[LINKS] Update some links to https
diff --git a/README.adoc b/README.adoc
index 63227a9..fa2dfaf 100644
--- a/README.adoc
+++ b/README.adoc
@@ -1,6 +1,6 @@
= Apache Shiro Website Overview
-The Apache Shiro website is a static content website accessible at http://shiro.apache.org/.
+The Apache Shiro website is a static content website accessible at https://shiro.apache.org/.
Site content is authored as Markdown, Asciidoc and HTML files.
These files are parsed by the tool `jbake` and renders the content files using freemarker templates to static `.html` files.
diff --git a/src/site/content/articles.adoc b/src/site/content/articles.adoc
index 4db006f..88ebd93 100644
--- a/src/site/content/articles.adoc
+++ b/src/site/content/articles.adoc
@@ -47,17 +47,17 @@
** https://mrdwnotes.wordpress.com/2011/11/28/using-apache-shiro-security-to-allow-login-via-facebook-part-2/[Part 2]
* *Apache Shiro - a blog series by Meri*
-** http://meri-stuff.blogspot.com/2011/03/apache-shiro-part-1-basics.html[Part 1 - Basics] on 27 March 2011
-** http://meri-stuff.blogspot.com/2011/04/apache-shiro-part-2-realms-database-and.html[Part 2 - Realms, Database and PGP Certificates] on 18 April 2011
-** http://meri-stuff.blogspot.com/2011/12/apache-shiro-part-3-cryptography.html[Part 3 - Cryptography] on 4 December 2011
+** https://meri-stuff.blogspot.com/2011/03/apache-shiro-part-1-basics.html[Part 1 - Basics] on 27 March 2011
+** https://meri-stuff.blogspot.com/2011/04/apache-shiro-part-2-realms-database-and.html[Part 2 - Realms, Database and PGP Certificates] on 18 April 2011
+** https://meri-stuff.blogspot.com/2011/12/apache-shiro-part-3-cryptography.html[Part 3 - Cryptography] on 4 December 2011
* *https://stormpath.com/blog/new-rbac-resource-based-access-control[The New RBAC: Resource-Based Access Control]* by Les Hazlewood on 9 May 2011
-* *http://blog.xebia.com/author/yamsellem/[HTTP Authentication and Security with Apache Shiro]* blog article by yamsellem on 18 April 2011.
+* *https://blog.xebia.com/author/yamsellem/[HTTP Authentication and Security with Apache Shiro]* blog article by yamsellem on 18 April 2011.
-* *http://spring-java-ee.blogspot.com/2011/04/using-shiro-for-authorization-via-cdi.html[Using Shiro for Authorization via CDI Interceptors then Easily Test with Arquillian]* blog article by Hendy Irawan on 16 April 2011.
+* *https://spring-java-ee.blogspot.com/2011/04/using-shiro-for-authorization-via-cdi.html[Using Shiro for Authorization via CDI Interceptors then Easily Test with Arquillian]* blog article by Hendy Irawan on 16 April 2011.
* *https://github.com/mulesoft-labs/mule-module-shiro/[Apache Shiro Support for Mule]* by Dan Diephouse on 10 January 2011.
-* *http://techbeats.deluan.com/apache-shiro-tags-for-jsffacelets[Apache Shiro tags for JSF - Securing Your JSF Pages]* by Deluan Quintão on 1 November 2010.
+* *https://techbeats.deluan.com/apache-shiro-tags-for-jsffacelets[Apache Shiro tags for JSF - Securing Your JSF Pages]* by Deluan Quintão on 1 November 2010.
* *Shiro DevNexus 2009 Presentation* by Jeremy Haile: (link:files/articles/Ki-DevNexus-2009.pdf?version=1&modificationDate=1246602947000[PDF]) (link:files/articles/Ki-DevNexus-2009.key.zip?version=1&modificationDate=1246602947000[Keynote]) (link:files/articles/Ki-DevNexus-2009.ppt.zip?version=1&modificationDate=1246602947000[Powerpoint])
diff --git a/src/site/content/blog/2010/06/01/sdforum-java-sig-apache-shiro-presentation.adoc b/src/site/content/blog/2010/06/01/sdforum-java-sig-apache-shiro-presentation.adoc
index 203edae..e61983a 100644
--- a/src/site/content/blog/2010/06/01/sdforum-java-sig-apache-shiro-presentation.adoc
+++ b/src/site/content/blog/2010/06/01/sdforum-java-sig-apache-shiro-presentation.adoc
@@ -6,5 +6,5 @@
:jbake-tags: blog, release
:idprefix:
-Tonight, 1 June 2010, Les Hazlewood link:http://www.sdforum.org/index.cfm?fuseaction=Calendar.eventDetail&eventID=13671&pageId=471[will present] Apache Shiro to the SDForum Java SIG in Palo Alto, California.
+Tonight, 1 June 2010, Les Hazlewood link:https://www.sdforum.org/index.cfm?fuseaction=Calendar.eventDetail&eventID=13671&pageId=471[will present] Apache Shiro to the SDForum Java SIG in Palo Alto, California.
Please come if you can!
diff --git a/src/site/content/blog/2010/09/14/ibm-developerworks-introduction-to-apache-shiro.adoc b/src/site/content/blog/2010/09/14/ibm-developerworks-introduction-to-apache-shiro.adoc
index 7f6c2f8..70d1b67 100644
--- a/src/site/content/blog/2010/09/14/ibm-developerworks-introduction-to-apache-shiro.adoc
+++ b/src/site/content/blog/2010/09/14/ibm-developerworks-introduction-to-apache-shiro.adoc
@@ -6,5 +6,5 @@
:jbake-tags: blog
:idprefix:
-Nathan Good wrote link:http://www.ibm.com/developerworks/web/library/wa-apacheshiro/[an article] introducing some of Apache Shiro's capabilities.
+Nathan Good wrote link:https://www.ibm.com/developerworks/web/library/wa-apacheshiro/[an article] introducing some of Apache Shiro's capabilities.
Thanks Nathan!
diff --git a/src/site/content/blog/2010/09/20/san-francisco-jug-presentation.adoc b/src/site/content/blog/2010/09/20/san-francisco-jug-presentation.adoc
index 8d7aecf..fc5c5cd 100644
--- a/src/site/content/blog/2010/09/20/san-francisco-jug-presentation.adoc
+++ b/src/site/content/blog/2010/09/20/san-francisco-jug-presentation.adoc
@@ -6,5 +6,5 @@
:jbake-tags: blog
:idprefix:
-On 12 October jbake.content.blog.2010 at 6:30 pm PDT, Les Hazlewood will present link:http://www.sfjava.org/calendar/13539905/[Super Simple Application Security with Apache Shiro] to the San Francisco Java User Group.
+On 12 October jbake.content.blog.2010 at 6:30 pm PDT, Les Hazlewood will present link:https://www.sfjava.org/calendar/13539905/[Super Simple Application Security with Apache Shiro] to the San Francisco Java User Group.
