Merge pull request #183 from rzo1/main

Fix some typos and grammer

src/site/content/10-minute-tutorial.adoc

@@ -9,7 +9,7 @@ Brian Demers
 
 == Introduction
 
-Welcome to Apache Shiro's 10 Minute Tutorial!
+Welcome to Apache Shiro's 10-Minute Tutorial!
 
 By going through this quick and simple tutorial you should fully understand how a developer uses Shiro in their application.
 And you should be able to do it in under 10 minutes.
@@ -37,7 +37,7 @@ Now let's actually do something!
 
 [NOTE]
 ====
-Shiro can be run in any environment, from the simplest command line application to the biggest enterprise web and clustered applications, but we''ll use the simplest possible example in a simple `main` method for this QuickStart so you can get a feel for the API.')
+Shiro can be run in any environment, from the simplest command line application to the biggest enterprise web and clustered applications, but we''ll use the simplest possible example in a simple `main` method for this QuickStart, so you can get a feel for the API.')
 ====
 
 == Download
@@ -71,7 +71,7 @@ Change that file and run the above `mvn compile exec:java` command as often as y
 == Quickstart.java
 
 The `Quickstart.java` file referenced above contains all the code that will get you familiar with the API.
-Now lets break it down in chunks here so you can easily understand what is going on.
+Now lets break it down in chunks here, so you can easily understand what is going on.
 
 In almost all environments, you can obtain the currently executing user via the following call:
 
@@ -153,7 +153,7 @@ There are many different types of exceptions you can check, or throw your own fo
 Security best practice is to give generic login failure messages to users because you do not want to aid an attacker trying to break into your system.
 ====
 
-Ok, so by now, we have a logged in user.
+Ok, so by now, we have a logged-in user.
 What else can we do?
 
 Let's say who they are:
@@ -210,7 +210,7 @@ currentUser.logout(); //removes all identifying information and invalidates thei
 Well, that's the core to using Apache Shiro at the application-developer level.
 And although there is some pretty sophisticated stuff going on under the hood to make this work so elegantly, that's really all there is to it.
 
-But you might ask yourself, "But who is responsible for getting the user data during a login (usernames and passwords, role and permissions, etc), and who actually performs those security checks during runtime?" Well, you do, by implementing what Shiro calls a [Realm](realm.html "Realm") and plugging that `Realm` into Shiro's configuration.
+But you might ask yourself, "But who is responsible for getting the user data during a login (usernames and passwords, role and permissions, etc.), and who actually performs those security checks during runtime?" Well, you do, by implementing what Shiro calls a [Realm](realm.html "Realm") and plugging that `Realm` into Shiro's configuration.
 
 However, how you configure a [Realm](realm.html "Realm") is largely dependent upon your runtime environment.
 For example, if you run a standalone application, or if you have a web based application, or a Spring or JEE container-based application, or combination thereof.

src/site/content/architecture.adoc

@@ -19,7 +19,7 @@ At the highest conceptual level, Shiro's architecture has 3 primary concepts: th
 
 image::/images/ShiroBasicArchitecture.png[Shiro Basic Architecture Diagram, align="center"]
 
-* *Subject*: As we've mentioned in our link:tutorial.html[Tutorial], the `Subject` is essentially a security specific 'view' of the the currently executing user. Whereas the word 'User' often implies a human being, a `Subject` can be a person, but it could also represent a 3rd-party service, daemon account, cron job, or anything similar - basically anything that is currently interacting with the software.
+* *Subject*: As we've mentioned in our link:tutorial.html[Tutorial], the `Subject` is essentially a security specific 'view' of the currently executing user. Whereas the word 'User' often implies a human being, a `Subject` can be a person, but it could also represent a 3rd-party service, daemon account, cron job, or anything similar - basically anything that is currently interacting with the software.
 +
 `Subject` instances are all bound to (and require) a `SecurityManager`. When you interact with a `Subject`, those interactions translate to subject-specific interactions with the `SecurityManager`.
 
@@ -38,7 +38,7 @@ The following diagram shows Shiro's core architectural concepts followed by shor
 image::/images/ShiroArchitecture.png[Shiro Architecture Diagram, align="center"]
 
 * *Subject* (link:static/current/apidocs/org/apache/shiro/subject/Subject.html[`org.apache.shiro.subject.Subject`])
-A security-specific 'view' of the entity (user, 3rd-party service, cron job, etc) currently interacting with the software.
+A security-specific 'view' of the entity (user, 3rd-party service, cron job, etc.) currently interacting with the software.
 
