authentication strategy SPI, delegated to by a filter. |
| (For more detail on how this is wired together, see the implementation of the <a href="../../refguide/2.0.0-M6/viewer/index/restfulobjects/jaxrsresteasy4/webmodule/WebModuleJaxrsResteasy4.html" class="page">WebModuleJaxrsResteasy4</a> web module service).</p> |
| </div> |
| <div class="paragraph"> |
| <p>The SPI is:</p> |
| </div> |
| <div class="ulist"> |
| <ul> |
| <li> |
| <p><a href="../../refguide/2.0.0-M6/viewer/index/restfulobjects/viewer/webmodule/auth/AuthenticationStrategy.html" class="page">AuthenticationStrategy</a></p> |
| </li> |
| </ul> |
| </div> |
| <div class="paragraph"> |
| <p>where <a href="#refguide:core:index/security/authentication/Authentication.adoc" class="page unresolved">Authentication</a> represents a signed-on user.</p> |
| </div> |
| <div class="paragraph"> |
| <p>The strategy is defined using this configuration property:</p> |
| </div> |
| <div class="ulist"> |
| <ul> |
| <li> |
| <p><a href="../../refguide/2.0.0-M6/config/sections/isis.viewer.restfulobjects.html#isis.viewer.restfulobjects.authentication.strategy-class-name" class="page">isis.viewer.restfulobjects.authentication.strategy-class-name</a></p> |
| </li> |
| </ul> |
| </div> |
| <div class="paragraph"> |
| <p>The framework currently provides only HTTP Basic Auth support as a simple implementation, this is also the default strategy if none is explicitly configured.</p> |
| </div> |
| </div> |
| </div> |
| </article> |
| <aside class="article-aside toc hide-for-print" role="navigation"> |
| <p class="toc-title">On this page</p> |
| <div id="article-toc"></div> |
| </aside> |
| </main> |
| </div> |
| <footer class="footer"> |
| <div class="content"> |
| <div class="copyright"> |
| <p> |
| Copyright © 2010~2021 The Apache Software Foundation, licensed under the Apache License, v2.0. |
| <br/> |
| Apache, the Apache feather logo, Apache Isis, and the Apache Isis project logo are all trademarks of The Apache Software Foundation. |
| </p> |
| </div> |
| <div class="revision"> |
| <p>Revision: 2.0.0-M6-site-build.20210826-1021</p> |
| </div> |
| </div> |
| </footer> |
| <script src="../../_/js/site.js"></script> |
| <script async src="../../_/js/vendor/highlight.js"></script> |
| <script src="../../_/js/vendor/jquery-3.4.1.min.js"></script> |
| <script src="../../_/js/vendor/jquery-ui-1.12.1.custom.widget-only.min.js"></script> |
| <script src="../../_/js/vendor/jquery.tocify.min.js"></script> |
| |
| <script> |
| $(function() { |
| $("#article-toc").tocify( { |
| showEffect: "slideDown", |
| hashGenerator: "pretty", |
| hideEffect: "slideUp", |
| selectors: "h2, h3", |
| scrollTo: 120, |
| smoothScroll: true, |
| theme: "jqueryui", |
| highlightOnScroll: true |
| } ); |
| }); |
| </script> |
| |
| <script src="https://cdn.jsdelivr.net/npm/docsearch.js@2/dist/cdn/docsearch.min.js"></script> |
| <script> |
| function focusSearchInput () { document.querySelector('#algolia-search-input').focus() } |
| var search = docsearch({ |
| appId: '5ISP5TFAEN', |
| apiKey: '0fc51c28b4ad46e7318e96d4e97fab7c', |
| indexName: 'isis-apache-org', |
| inputSelector: '#algolia-search-input', |
| autocompleteOptions: { hint: false, keyboardShortcuts: ['s'] }, |
| debug: false, |
| }).autocomplete |
| search.on('autocomplete:closed', function () { search.autocomplete.setVal() }) |
| focusSearchInput() |
| window.addEventListener('load', focusSearchInput); |
| </script> |
| |
| <!-- |
| docsearch options: |
| https://docsearch.algolia.com/docs/behavior/ |
| --> |
| <!-- |
| https://www.algolia.com/doc/api-reference/api-parameters/ |
| algoliaOptions: { hitsPerPage: 6 }, |
| --> |
| </body> |
| </html> |