Please RSVP if you wish to attend - seats are limited!
diff --git a/src/site/content/blog/2011/01/06/apache-shiro-video-and-slide-from-sf-jug-presentation.adoc b/src/site/content/blog/2011/01/06/apache-shiro-video-and-slide-from-sf-jug-presentation.adoc
index 9d4f0f3..1623761 100644
--- a/src/site/content/blog/2011/01/06/apache-shiro-video-and-slide-from-sf-jug-presentation.adoc
+++ b/src/site/content/blog/2011/01/06/apache-shiro-video-and-slide-from-sf-jug-presentation.adoc
@@ -18,4 +18,4 @@
<iframe src="//www.slideshare.net/slideshow/embed_code/key/iWMvMDFWwd2jvF" width="595" height="485" frameborder="0" marginwidth="0" marginheight="0" scrolling="no" style="border:1px solid #CCC; border-width:1px; margin-bottom:5px; max-width: 100%;" allowfullscreen> </iframe> <div style="margin-bottom:5px"> <strong> <a href="//www.slideshare.net/marakana/simple-application" title="Super simple application security with Apache Shiro" target="_blank">Super simple application security with Apache Shiro</a> </strong> von <strong><a href="https://www.slideshare.net/marakana" target="_blank">Marakana Inc.</a></strong> </div>
++++
-Courtesy of Aleksandar and Max at the link:http://www.sfjava.org/[SF JUG].
+Courtesy of Aleksandar and Max at the link:https://www.sfjava.org/[SF JUG].
diff --git a/src/site/content/blog/2011/01/13/apache-shiro-support-for-mule.adoc b/src/site/content/blog/2011/01/13/apache-shiro-support-for-mule.adoc
index b03375c..d19069d 100644
--- a/src/site/content/blog/2011/01/13/apache-shiro-support-for-mule.adoc
+++ b/src/site/content/blog/2011/01/13/apache-shiro-support-for-mule.adoc
@@ -9,4 +9,4 @@
Mule now has integration with Apache Shiro.
Thanks to Dan Diephouse at link:https://developer.mulesoft.com[MuleSoft] for the great blog post.
-link:http://blogs.mulesoft.com/dev/mule-dev/apache-shiro-support-for-mule/apache-shiro-support-for-mule.adoc[http://blogs.mulesoft.com/dev/mule-dev/apache-shiro-support-for-mule/]
+link:https://blogs.mulesoft.com/dev/mule-dev/apache-shiro-support-for-mule/apache-shiro-support-for-mule.adoc[https://blogs.mulesoft.com/dev/mule-dev/apache-shiro-support-for-mule/]
diff --git a/src/site/content/blog/2011/06/30/apache-shiro-login-demo.adoc b/src/site/content/blog/2011/06/30/apache-shiro-login-demo.adoc
index 3839acf..b3ee884 100644
--- a/src/site/content/blog/2011/06/30/apache-shiro-login-demo.adoc
+++ b/src/site/content/blog/2011/06/30/apache-shiro-login-demo.adoc
@@ -6,7 +6,7 @@
:jbake-tags: blog, youtube, video
:idprefix:
-link:http://raibledesigns.com/[Matt Raible,role="external external-link",rel=external] has posted a really nice blog article and video demonstrating a login use case with Apache Shiro.
-Check out the link:http://raibledesigns.com/rd/entry/java_web_application_security_part2["Java Web Application Security - Part III: Apache Shiro Login Demo",role="external"] blog post and the video:
+link:https://raibledesigns.com/[Matt Raible,role="external external-link",rel=external] has posted a really nice blog article and video demonstrating a login use case with Apache Shiro.
+Check out the link:https://raibledesigns.com/rd/entry/java_web_application_security_part2["Java Web Application Security - Part III: Apache Shiro Login Demo",role="external"] blog post and the video:
video::4LD4mF5ex2U[youtube,title="Java EE Security Demo",width=800,height=600,lang=en]
diff --git a/src/site/content/blog/2015/08/03/apache-shiro-124-released.adoc b/src/site/content/blog/2015/08/03/apache-shiro-124-released.adoc
index 9777e34..0a48bd1 100644
--- a/src/site/content/blog/2015/08/03/apache-shiro-124-released.adoc
+++ b/src/site/content/blog/2015/08/03/apache-shiro-124-released.adoc
@@ -14,7 +14,7 @@
Release binaries (.jars) are also available through Maven Central and source bundles through Apache distribution mirrors.
-For more information on http://shiro.apache.org/documentation.html[Shiro, please read the
+For more information on https://shiro.apache.org/documentation.html[Shiro, please read the
documentation.]
Enjoy!
diff --git a/src/site/content/blog/2016/05/26/apache-shiro-125-released.adoc b/src/site/content/blog/2016/05/26/apache-shiro-125-released.adoc
index 2319cb5..0422b20 100644
--- a/src/site/content/blog/2016/05/26/apache-shiro-125-released.adoc
+++ b/src/site/content/blog/2016/05/26/apache-shiro-125-released.adoc
@@ -14,7 +14,7 @@
Release binaries (.jars) are also available through Maven Central and source bundles through Apache distribution mirrors.
-For more information on http://shiro.apache.org/documentation.html[Shiro, please read the
+For more information on https://shiro.apache.org/documentation.html[Shiro, please read the
documentation.]
Enjoy!
diff --git a/src/site/content/blog/2016/07/05/apache-shiro-126-released.adoc b/src/site/content/blog/2016/07/05/apache-shiro-126-released.adoc
index eb8d600..6b0cf4b 100644
--- a/src/site/content/blog/2016/07/05/apache-shiro-126-released.adoc
+++ b/src/site/content/blog/2016/07/05/apache-shiro-126-released.adoc
@@ -14,7 +14,7 @@
Release binaries (.jars) are also available through Maven Central and source bundles through Apache distribution mirrors.
-For more information on http://shiro.apache.org/documentation.html[Shiro, please read the
+For more information on https://shiro.apache.org/documentation.html[Shiro, please read the
documentation.]
Enjoy!
diff --git a/src/site/content/blog/2016/09/09/apache-shiro-132-released.adoc b/src/site/content/blog/2016/09/09/apache-shiro-132-released.adoc
index 5a912d9..b2ae497 100644
--- a/src/site/content/blog/2016/09/09/apache-shiro-132-released.adoc
+++ b/src/site/content/blog/2016/09/09/apache-shiro-132-released.adoc
@@ -11,7 +11,7 @@
This security release contains 1 fix since the 1.3.1 release.
-http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6802[CVE-2016-6802]:
+https://www.cve.org/CVERecord?id=CVE-2016-6802[CVE-2016-6802]:
Apache Shiro before 1.3.2, when using a non-root servlet context path, specifically crafted requests can be used to by pass some security servlet filters, resulting in unauthorized access.
diff --git a/src/site/content/blog/2016/11/14/apache-shiro-140rc2-released.adoc b/src/site/content/blog/2016/11/14/apache-shiro-140rc2-released.adoc
index 8356a95..213480e 100644
--- a/src/site/content/blog/2016/11/14/apache-shiro-140rc2-released.adoc
+++ b/src/site/content/blog/2016/11/14/apache-shiro-140rc2-released.adoc
@@ -16,7 +16,7 @@
* The core has been broken up into a fewer smaller modules (lang, crypto, config), but package names remain the same.
Maven, Gradle, and Ivy users will NOT be affected.
