Updated security (markdown)

Axel Uhl commited 2015-02-26 08:29:50 +0000 commit 2d26bc19f09123598a507b5f28c1c64cb7b3c6a3

				wiki/security.md
			
          @@ -2,9 +2,11 @@

           The Sports Sponsorships Engine (SSE) on which the SAP Sailing Analytics and the SAP Tennis Analytics are based, uses Apache Shiro to implement security. This in particular includes authentication and authorization.

          -## Users, Roles, and Permissions

          +## Users, Sessions, Roles, and Permissions

          +Users are identified in an authentication process. This can be a username/password login implemented by posting a form, through HTTP basic authentication (an "Authorization: Basic <some-base64-string>" HTTP header field) or by using an OAuth-like bearer access token that can be obtained by an authenticated user through a RESTful web service.

          +The response for an HTTP request by an authenticated user contains the JSESSIONID cookie whose value is the session key. Our sessions have a default timeout of 30 minutes (see 

           ## How to Configure

...	...	@@ -2,9 +2,11 @@
2	2
3	3	The Sports Sponsorships Engine (SSE) on which the SAP Sailing Analytics and the SAP Tennis Analytics are based, uses Apache Shiro to implement security. This in particular includes authentication and authorization.
4	4
5		-## Users, Roles, and Permissions
	5	+## Users, Sessions, Roles, and Permissions
6	6
	7	+Users are identified in an authentication process. This can be a username/password login implemented by posting a form, through HTTP basic authentication (an "Authorization: Basic <some-base64-string>" HTTP header field) or by using an OAuth-like bearer access token that can be obtained by an authenticated user through a RESTful web service.
7	8
	9	+The response for an HTTP request by an authenticated user contains the JSESSIONID cookie whose value is the session key. Our sessions have a default timeout of 30 minutes (see
8	10
9	11	## How to Configure
10	12