diff --git a/10-minute-tutorial.html.vtl b/10-minute-tutorial.html.vtl
deleted file mode 100644
index aa8d8b7470..0000000000
--- a/10-minute-tutorial.html.vtl
+++ /dev/null
@@ -1,307 +0,0 @@
-#parse("templates/includes.vtl")
-
-10 Minute Tutorial on Apache Shiro
-
-
-
-
-
-
-Introduction
-
-Welcome to Apache Shiro's 10 Minute Tutoral!
-
-By going through this quick and simple tutorial you should fully understand how a developer uses Shiro in their
- application. And you should be able to do it in under 10 minutes.
-
-Overview
-
-What is Apache Shiro?
-
-Apache Shiro is a powerful and easy to use Java security framework that offers developers an intuitive yet
- comprehensive solution to authentication, authorization, cryptography, and session management.
-
-In practical terms, it achieves to manage all facets of your application's security, while keeping out of the way as
- much as possible. It is built on sound interface-driven design and OO principles, enabling custom behavior wherever
- you can imagine it. But with sensible defaults for everything, it is as "hands off" as application security can be.
- At least that's what we strive for.
-
-What can Apache Shiro do?
-
-A lot 
. But we don't want to bloat the QuickStart. Please check out our
- Features page if you'd like to see what it can do for you. Also, if
- you're curious on how we got started and why we exist, please see the Shiro History and
- Mission page.
-
-Ok. Now let's actually do something!
-
-#info('Note', 'Shiro can be run in any environment, from the simplest command line application to the biggest enterprise web and clustered applications, but we''ll use the simplest possible example in a simple main method for this QuickStart so you can get a feel for the API.')
-
-Download
-
-
- - Ensure you have JDK 1.6+ and Maven 3.0.3+ installed.
- - Download the lastest "Source Code Distribution" from the Download
- page. In this example, we're using the ${latestRelease} release distribution.
-
- - Unzip the source package:
-
-
-
-> unzip shiro-root-${latestRelease}-source-release.zip
-
-
-
- - Enter the quickstart directory:
-
-
-
-> cd shiro-root-${latestRelease}/samples/quickstart
-
-
-
- - Run the QuickStart:
-
-
-
-> mvn compile exec:java
-
-
-
This target will just print out some log messages to let you know what is going on and then exit. While
- reading this quickstart, feel free to look at the code found under samples/quickstart/src/main/java/Quickstart.java.
- Change that file and run the above mvn compile exec:java command as often as you like.
-
-
-
-Quickstart.java
-
-The Quickstart.java file referenced above contains all the code that will get you familiar with the API. Now
- lets break it down in chunks here so you can easily understand what is going on.
-
-In almost all environments, you can obtain the currently executing user via the following call:
-
-
-
-
-
-
-Subject currentUser = SecurityUtils.getSubject();
-
-
-
Using SecurityUtils.getSubject(),
- we can obtain the currently executing Subject.
- A Subject is just a security-specific "view" of an application User. We actually wanted to call it 'User'
- since that "just makes sense", but we decided against it: too many applications have existing APIs that already have
- their own User classes/frameworks, and we didn't want to conflict with those. Also, in the security world, the term
- Subject is actually the recognized nomenclature. Ok, moving on...
-
-The getSubject() call in a standalone application might return a Subject based on user data in an
- application-specific location, and in a server environment (e.g. web app), it acquires the Subject based on
- user data associated with current thread or incoming request.
-
-Now that you have a Subject, what can you do with it?
-
-If you want to make things available to the user during their current session with the application, you can get their
- session:
-
-
-
-
-
-
-Session session = currentUser.getSession();
-session.setAttribute( "someKey", "aValue" );
-
-
-
The Session is a Shiro-specific instance that provides most of what you're used to with regular HttpSessions
- but with some extra goodies and one big difference: it does not require an HTTP environment!
-
-If deploying inside a web application, by default the Session will be HttpSession based. But, in a
- non-web environment, like this simple Quickstart, Shiro will automatically use its Enterprise Session Management by
- default. This means you get to use the same API in your applications, in any tier, regardless of deployment
- environment. This opens a whole new world of applications since any application requiring sessions does not need to
- be forced to use the HttpSession or EJB Stateful Session Beans. And, any client technology can now share
- session data.
-
-So now you can acquire a Subject and their Session. What about the really useful stuff
- like checking if they are allowed to do things, like checking against roles and permissions?