* New https://github.com/apache/shiro/tree/shiro-root-1.4.0-RC2/support/spring-boot[modules] for Spring Boot
-* New http://search.maven.org/#artifactdetails%7Corg.apache.shiro%7Cshiro-servlet-plugin%7C1.4.0-RC2%7Cjar[servlet fragment module]
+* New https://search.maven.org/#artifactdetails%7Corg.apache.shiro%7Cshiro-servlet-plugin%7C1.4.0-RC2%7Cjar[servlet fragment module]
* New module for JAX-RS (based off https://github.com/silb/shiro-jersey)
* Guice 4 support
* Shiro.ini string interpolation
diff --git a/src/site/content/community.adoc b/src/site/content/community.adoc
index c52928e..11edd2b 100644
--- a/src/site/content/community.adoc
+++ b/src/site/content/community.adoc
@@ -31,4 +31,4 @@
* *https://issues.apache.org/jira/issues/?jql=project%20%3D%20SHIRO%20AND%20status%20%3D%20Open%20ORDER%20BY%20priority%20DESC[Issue Tracker]* - Once you're ready to contribute, this is a good place to see what needs to get done
-* *http://www.apache.org/foundation/sponsorship.html[Donate to ASF]* - Shiro is a project under the Apache Software Foundation, a non-profit that relies on donations and community support
+* *https://www.apache.org/foundation/sponsorship.html[Donate to ASF]* - Shiro is a project under the Apache Software Foundation, a non-profit that relies on donations and community support
diff --git a/src/site/content/configuration.adoc b/src/site/content/configuration.adoc
index 6643c3e..cf0289f 100644
--- a/src/site/content/configuration.adoc
+++ b/src/site/content/configuration.adoc
@@ -14,7 +14,7 @@
[NOTE]
====
.Many Configuration Options
-Shiro's `SecurityManager` implementations and all supporting components are all JavaBeans compatible. This allows Shiro to be configured with practically any configuration format such as regular Java, XML (Spring, JBoss, Guice, etc), link:http://www.yaml.org[YAML], JSON, Groovy Builder markup, and more.
+Shiro's `SecurityManager` implementations and all supporting components are all JavaBeans compatible. This allows Shiro to be configured with practically any configuration format such as regular Java, XML (Spring, JBoss, Guice, etc), link:https://yaml.org[YAML], JSON, Groovy Builder markup, and more.
====
[#Configuration-ProgrammaticConfiguration]
@@ -101,7 +101,7 @@
[#Configuration-INIConfiguration-CreatingSecurityManagerFromINI-Instance]
==== SecurityManager from an INI instance
-The INI configuration can be constructed programmatically as well if desired via the link:static/current/apidocs/org/apache/shiro/config/Ini.html[`org.apache.shiro.config.Ini`] class. The Ini class functions similarly to the JDK http://download.oracle.com/javase/6/docs/api/java/util/Properties.html[`java.util.Properties`] class, but additionally supports segmentation by section name.
+The INI configuration can be constructed programmatically as well if desired via the link:static/current/apidocs/org/apache/shiro/config/Ini.html[`org.apache.shiro.config.Ini`] class. The Ini class functions similarly to the JDK https://download.oracle.com/javase/6/docs/api/java/util/Properties.html[`java.util.Properties`] class, but additionally supports segmentation by section name.
For example:
@@ -128,7 +128,7 @@
[#Configuration-INIConfiguration-Sections]
=== INI Sections
-INI is basically a text configuration consisting of key/value pairs organized by uniquely-named sections. Keys are unique per section only, not over the entire configuration (unlike the JDK http://java.sun.com/javase/6/docs/api/java/util/Properties.html[Properties]). Each section may be viewed like a single `Properties` definition however.
+INI is basically a text configuration consisting of key/value pairs organized by uniquely-named sections. Keys are unique per section only, not over the entire configuration (unlike the JDK https://java.sun.com/javase/6/docs/api/java/util/Properties.html[Properties]). Each section may be viewed like a single `Properties` definition however.
Commented lines can start with either with an Octothorpe (# - aka the 'hash', 'pound' or 'number' sign) or a Semi-colon (';')
@@ -230,7 +230,7 @@
How is this possible? It assumes that all objects are https://en.wikipedia.org/wiki/JavaBean[Java Beans]-compatible https://en.wikipedia.org/wiki/Plain_Old_Java_Object[POJO]s.
-Under the covers, Shiro by default uses Apache Commons http://commons.apache.org/proper/commons-beanutils/[BeanUtils] to do all the heavy lifting when setting these properties. So although INI values are text, BeanUtils knows how to convert the string values to the proper primitive types and then invoke the corresponding JavaBeans setter method.
+Under the covers, Shiro by default uses Apache Commons https://commons.apache.org/proper/commons-beanutils/[BeanUtils] to do all the heavy lifting when setting these properties. So although INI values are text, BeanUtils knows how to convert the string values to the proper primitive types and then invoke the corresponding JavaBeans setter method.
[#Configuration-INIConfiguration-Sections-Main-DefiningObject-SettingProperties-ReferenceValues]
======= Reference Values
@@ -272,7 +272,7 @@
[NOTE]
====
.BeanUtils Property Support
-Any property assignment operation supported by the BeanUtils. link:https://commons.apache.org/proper/commons-beanutils/apidocs/org/apache/commons/beanutils/BeanUtils.html#setProperty-java.lang.Object-java.lang.String-java.lang.Object-[setProperty] method will work in Shiro's [main] section, including set/list/map element assignments. See the link:http://commons.apache.org/proper/commons-beanutils[Apache Commons BeanUtils Website] and documentation for more information.
+Any property assignment operation supported by the BeanUtils. link:https://commons.apache.org/proper/commons-beanutils/apidocs/org/apache/commons/beanutils/BeanUtils.html#setProperty-java.lang.Object-java.lang.String-java.lang.Object-[setProperty] method will work in Shiro's [main] section, including set/list/map element assignments. See the link:https://commons.apache.org/proper/commons-beanutils[Apache Commons BeanUtils Website] and documentation for more information.
====
[#Configuration-INIConfiguration-Sections-Main-DefiningObject-SettingProperties-ByteArrayValues]
diff --git a/src/site/content/developer-resources.adoc b/src/site/content/developer-resources.adoc
index 1b57f2c..9fc0929 100644
--- a/src/site/content/developer-resources.adoc
+++ b/src/site/content/developer-resources.adoc
@@ -25,7 +25,7 @@
[#DeveloperResources-BuildingfromGit]
=== Building from Git
-For Shiro cutting-edge development, you can clone the code from Git and build it using http://maven.apache.org[Maven] 3.6+:
+For Shiro cutting-edge development, you can clone the code from Git and build it using https://maven.apache.org[Maven] 3.6+:
1. Check out the code:
+
@@ -33,7 +33,7 @@
----
git clone https://github.com/apache/shiro.git
----
-2. Build the project using http://maven.apache.org[Maven] 3.6+:
+2. Build the project using https://maven.apache.org[Maven] 3.6+:
+
[source,bash]
----
diff --git a/src/site/content/events.adoc b/src/site/content/events.adoc
index 0f7ec76..22cc1c2 100644
--- a/src/site/content/events.adoc
+++ b/src/site/content/events.adoc
@@ -28,7 +28,7 @@
=== San Francisco Java User Group: Super Simple Application Security with Apache Shiro
October 12, 2010, San Francisco, CA
-http://www.meetup.com/sfjava/
+https://www.meetup.com/sfjava/
=== SDForum: Securing Applications with Apache Shiro
diff --git a/src/site/content/how-to-contribute.adoc b/src/site/content/how-to-contribute.adoc
index 27440ef..9767b5b 100644
--- a/src/site/content/how-to-contribute.adoc
+++ b/src/site/content/how-to-contribute.adoc
@@ -25,7 +25,7 @@
* conference presentations
* publicity
* software
-* general hardware/money http://www.apache.org/foundation/thanks.html[donations] via the http://www.apache.org[Apache Software Foundation]
+* general hardware/money https://www.apache.org/foundation/thanks.html[donations] via the https://www.apache.org[Apache Software Foundation]
You can get your local working copy of the link:download.html[latest and greatest code] by following the directions in link:download.html[Download] page. Review the To Do list in the https://issues.apache.org/jira/browse/SHIRO[issue tracker] and then choose a task that interests you.