 * *SecurityManager* (link:static/current/apidocs/org/apache/shiro/mgt/SecurityManager.html[org.apache.shiro.mgt.SecurityManager])
 As mentioned above, the `SecurityManager` is the heart of Shiro's architecture. It is mostly an 'umbrella' object that coordinates its managed components to ensure they work smoothly together. It also manages Shiro's view of every application user, so it knows how to perform security operations per user.
@@ -62,7 +62,7 @@ The `SessionDAO` performs `Session` persistence (CRUD) operations on behalf of t
 The `CacheManager` creates and manages `Cache` instance lifecycles used by other Shiro components. Because Shiro can access many back-end data sources for authentication, authorization and session management, caching has always been a first-class architectural feature in the framework to improve performance while using these data sources. Any of the modern open-source and/or enterprise caching products can be plugged in to Shiro to provide a fast and efficient user-experience.
 
 * *Cryptography* (link:static/current/apidocs/org/apache/shiro/crypto/package-summary.html[org.apache.shiro.crypto.*])
-Cryptography is a natural addition to an enterprise security framework. Shiro's `crypto` package contains easy-to-use and understand representations of crytographic Ciphers, Hashes (aka digests) and different codec implementations. All of the classes in this package are carefully designed to be very easy to use and easy to understand. Anyone who has used Java's native cryptography support knows it can be a challenging animal to tame. Shiro's crypto APIs simplify the complicated Java mechanisms and make cryptography easy to use for normal mortal human beings.
+Cryptography is a natural addition to an enterprise security framework. Shiro's `crypto` package contains easy-to-use and understand representations of crytographic Ciphers, Hashes (aka digests) and different codec implementations. All the classes in this package are carefully designed to be very easy to use and easy to understand. Anyone who has used Java's native cryptography support knows it can be a challenging animal to tame. Shiro's crypto APIs simplify the complicated Java mechanisms and make cryptography easy to use for normal mortal human beings.
 
 * *Realms* (link:static/current/apidocs/org/apache/shiro/realm/Realm.html[org.apache.shiro.realm.Realm])
 As mentioned above, Realms act as the ‘bridge’ or ‘connector’ between Shiro and your application’s security data. When it comes time to actually interact with security-related data like user accounts to perform authentication (login) and authorization (access control), Shiro looks up many of these things from one or more Realms configured for an application. You can configure as many `Realms` as you need (usually one per data source) and Shiro will coordinate with them as necessary for both authentication and authorization.

src/site/content/articles.adoc

@@ -60,4 +60,4 @@ Once you've gotten your feet wet, you might find these useful too:
 
 * *https://techbeats.deluan.com/apache-shiro-tags-for-jsffacelets[Apache Shiro tags for JSF - Securing Your JSF Pages]* by Deluan Quintão on 1 November 2010.
 
-* *Shiro DevNexus 2009 Presentation* by Jeremy Haile: (link:files/articles/Ki-DevNexus-2009.pdf?version=1&modificationDate=1246602947000[PDF]) (link:files/articles/Ki-DevNexus-2009.key.zip?version=1&modificationDate=1246602947000[Keynote]) (link:files/articles/Ki-DevNexus-2009.ppt.zip?version=1&modificationDate=1246602947000[Powerpoint])
+* *Shiro DevNexus 2009 Presentation* by Jeremy Haile: (link:files/articles/Ki-DevNexus-2009.pdf?version=1&modificationDate=1246602947000[PDF]) (link:files/articles/Ki-DevNexus-2009.key.zip?version=1&modificationDate=1246602947000[Keynote]) (link:files/articles/Ki-DevNexus-2009.ppt.zip?version=1&modificationDate=1246602947000[PowerPoint])

src/site/content/authentication.adoc

@@ -160,12 +160,12 @@ For example, a check to see if a `Subject` can access financial information shou
 [#Authentication-RememberedVsAuthenticated-AnIllustratingExample]
 === An illustrating example
 
-The following is a fairly common scenario that helps illustrate why the the distinction between remembered and authenticated is important.
+The following is a fairly common scenario that helps illustrate why the distinction between remembered and authenticated is important.
 
 Let's say you're using https://www.amazon.com[Amazon.com].
 You've logged-in successfully and have added a few books to your shopping cart.
 But you have to run off to a meeting, but forget to log out.
-By the time the meeting is over, it's time to go home and you leave the office.
+By the time the meeting is over, it's time to go home, and you leave the office.
 
 The next day when you come in to work, you realize you didn't complete your purchase, so you go back to amazon.com.
 This time, Amazon 'remembers' who you are, greets you by name, and still gives you some personalized book recommendations.
@@ -174,10 +174,10 @@ To Amazon, `subject.isRemembered()` would return `true`.
 But, what happens if you try to access your account to update your credit card information to make your book purchase?
 While Amazon 'remembers' you (`isRemembered()` == `true`), it cannot guarantee that you are in fact you (for example, maybe a co-worker is using your computer).
 