-
-Well, we can only do those checks for a known user. Our Subject instance above represents the current user,
- but who is the current user? Well, they're anonymous - that is, until they log in at least once. So, let's
- do that:
-
-
-
-
-if ( !currentUser.isAuthenticated() ) {
- UsernamePasswordToken token = new UsernamePasswordToken("lonestarr", "vespa");
- token.setRememberMe(true);
- currentUser.login(token);
-}
-
-
-
That's it! It couldn't be easier.
-
-But what if their login attempt fails? You can catch all sorts of specific exceptions that tell you exactly what
- happened and allows you to handle and react accordingly:
-
-
-
-
-try {
- currentUser.login( token );
- } catch ( UnknownAccountException uae ) {
- } catch ( IncorrectCredentialsException ice ) {
- } catch ( LockedAccountException lae ) {
- }
- ... more types exceptions to check if you want ...
-} catch ( AuthenticationException ae ) {
- }
-
-
-
There are many different types of exceptions you can check, or throw your own for custom conditions Shiro might not
- account for. See the AuthenticationException
- JavaDoc for more.
-
-#tip('Handy Hint', 'Security best practice is to give generic login failure messages to users because you do not want to aid an attacker trying to break into your system.')
-
-Ok, so by now, we have a logged in user. What else can we do?
-
-Let's say who they are:
-
-
-
-
-
-
-log.info( "User [" + currentUser.getPrincipal() + "] logged in successfully." );
-
-
-
We can also test to see if they have specific role or not:
-
-
-
-
-
-
-if ( currentUser.hasRole( "schwartz" ) ) {
- log.info("May the Schwartz be with you!" );
-} else {
- log.info( "Hello, mere mortal." );
-}
-
-
-
We can also see if they have a permission to act on a certain type of entity:
-
-
-
-
-
-
-if ( currentUser.isPermitted( "lightsaber:weild" ) ) {
- log.info("You may use a lightsaber ring. Use it wisely.");
-} else {
- log.info("Sorry, lightsaber rings are for schwartz masters only.");
-}
-
-
-
Also, we can perform an extremely powerful instance-level permission check - the ability to see if the user
- has the ability to access a specific instance of a type:
-
-
-
-
-
-
-if ( currentUser.isPermitted( "winnebago:drive:eagle5" ) ) {
- log.info("You are permitted to 'drive' the 'winnebago' with license plate (id) 'eagle5'. " +
- "Here are the keys - have fun!");
-} else {
- log.info("Sorry, you aren't allowed to drive the 'eagle5' winnebago!");
-}
-
-
-
Piece of cake, right?
-
-Finally, when the user is done using the application, they can log out:
-
-
-
-
-
-
-currentUser.logout();
-
-
-
Well, that's the core to using Apache Shiro at the application-developer level. And although there is some pretty
- sophisticated stuff going on under the hood to make this work so elegantly, that's really all there is to it.
-
-But you might ask yourself, "But who is responsible for getting the user data during a login (usernames and
- passwords, role and permissions, etc), and who actually performs those security checks during runtime?" Well, you
- do, by implementing what Shiro calls a Realm and plugging that Realm
- into Shiro's configuration.
-
-However, how you configure a Realm is largely dependent upon your runtime
- environment. For example, if you run a standalone application, or if you have a web based application, or a Spring
- or JEE container-based application, or combination thereof. That type of configuration is outside the scope of this
- QuickStart, since its aim is to get you comfortable with the API and Shiro's concepts.
-
-When you're ready to jump in with a little more detail, you'll definitely want to read the Authentication Guide and Authorization Guide. Then can move
- onto other Documentation, in particularly the Reference Manual, to answer any other questions. You'll also
- probably want to join the user mailing list - you'll find
- that we have a great community with people willing to help whenever possible.
-
-Thanks for following along. We hope you enjoy using Apache Shiro!
\ No newline at end of file
diff --git a/10-minute-tutorial.md.vtl b/10-minute-tutorial.md.vtl
new file mode 100644
index 0000000000..85c4145f74
--- /dev/null
+++ b/10-minute-tutorial.md.vtl
@@ -0,0 +1,195 @@
+#parse("templates/includes.vtl")
+
+10 Minute Tutorial on Apache Shiro
+
+
+
+
+
+
+Introduction
+------------
+
+Welcome to Apache Shiro's 10 Minute Tutoral!
+
+By going through this quick and simple tutorial you should fully understand how a developer uses Shiro in their application. And you should be able to do it in under 10 minutes.
+
+
+Overview
+--------
+
+What is Apache Shiro?
+
+Apache Shiro is a powerful and easy to use Java security framework that offers developers an intuitive yet comprehensive solution to authentication, authorization, cryptography, and session management.