@@ -157,7 +157,7 @@
== Git Committers
-After a developer has consistently provided contributions such as code, documentation and discussion, and demonstrated commitment, then the rest of the dev community may vote to grant this developer commit access to the Git repository. See the http://www.apache.org/dev/[ASF developers resources] and especially the http://www.apache.org/dev/version-control.html[Source code repositories].
+After a developer has consistently provided contributions such as code, documentation and discussion, and demonstrated commitment, then the rest of the dev community may vote to grant this developer commit access to the Git repository. See the https://www.apache.org/dev/[ASF developers resources] and especially the https://www.apache.org/dev/version-control.html[Source code repositories].
== Contributing as a Non-Committer
@@ -171,7 +171,7 @@
=== Links
-* http://www.apache.org/dev/contrib-email-tips.html[Tips for email contributors].
+* https://www.apache.org/dev/contrib-email-tips.html[Tips for email contributors].
* Old questions and answers in https://shiro.apache.org/mailing-lists.html[archives].
There are no dumb questions. But browse, search and learn from mailing list archives. Research your topic thoroughly before beginning to discuss a new development issue.
diff --git a/src/site/content/integration.adoc b/src/site/content/integration.adoc
index 836c202..c97414f 100644
--- a/src/site/content/integration.adoc
+++ b/src/site/content/integration.adoc
@@ -41,16 +41,16 @@
+
Adds easy authentication and access control to Grails applications.
-* *http://isis.apache.org[Apache Isis]*
+* *https://isis.apache.org[Apache Isis]*
+
-from http://apache.org/[Apache].
+from https://apache.org/[Apache].
+
Apache Isis is a full-stack framework for rapidly developing domain driven apps and RESTful APIs in Java.
-http://isis.apache.org/documentation.html#security[It uses Apache Shiro] for authentication and authorization.
+https://isis.apache.org/documentation.html#security[It uses Apache Shiro] for authentication and authorization.
-* *http://geode.apache.org/[Apache Geode]*
+* *https://geode.apache.org/[Apache Geode]*
+
-from http://apache.org/[Apache].
+from https://apache.org/[Apache].
+
Using Apache Shiro to secure Geode endpoints like JMX operations, rest services, web monitoring application, CLI tool, and client server communications.
@@ -62,7 +62,7 @@
* *https://github.com/55minutes/fiftyfive-wicket[55Wicket]*
+
-from http://55minutes.com[55 Minutes]
+from https://55minutes.com[55 Minutes]
+
A nifty set of tools and libraries for enhancing productivity with the Apache Wicket Java web framework, including Shiro Integration.
@@ -77,7 +77,7 @@
+
from https://github.com/alexxiyang[@alexxiyang].
+
-A http://redis.io/[Redis] Cache Manager implementation.
+A https://redis.io/[Redis] Cache Manager implementation.
* *https://github.com/mythfish/shiro-memcached[Memcached Cache Manager]*
+
@@ -97,13 +97,13 @@
+
from https://github.com/silb[@silb].
+
-A bundle for securing http://www.dropwizard.io/[Dropwizard] with Apache Shiro.
+A bundle for securing https://www.dropwizard.io/[Dropwizard] with Apache Shiro.
* *https://github.com/theborakompanioni/thymeleaf-extras-shiro[Thymeleaf]*
+
from https://github.com/theborakompanioni[@theborakompanioni].
+
-A http://www.thymeleaf.org/[Thymeleaf] dialect for https://shiro.apache.org[Apache Shiro] https://shiro.apache.org/tags[tags].
+A https://www.thymeleaf.org/[Thymeleaf] dialect for https://shiro.apache.org[Apache Shiro] https://shiro.apache.org/tags[tags].
* *https://github.com/davidsowerby/krail[Krail]*
+
@@ -113,13 +113,13 @@
* *https://github.com/ocpsoft/rewrite/tree/main/security-integration-shiro[Rewrite Servlet]*
+
-from http://www.ocpsoft.org/rewrite/[ocpsoft].
+from https://www.ocpsoft.org/rewrite/[ocpsoft].
+
A highly configurable URL-rewriting tool for Java EE 6+ and Servlet 2.5+ applications
-* *http://freedomotic-developer-manual.readthedocs.io/en/latest/plugins/security.html[Freedomotic]*
+* *https://freedomotic-developer-manual.readthedocs.io/en/latest/plugins/security.html[Freedomotic]*
+
-from http://www.freedomotic.com[freedomotic].
+from https://www.freedomotic.com[freedomotic].
+
An open source, flexible, secure Internet of Things (IoT) development framework in Java, useful to build and manage modern smart spaces.
diff --git a/src/site/content/jaxrs.adoc b/src/site/content/jaxrs.adoc
index fe0c4b2..7ad32cd 100644
--- a/src/site/content/jaxrs.adoc
+++ b/src/site/content/jaxrs.adoc
@@ -109,4 +109,4 @@
== Want to see more?
-You can find portable JAX-RS application that runs with https://jersey.java.net/[Jersey], http://resteasy.jboss.org/[RestEasy] or https://cxf.apache.org[Apache CXF] in the https://github.com/apache/shiro/tree/main/samples[samples] directory on Github.
+You can find portable JAX-RS application that runs with https://jersey.java.net/[Jersey], https://resteasy.dev/[RestEasy] or https://cxf.apache.org[Apache CXF] in the https://github.com/apache/shiro/tree/main/samples[samples] directory on Github.
diff --git a/src/site/content/powered-by-shiro.adoc b/src/site/content/powered-by-shiro.adoc
index 2c2d62f..6ab1d77 100644
--- a/src/site/content/powered-by-shiro.adoc
+++ b/src/site/content/powered-by-shiro.adoc
@@ -34,15 +34,15 @@
Using Shiro in a large scale external web application for authentication, authorization, and custom Session clustering in an enterprise clustered cache
-=== http://mulesoft.com[MuleSoft]
+=== https://www.mulesoft.com[MuleSoft]
-The company behind http://mulesoft.org[Mule], MuleSoft is behind the leading open source middleware, making integration and managing applications easier for everyone.
+The company behind https://developer.mulesoft.com[Mule], MuleSoft is behind the leading open source middleware, making integration and managing applications easier for everyone.
Mule uses Shiro to provide authentication and authorization to hosted services and resources. This allows users to secure HTTP/REST services, Web Services, message queues, data and file access with the simplicity of Shiro.
[#PoweredbyShiro-Sonatype]
-=== http://www.sonatype.com[Sonatype]
+=== https://www.sonatype.com[Sonatype]
-The company behind link:http://maven.apache.org[Maven Central], Sonatype streamlines infrastructure and development workflows for Maven-centric development environments.
+The company behind link:https://maven.apache.org[Maven Central], Sonatype streamlines infrastructure and development workflows for Maven-centric development environments.