-So before you can perform a sensitive action like updating credit card information, Amazon will force you to login so they can guarantee your identity.
-After you login, your identity has been verified and to Amazon, `isAuthenticated()` would now be `true`.
+So before you can perform a sensitive action like updating credit card information, Amazon will force you to login, so they can guarantee your identity.
+After you log in, your identity has been verified and to Amazon, `isAuthenticated()` would now be `true`.
 
-This scenario happens so frequently for many types of applications, so the functionality is built in to Shiro so you can leverage it for your own application.
+This scenario happens so frequently for many types of applications, so the functionality is built in to Shiro, so you can leverage it for your own application.
 Now, whether you use `isRemembered()` or `isAuthenticated()` to customize your views and workflows is up to you, but Shiro will maintain this fundamental state in case you need it.
 
 [#Authentication-LoggingOut]
@@ -276,9 +276,9 @@ An AuthenticationStrategy is a stateless component that is consulted 4 times dur
 . before any of the Realms are invoked
 . immediately before an individual Realm's `getAuthenticationInfo` method is called
 . immediately after an individual Realm's `getAuthenticationInfo` method is called
-. after all of the Realms have been invoked
+. after all the Realms have been invoked
 
-Also an `AuthenticationStrategy` is responsible for aggregating the results from each successful Realm and 'bundling' them into a single link:/static/current/apidocs/org/apache/shiro/authc/AuthenticationInfo.html[`AuthenticationInfo`] representation.
+Also, an `AuthenticationStrategy` is responsible for aggregating the results from each successful Realm and 'bundling' them into a single link:/static/current/apidocs/org/apache/shiro/authc/AuthenticationInfo.html[`AuthenticationInfo`] representation.
 This final aggregate `AuthenticationInfo` instance is what is returned by the `Authenticator` instance and is what Shiro uses to represent the `Subject`'s final identity (aka Principals).
 
 [NOTE]
@@ -293,7 +293,7 @@ Shiro has 3 concrete `AuthenticationStrategy` implementations:
 |`AuthenticationStrategy` class |Description
 
 |link:/static/current/apidocs/org/apache/shiro/authc/pam/AtLeastOneSuccessfulStrategy.html[`AtLeastOneSuccessfulStrategy`] |If one (or more) Realms authenticate successfully, the overall attempt is considered successful.
-If none authenticate succesfully, the attempt fails.
+If none authenticate successfully, the attempt fails.
 |link:/static/current/apidocs/org/apache/shiro/authc/pam/FirstSuccessfulStrategy.html[`FirstSuccessfulStrategy`] |Only the information returned from the first successfully authenticated Realm will be used.
 All further Realms will be ignored.
 If none authenticate successfully, the attempt fails.
@@ -379,7 +379,7 @@ securityManager.realms = $fooRealm, $barRealm, $blahRealm
 .Explicit Realm Inclusion
 When you explicitly configure the `securityManager.realms` property, *only* the referenced realms will be configured on the `SecurityManager`.
 This means you could define 5 realms in INI, but only actually use 3 if 3 are referenced for the `realms` property.
-This is different than implicit realm ordering where all available realms will be used.
+This is different from implicit realm ordering where all available realms will be used.
 ====
 
 [#Authentication-RealmAuthentication]

src/site/content/authorization-features.adoc

@@ -11,7 +11,7 @@ In other words, determining *"who has access to what"*.
 Authorization is used to answer security questions like, "is the user allowed to edit accounts", "is this user allowed to view this web page", "does this user have access to this button"?
 These are all decisions determining what a user has access to and therefore all represent authorization checks.
 
-Authorization is a critical element of any application but it can quickly become very complex.
+Authorization is a critical element of any application, but it can quickly become very complex.
 Shiro's goal is to eliminate much of the complexity around authorization so that you can more easily build secure software.
 Below is a highlight of the Shiro authorization features.
 
@@ -29,9 +29,9 @@ Since the complexity of authorization differs greatly between applications, Shir
 
 * *Powerful and intuitive permission syntax*
 +
-As an option, Shiro provides an out-of-the-box permission syntax, called Wildcard Permissions, that help you model the fine grained access policies your application may have.
-By using Shiro's Wildcard Permissions you get an easy-to-process and human readable syntax.
-Moreoever, you don't have to go through the time-consuming effort and complexity of creating your own method for representing your access policies.
+As an option, Shiro provides an out-of-the-box permission syntax, called Wildcard Permissions, that help you model the fine-grained access policies your application may have.
+By using Shiro's Wildcard Permissions you get an easy-to-process and human-readable syntax.
+Moreover, you don't have to go through the time-consuming effort and complexity of creating your own method for representing your access policies.
 
 * *Multiple enforcement options*
 +