-* Sonatype uses Shiro to secure link:http://www.sonatype.com/nexus-professional.html[Nexus], the leading open-source and professional Maven repository manager.
+* Sonatype uses Shiro to secure link:https://www.sonatype.com/nexus-professional.html[Nexus], the leading open-source and professional Maven repository manager.
diff --git a/src/site/content/realm.adoc b/src/site/content/realm.adoc
index 3715a6e..0a8d261 100644
--- a/src/site/content/realm.adoc
+++ b/src/site/content/realm.adoc
@@ -16,7 +16,7 @@
[TIP]
====
-A Realm is essentially a security-specific link:http://en.wikipedia.org/wiki/Data_Access_Object[DAO].
+A Realm is essentially a security-specific link:https://en.wikipedia.org/wiki/Data_Access_Object[DAO].
====
Because most of these data sources usually store both authentication data (credentials such as passwords) as well as authorization data (such as roles or permissions), every Shiro `Realm` can perform _both_ authentication and authorization operations.
diff --git a/src/site/content/security-reports.adoc b/src/site/content/security-reports.adoc
index d195bc0..7bcaffc 100644
--- a/src/site/content/security-reports.adoc
+++ b/src/site/content/security-reports.adoc
@@ -25,7 +25,7 @@
* A new release of the Apache Shiro concerned is made that includes the fix.
* The vulnerability is publicly announced.
-A http://www.apache.org/security/committers.html[more detailed description of the process] has been written for committers. Reporters of security vulnerabilities may also find it useful.
+A https://www.apache.org/security/committers.html[more detailed description of the process] has been written for committers. Reporters of security vulnerabilities may also find it useful.
== Apache Shiro Vulnerability Reports
diff --git a/src/site/content/session-management.adoc b/src/site/content/session-management.adoc
index 4168e7d..155dfbe 100644
--- a/src/site/content/session-management.adoc
+++ b/src/site/content/session-management.adoc
@@ -201,7 +201,7 @@
[NOTE]
====
.Container-Independent Session Clustering
-EHCache is also a nice choice if you quickly need container-independent session clustering. You can transparently plug in link:http://www.terracotta.org/[TerraCotta] behind EHCache and have a container-independent clustered session cache. No more worrying about Tomcat, JBoss, Jetty, WebSphere or WebLogic specific session clustering ever again!
+EHCache is also a nice choice if you quickly need container-independent session clustering. You can transparently plug in link:https://www.terracotta.org/[TerraCotta] behind EHCache and have a container-independent clustered session cache. No more worrying about Tomcat, JBoss, Jetty, WebSphere or WebLogic specific session clustering ever again!
====
Enabling EHCache for sessions is very easy. First, ensure that you have the `shiro-ehcache-<version>.jar` file in your classpath (see the link:download.html[Download] page or use Maven or Ant+Ivy).
@@ -282,7 +282,7 @@
Shiro's `SessionDAO` implementations use an internal link:static/current/apidocs/org/apache/shiro/session/mgt/eis/SessionIdGenerator.html[`SessionIdGenerator`] component to generate a new Session ID every time a new session is created. The ID is generated, assigned to the newly created `Session` instance, and then the `Session` is saved via the `SessionDAO`.
-The default `SessionIdGenerator` is a link:static/current/apidocs/org/apache/shiro/session/mgt/eis/JavaUuidSessionIdGenerator.html[`JavaUuidSessionIdGenerator`], which generates `String` IDs based on Java http://download.oracle.com/javase/6/docs/api/java/util/UUID.html[`UUIDs`]. This implementation is suitable for all production environments.
+The default `SessionIdGenerator` is a link:static/current/apidocs/org/apache/shiro/session/mgt/eis/JavaUuidSessionIdGenerator.html[`JavaUuidSessionIdGenerator`], which generates `String` IDs based on Java https://download.oracle.com/javase/6/docs/api/java/util/UUID.html[`UUIDs`]. This implementation is suitable for all production environments.
If this does not meet your needs, you can implement the `SessionIdGenerator` interface and configure the implementation on Shiro's `SessionDAO` instance. For example, in `shiro.ini`:
@@ -310,7 +310,7 @@
[#SessionManagement-SessionManager-SessionValidationScheduling-DefaultSessionValidationScheduler]
==== Default SessionValidationScheduler
-The default `SessionValidationScheduler` usable in all environments is the link:static/current/apidocs/org/apache/shiro/session/mgt/ExecutorServiceSessionValidationScheduler.html[`ExecutorServiceSessionValidationScheduler`] which uses a JDK http://docs.oracle.com/javase/6/docs/api/java/util/concurrent/ScheduledExecutorService.html[`ScheduledExecutorService`] to control how often the validation should occur.
+The default `SessionValidationScheduler` usable in all environments is the link:static/current/apidocs/org/apache/shiro/session/mgt/ExecutorServiceSessionValidationScheduler.html[`ExecutorServiceSessionValidationScheduler`] which uses a JDK https://docs.oracle.com/javase/6/docs/api/java/util/concurrent/ScheduledExecutorService.html[`ScheduledExecutorService`] to control how often the validation should occur.
By default, this implementation will perform validation once per hour. You can change the rate at which validation occurs by specifying a *new* instance of `ExecutorServiceSessionValidationScheduler` and specifying a different interval (in milliseconds):
@@ -406,7 +406,7 @@
*Distributed Caches*
-Distributed Caches such as http://www.ehcache.org/documentation/2.7/configuration/distributed-cache-configuration.html[Ehcache+TerraCotta], http://www.gigaspaces.com/[GigaSpaces] http://www.oracle.com/technetwork/middleware/coherence/overview/index.html[Oracle Coherence], and http://memcached.org/[Memcached] (and many others) already solve the distributed-data-at-the-persistence-level problem. Therefore enabling Session clustering in Shiro is as simple as configuring Shiro to use a distributed cache.
+Distributed Caches such as https://www.ehcache.org/documentation/2.7/configuration/distributed-cache-configuration.html[Ehcache+TerraCotta], https://www.gigaspaces.com/[GigaSpaces] https://www.oracle.com/technetwork/middleware/coherence/overview/index.html[Oracle Coherence], and https://memcached.org/[Memcached] (and many others) already solve the distributed-data-at-the-persistence-level problem. Therefore enabling Session clustering in Shiro is as simple as configuring Shiro to use a distributed cache.
This gives you the flexibility of choosing the exact clustering mechanism that is suitable for _your_ environment.
@@ -474,7 +474,7 @@
[#SessionManagement-SessionClustering-EhcacheTerracotta]
=== Ehcache + Terracotta
-One such distributed caching solution that people have had success with while using Shiro is the Ehcache + Terracotta pairing. See the Ehcache-hosted http://www.ehcache.org/documentation/get-started/about-distributed-cache[Distributed Caching With Terracotta] documentation for full details of how to enable distributed caching with Ehcache.
+One such distributed caching solution that people have had success with while using Shiro is the Ehcache + Terracotta pairing. See the Ehcache-hosted https://www.ehcache.org/documentation/get-started/about-distributed-cache[Distributed Caching With Terracotta] documentation for full details of how to enable distributed caching with Ehcache.
Once you've got Terracotta clustering working with Ehcache, the Shiro-specific parts are very simple. Read and follow the <<SessionManagement-SessionManager-Storage-EHCacheSessionDAO,Ehcache SessionDAO>> documentation, but we'll need to make a few changes
@@ -539,7 +539,7 @@
[#SessionManagement-SessionClustering-Zookeeper]
=== Zookeeper
-Users have reported using http://zookeeper.apache.org/[Apache Zookeeper] for managing/coordinating distributed sessions as well. If you have any documentation/comments about how this would work, please post them to the Shiro link:mailing-lists.html[Mailing Lists]
+Users have reported using https://zookeeper.apache.org/[Apache Zookeeper] for managing/coordinating distributed sessions as well. If you have any documentation/comments about how this would work, please post them to the Shiro link:mailing-lists.html[Mailing Lists]
[#SessionManagement-SessionsSubjectState]
== Sessions and Subject State
diff --git a/src/site/content/spring-framework.adoc b/src/site/content/spring-framework.adoc
index c1e5f59..948e7c2 100644
--- a/src/site/content/spring-framework.adoc
+++ b/src/site/content/spring-framework.adoc
@@ -6,7 +6,7 @@
:idprefix:
:toc:
-This page covers the ways to integrate Shiro into link:http://spring.io[Spring]-based applications.
+This page covers the ways to integrate Shiro into link:https://spring.io[Spring]-based applications.
== Standalone Applications
@@ -206,7 +206,7 @@
== Caching
-Enabling caching is as simple as providing a link:http://shiro.apache.org/caching.html[CacheManager] bean:
+Enabling caching is as simple as providing a link:https://shiro.apache.org/caching.html[CacheManager] bean:
[source,java]
----
diff --git a/src/site/content/spring-xml.adoc b/src/site/content/spring-xml.adoc
index 980feed..612f1f0 100644
--- a/src/site/content/spring-xml.adoc
+++ b/src/site/content/spring-xml.adoc
@@ -5,7 +5,7 @@
:jbake-tags: documentation, manual
:idprefix:
-This page covers the ways to integrate Shiro into http://spring.io[Spring]-based applications.
+This page covers the ways to integrate Shiro into https://spring.io[Spring]-based applications.
Shiro's JavaBeans compatibility makes it perfectly suited to be configured via Spring XML or other Spring-based configuration mechanisms. Shiro applications need an application singleton `SecurityManager` instance. Note that this does not have to be a _static_ singleton, but there should only be a single instance used by the application, whether its a static singleton or not.
@@ -171,7 +171,7 @@
</bean>
----
-Once you have defined this bean, you must plug it in to whatever remoting `Exporter` you are using to export/expose your services. `Exporter` implementations are defined according to the remoting mechanism/protocol in use. See Spring's http://docs.spring.io/spring/docs/2.5.x/reference/remoting.html[Remoting chapter] on defining `Exporter` beans.
+Once you have defined this bean, you must plug it in to whatever remoting `Exporter` you are using to export/expose your services. `Exporter` implementations are defined according to the remoting mechanism/protocol in use. See Spring's https://docs.spring.io/spring/docs/2.5.x/reference/remoting.html[Remoting chapter] on defining `Exporter` beans.
For example, if using HTTP-based remoting (notice the property reference to the `secureRemoteInvocationExecutor` bean):
@@ -210,4 +210,4 @@
While we hope this documentation helps you with the work you're doing with Apache Shiro, the community is improving and expanding the documentation all the time. If you'd like to help the Shiro project, please consider correcting, expanding, or adding documentation where you see a need. Every little bit of help you provide expands the community and in turn improves Shiro.
-The easiest way to contribute your documentation is to send it to the http://shiro-user.582556.n2.nabble.com/[User Forum] or the link:mailing-lists.html[User Mailing List].
\ No newline at end of file
+The easiest way to contribute your documentation is to send it to the http://shiro-user.582556.n2.nabble.com/[User Forum] or the link:mailing-lists.html[User Mailing List].
diff --git a/src/site/content/testing.adoc b/src/site/content/testing.adoc
index d6d2a72..cd1f10e 100644
--- a/src/site/content/testing.adoc
+++ b/src/site/content/testing.adoc
@@ -21,7 +21,7 @@
. The `Subject` instance must be _bound_ to the currently executing thread.
. After the thread is finished executing (or if the thread's execution results in a `Throwable`), the `Subject` must be _unbound_ to ensure that the thread remains 'clean' in any thread-pooled environment.
-Shiro has architectural components that perform this bind/unbind logic automatically for a running application. For example, in a web application, the root Shiro Filter performs this logic when link:++http://shiro.apache.org/static/current/apidocs/org/apache/shiro/web/servlet/AbstractShiroFilter.html#doFilterInternal(javax.servlet.ServletRequest,javax.servlet.ServletResponse,javax.servlet.FilterChain)++[filtering a request]. But as test environments and frameworks differ, we need to perform this bind/unbind logic ourselves for our chosen test framework.
+Shiro has architectural components that perform this bind/unbind logic automatically for a running application. For example, in a web application, the root Shiro Filter performs this logic when link:++https://shiro.apache.org/static/current/apidocs/org/apache/shiro/web/servlet/AbstractShiroFilter.html#doFilterInternal(javax.servlet.ServletRequest,javax.servlet.ServletResponse,javax.servlet.FilterChain)++[filtering a request]. But as test environments and frameworks differ, we need to perform this bind/unbind logic ourselves for our chosen test framework.
[#Testing-TestSetup]
== Test Setup
@@ -134,7 +134,7 @@
[#Testing-ExampleShiroUnitTest]
=== ExampleShiroUnitTest
-Because unit tests are better suited for testing your own logic (and not any implementations your logic might call), it is a great idea to _mock_ any APIs that your logic depends on. This works very well with Shiro - you can mock the `Subject` interface and have it reflect whatever conditions you want your code under test to react to. We can leverage modern mock frameworks like http://easymock.org/[EasyMock] and http://site.mockito.org[Mockito] to do this for us.
+Because unit tests are better suited for testing your own logic (and not any implementations your logic might call), it is a great idea to _mock_ any APIs that your logic depends on. This works very well with Shiro - you can mock the `Subject` interface and have it reflect whatever conditions you want your code under test to react to. We can leverage modern mock frameworks like https://easymock.org/[EasyMock] and https://site.mockito.org[Mockito] to do this for us.
But as stated above, the key in Shiro tests is to remember that any Subject instance (mock or real) must be bound to the thread during test execution. So all we need to do is bind the mock Subject to ensure things work as expected.
diff --git a/src/site/content/tutorial.adoc b/src/site/content/tutorial.adoc
index 828e3c8..129b707 100644
--- a/src/site/content/tutorial.adoc
+++ b/src/site/content/tutorial.adoc
@@ -27,7 +27,7 @@
Apache Shiro was designed from day one to support _any_ application - from the smallest command-line applications to the largest clustered web applications. Even though we're creating a simple app for this tutorial, know that the same usage patterns apply no matter how your application is created or where it is deployed
====
-This tutorial requires Java 8 or later. We'll also be using Apache http://maven.apache.org[Maven] as our build tool, but of course this is not required to use Apache Shiro. You may acquire Shiro's .jars and incorporate them in any way you like into your application, for example maybe using Apache http://ant.apache.org[Ant] and http://ant.apache.org/ivy[Ivy].
+This tutorial requires Java 8 or later. We'll also be using Apache https://maven.apache.org[Maven] as our build tool, but of course this is not required to use Apache Shiro. You may acquire Shiro's .jars and incorporate them in any way you like into your application, for example maybe using Apache https://ant.apache.org[Ant] and https://ant.apache.org/ivy[Ivy].
For this tutorial, please ensure that you are using Maven 3.6.3 or later. You should be able to type `mvn --version` in a command prompt and see something similar to the following:
@@ -103,7 +103,7 @@
<version>${versions.latestRelease}</version>
</dependency>
<!-- Shiro uses SLF4J for logging. We'll use the 'simple' binding
- in this example app. See http://www.slf4j.org for more info. -->
+ in this example app. See https://www.slf4j.org for more info. -->
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-simple</artifactId>
@@ -182,7 +182,7 @@
[TIP]
.Many Configuration Options
====
-Shiro's `SecurityManager` implementations and all supporting components are all JavaBeans compatible. This allows Shiro to be configured with practically any configuration format such as XML (Spring, JBoss, Guice, etc), link:http://www.yaml.org/[YAML], JSON, Groovy Builder markup, and more. INI is just Shiro's 'common denominator' format that allows configuration in any environment in case other options are not available.
+Shiro's `SecurityManager` implementations and all supporting components are all JavaBeans compatible. This allows Shiro to be configured with practically any configuration format such as XML (Spring, JBoss, Guice, etc), link:https://yaml.org/[YAML], JSON, Groovy Builder markup, and more. INI is just Shiro's 'common denominator' format that allows configuration in any environment in case other options are not available.
====
=== `shiro.ini`
diff --git a/src/site/content/web.adoc b/src/site/content/web.adoc
index 7f85ed2..5e0ca6a 100644
--- a/src/site/content/web.adoc
+++ b/src/site/content/web.adoc
@@ -256,7 +256,7 @@
===== URL Path Expressions
-The token on the left of the equals sign (=) is an http://ant.apache.org[Ant]-style path expression relative to your web application's context root.
+The token on the left of the equals sign (=) is an https://ant.apache.org[Ant]-style path expression relative to your web application's context root.
For example, let's say you had the following `[urls]` line:
@@ -701,7 +701,7 @@
[source,html]
----
-<%@ taglib prefix="shiro" uri="http://shiro.apache.org/tags" %>
+<%@ taglib prefix="shiro" uri="https://shiro.apache.org/tags" %>
----
We've used the `shiro` prefix to indicate the shiro tag library namespace, but you can assign whatever name you like.
diff --git a/src/site/content/webapp-tutorial.adoc b/src/site/content/webapp-tutorial.adoc
index 34d048c..eb0382c 100644
--- a/src/site/content/webapp-tutorial.adoc
+++ b/src/site/content/webapp-tutorial.adoc
@@ -109,7 +109,7 @@
* `LICENSE`: the project's Apache 2.0 license
* `.travis.yml`: A https://travis-ci.org/[Travis CI] config file in case you want to run continuous integration on your project to ensure it always builds.
* `.gitignore`: A git ignore file, containing suffixes and directories that shouldn't be checked in to version control.
-* `src/main/resources/logback.xml`: A simple http://logback.qos.ch/[Logback] config file. For this tutorial, we've chosen http://www.slf4j.org[SLF4J] as our logging API and Logback as the logging implementation. This could have easily been Log4J or JUL.
+* `src/main/resources/logback.xml`: A simple https://logback.qos.ch/[Logback] config file. For this tutorial, we've chosen https://www.slf4j.org[SLF4J] as our logging API and Logback as the logging implementation. This could have easily been Log4J or JUL.
* `src/main/webapp/WEB-INF/web.xml`: Our initial `web.xml` file that we'll configure soon to enable Shiro.
* `src/main/webapp/include.jsp`: A page that contains common imports and declarations, included in other JSP pages. This allows us to manage imports and declarations in one place.
* `src/main/webapp/home.jsp`: our webapp's simple default home page. Includes `include.jsp` (as will others, as we will soon see).
@@ -148,7 +148,7 @@
Shiro can be configured in many different ways in a web application, depending on the web and/or MVC framework you use. For example, you can configure Shiro via Spring, Guice, Tapestry, and many many more.
-To keep things simple for now, we'll start a Shiro environment by using Shiro's default (and very simple) http://shiro.apache.org/configuration.html[INI-based configuration].
+To keep things simple for now, we'll start a Shiro environment by using Shiro's default (and very simple) https://shiro.apache.org/configuration.html[INI-based configuration].
If you checked out the `step1` branch, you'll see the contents of this new `src/main/webapp/WEB-INF/shiro.ini` file (header comments removed for brevity):
@@ -168,7 +168,7 @@
This .ini contains simply a `[main]` section with some minimal configuration:
* It defines a new `cacheManager` instance. Caching is an important part of Shiro's architecture - it reduces constant round-trip communications to various data stores. This example uses a `MemoryConstrainedCacheManager` which is only really good for single JVM applications. If your application is deployed across multiple hosts (e.g. a clustered webserver farm), you will want to use a clustered CacheManager implementation instead.
-* It configures the new `cacheManager` instance on the Shiro `securityManager`. A Shiro http://shiro.apache.org/architecture.html[`SecurityManager`] instance always exists, so it did not need to be defined explicitly.
+* It configures the new `cacheManager` instance on the Shiro `securityManager`. A Shiro https://shiro.apache.org/architecture.html[`SecurityManager`] instance always exists, so it did not need to be defined explicitly.
=== 1b: Enable Shiro in `web.xml`
@@ -197,7 +197,7 @@
</filter-mapping>
----
-* The `<listener>` declaration defines a http://docs.oracle.com/javaee/6/api/javax/servlet/ServletContextListener.html[`ServletContextListener`] that starts up the Shiro environment (including the Shiro `SecurityManager`) upon web application startup. By default, this listener automatically knows to look for our `WEB-INF/shiro.ini` file for Shiro configuration.
+* The `<listener>` declaration defines a https://docs.oracle.com/javaee/6/api/javax/servlet/ServletContextListener.html[`ServletContextListener`] that starts up the Shiro environment (including the Shiro `SecurityManager`) upon web application startup. By default, this listener automatically knows to look for our `WEB-INF/shiro.ini` file for Shiro configuration.
* The `<filter>` declaration defines the main `ShiroFilter`. This filter is expected to filter _all_ requests into the web application so Shiro can peform necessary identity and access control operations before allowing a request to reach the application.
@@ -237,7 +237,7 @@
We will need to configure Shiro to access a _User Store_ of some type, so it can look up users to perform login attempts, or check roles for security decisions, etc. There are many types of user stores that any application might need to access: maybe you store users in a MySQL database, maybe in MongoDB, maybe your company stores user accounts in LDAP or Active Directory, maybe you store them in a simple file, or some other proprietary data store.
-Shiro does this via what it calls a http://shiro.apache.org/architecture.html[`Realm`]. From Shiro's documentation:
+Shiro does this via what it calls a https://shiro.apache.org/architecture.html[`Realm`]. From Shiro's documentation:
____
@@ -466,17 +466,17 @@
shiro.loginUrl = /login.jsp
----
-This is a special configuration directive that tells Shiro "For any of Shiro's http://shiro.apache.org/web.html#Web-DefaultFilters[default filters] that have a `loginUrl` property, I want that property value to be set to `/login.jsp`."
+This is a special configuration directive that tells Shiro "For any of Shiro's https://shiro.apache.org/web.html#Web-DefaultFilters[default filters] that have a `loginUrl` property, I want that property value to be set to `/login.jsp`."
-This allows Shiro's default `authc` filter (by default, a http://shiro.apache.org/static/current/apidocs/org/apache/shiro/web/filter/authc/FormAuthenticationFilter.html[`FormAuthenticationFilter`]) to know about the login page. This is necessary for the `FormAuthenticationFilter` to work correctly.
+This allows Shiro's default `authc` filter (by default, a https://shiro.apache.org/static/current/apidocs/org/apache/shiro/web/filter/authc/FormAuthenticationFilter.html[`FormAuthenticationFilter`]) to know about the login page. This is necessary for the `FormAuthenticationFilter` to work correctly.
==== The `[urls]` section
-The `[urls]` section is a new http://shiro.apache.org/web.html#Web-%7B%7B%5Curls%5C%7D%7D[web-specific INI section].
+The `[urls]` section is a new https://shiro.apache.org/web.html#Web-%7B%7B%5Curls%5C%7D%7D[web-specific INI section].
-This section allows you to use a very succinct name/value pair syntax to tell shiro how to filter request for any given URL path. All paths in `[urls]` are relative to the web application's [`HttpServletRequest.getContextPath()`](http://docs.oracle.com/javaee/1.3/api/javax/servlet/http/HttpServletRequest.html#getContextPath()) value.
+This section allows you to use a very succinct name/value pair syntax to tell shiro how to filter request for any given URL path. All paths in `[urls]` are relative to the web application's [`HttpServletRequest.getContextPath()`](https://docs.oracle.com/javaee/1.3/api/javax/servlet/http/HttpServletRequest.html#getContextPath()) value.
-These name/value pairs offer an extremely powerful way to filter requests, allowing for all sorts of security rules. A deeper coverage of urls and filter chains is outside the scope of this document, but please do http://shiro.apache.org/web.html#Web-%7B%7B%5Curls%5C%7D%7D[read more about it] if you're interested.
+These name/value pairs offer an extremely powerful way to filter requests, allowing for all sorts of security rules. A deeper coverage of urls and filter chains is outside the scope of this document, but please do https://shiro.apache.org/web.html#Web-%7B%7B%5Curls%5C%7D%7D[read more about it] if you're interested.
For now, we'll cover the two lines that were added:
@@ -502,7 +502,7 @@
. There is a `password` form field. The Shiro `authc` filter will automatically look for a `password` request parameter during login submission.
. There is a `rememberMe` checkbox whose 'checked' state can be a 'truthy' value (`true`, `t`, `1`, `enabled`, `y`, `yes`, or `on`).
-Our login.jsp form just uses the default `username`, `password`, and `rememberMe` form field names. These names are configurable if you wish to change them - see the http://shiro.apache.org/static/current/apidocs/org/apache/shiro/web/filter/authc/FormAuthenticationFilter.html[`FormAuthenticationFilter` JavaDoc] for information.
+Our login.jsp form just uses the default `username`, `password`, and `rememberMe` form field names. These names are configurable if you wish to change them - see the https://shiro.apache.org/static/current/apidocs/org/apache/shiro/web/filter/authc/FormAuthenticationFilter.html[`FormAuthenticationFilter` JavaDoc] for information.
=== Step 3c: Run the webapp
@@ -597,7 +597,7 @@
Assuming 'jsmith' is the username of the account logged in. 'Log out' is a hyperlink to the '/logout' url handled by the Shiro `logout` filter.
-As you can see, you can turn off or on entire page sections, features and UI components. In addition to `<shiro:guest>` and `<shiro:user>`, Shiro supports http://shiro.apache.org/web.html#Web-taglibrary[many other useful JSP tags] that you can use to customize the UI based on various things known about the current `Subject`.
+As you can see, you can turn off or on entire page sections, features and UI components. In addition to `<shiro:guest>` and `<shiro:user>`, Shiro supports https://shiro.apache.org/web.html#Web-taglibrary[many other useful JSP tags] that you can use to customize the UI based on various things known about the current `Subject`.
=== Step 4c: Run the webapp
@@ -644,7 +644,7 @@
/account/** = authc
----
-This http://shiro.apache.org/web.html#Web-FilterChainDefinitions[Shiro filter chain definition] means "Any requests to `/account` (or any of its sub-paths) must be authenticated".
+This https://shiro.apache.org/web.html#Web-FilterChainDefinitions[Shiro filter chain definition] means "Any requests to `/account` (or any of its sub-paths) must be authenticated".
But what happens if someone tries to access that path or any of its children paths?
@@ -761,7 +761,7 @@
An exercise left to the reader (not a defined step) is to create a new section of the website and restrict URL access to that section of the website based on what role is assigned to the current user.
-Hint: Create a http://shiro.apache.org/web.html#Web-FilterChainDefinitions[filter chain definition] for that new part of the webapp using the http://shiro.apache.org/static/current/apidocs/org/apache/shiro/web/filter/authz/RolesAuthorizationFilter.html[`roles` filter]
+Hint: Create a https://shiro.apache.org/web.html#Web-FilterChainDefinitions[filter chain definition] for that new part of the webapp using the https://shiro.apache.org/static/current/apidocs/org/apache/shiro/web/filter/authz/RolesAuthorizationFilter.html[`roles` filter]
=== Step 6d: Run the webapp
@@ -813,7 +813,7 @@
* `ship:NCC-1701-D:command`
* `user:jlpicard:edit`
-These use Shiro's http://shiro.apache.org/permissions.html[WildcardPermission] syntax.
+These use Shiro's https://shiro.apache.org/permissions.html[WildcardPermission] syntax.
The first basically means _the ability to 'command' the 'ship' with identifier 'NCC-1701-D'_. This is an example of an _instance-level_ permission: controlling access to a specific _instance_ `NCC-1701-D` of a resource `ship`. The second is also an instance-level permission that states _the ability to `edit` the `user` with identifier `jlpicard`_.
diff --git a/src/site/templates/menu.ftl b/src/site/templates/menu.ftl
index 7a948bc..1532114 100644
--- a/src/site/templates/menu.ftl
+++ b/src/site/templates/menu.ftl
@@ -77,11 +77,11 @@
Apache Software Foundation
</a>
<ul class="dropdown-menu" aria-labelledby="navbarDropdown-asf">
- <li><a class="dropdown-item" href="http://www.apache.org/">Apache Homepage</a></li>
- <li><a class="dropdown-item" href="http://www.apache.org/licenses/">License</a></li>
- <li><a class="dropdown-item" href="http://www.apache.org/foundation/sponsorship.html">Sponsorship</a></li>
- <li><a class="dropdown-item" href="http://www.apache.org/foundation/thanks.html">Thanks</a></li>
- <li><a class="dropdown-item" href="http://www.apache.org/security/">Security</a></li>
+ <li><a class="dropdown-item" href="https://www.apache.org/">Apache Homepage</a></li>
+ <li><a class="dropdown-item" href="https://www.apache.org/licenses/">License</a></li>
+ <li><a class="dropdown-item" href="https://www.apache.org/foundation/sponsorship.html">Sponsorship</a></li>
+ <li><a class="dropdown-item" href="https://www.apache.org/foundation/thanks.html">Thanks</a></li>
+ <li><a class="dropdown-item" href="https://www.apache.org/security/">Security</a></li>
</ul>
</li>
</ul>