+
+In practical terms, it achieves to manage all facets of your application's security, while keeping out of the way as much as possible. It is built on sound interface-driven design and OO principles, enabling custom behavior wherever you can imagine it. But with sensible defaults for everything, it is as "hands off" as application security can be. At least that's what we strive for.
+
+What can Apache Shiro do?
+
+A lot . But we don't want to bloat the QuickStart. Please check out our [Features](features.html "Features") page if you'd like to see what it can do for you. Also, if you're curious on how we got started and why we exist, please see the [Shiro History and Mission](what-is-shiro.html "What is Shiro") page.
+
+Ok. Now let's actually do something!
+
+#info('Note', 'Shiro can be run in any environment, from the simplest command line application to the biggest enterprise web and clustered applications, but we''ll use the simplest possible example in a simple `main` method for this QuickStart so you can get a feel for the API.')
+
+
+Download
+--------
+
+1. Ensure you have JDK 1.6+ and Maven 3.0.3+ installed.
+2. Download the lastest "Source Code Distribution" from the [Download](download.html "Download") page. In this example, we're using the ${latestRelease} release distribution.
+3. Unzip the source package:
+
+ ``` bash
+ $ unzip shiro-root-${latestRelease}-source-release.zip
+ ```
+
+4. Enter the quickstart directory:
+
+ ``` bash
+ $ cd shiro-root-${latestRelease}/samples/quickstart
+ ```
+
+5. Run the QuickStart:
+
+ ``` bash
+ $ mvn compile exec:java
+ ```
+
+This target will just print out some log messages to let you know what is going on and then exit. While reading this quickstart, feel free to look at the code found under `samples/quickstart/src/main/java/Quickstart.java`. Change that file and run the above `mvn compile exec:java` command as often as you like.
+
+
+Quickstart.java
+---------------
+
+The `Quickstart.java` file referenced above contains all the code that will get you familiar with the API. Now lets break it down in chunks here so you can easily understand what is going on.
+
+In almost all environments, you can obtain the currently executing user via the following call:
+
+``` java
+Subject currentUser = SecurityUtils.getSubject();
+```
+
+Using [`SecurityUtils`](static/current/apidocs/org/apache/shiro/SecurityUtils.html).[getSubject()](static/current/apidocs/org/apache/shiro/SecurityUtils.html#getSubject()), we can obtain the currently executing [`Subject`](static/current/apidocs/org/apache/shiro/subject/Subject.html). A _Subject_ is just a security-specific "view" of an application User. We actually wanted to call it 'User' since that "just makes sense", but we decided against it: too many applications have existing APIs that already have their own User classes/frameworks, and we didn't want to conflict with those. Also, in the security world, the term `Subject` is actually the recognized nomenclature. Ok, moving on...
+
+The `getSubject()` call in a standalone application might return a `Subject` based on user data in an application-specific location, and in a server environment (e.g. web app), it acquires the `Subject` based on user data associated with current thread or incoming request.
+
+Now that you have a `Subject`, what can you do with it?
+
+If you want to make things available to the user during their current session with the application, you can get their session:
+
+``` java
+Session session = currentUser.getSession();
+session.setAttribute( "someKey", "aValue" );
+```
+
+The `Session` is a Shiro-specific instance that provides most of what you're used to with regular HttpSessions but with some extra goodies and one **big** difference: it does not require an HTTP environment!
+
+If deploying inside a web application, by default the `Session` will be `HttpSession` based. But, in a non-web environment, like this simple Quickstart, Shiro will automatically use its Enterprise Session Management by default. This means you get to use the same API in your applications, in any tier, regardless of deployment environment. This opens a whole new world of applications since any application requiring sessions does not need to be forced to use the `HttpSession` or EJB Stateful Session Beans. And, any client technology can now share session data.
+
+So now you can acquire a `Subject` and their `Session`. What about the _really_ useful stuff like checking if they are allowed to do things, like checking against roles and permissions?
+
+Well, we can only do those checks for a known user. Our `Subject` instance above represents the current user, but _who_ is the current user? Well, they're anonymous - that is, until they log in at least once. So, let's do that:
+
+``` java
+if ( !currentUser.isAuthenticated() ) {
+ //collect user principals and credentials in a gui specific manner
+ //such as username/password html form, X509 certificate, OpenID, etc.
+ //We'll use the username/password example here since it is the most common.
+ //(do you know what movie this is from? ;)
+ UsernamePasswordToken token = new UsernamePasswordToken("lonestarr", "vespa");
+ //this is all you have to do to support 'remember me' (no config - built in!):
+ token.setRememberMe(true);
+ currentUser.login(token);
+}
+```
+
+That's it! It couldn't be easier.
+
+But what if their login attempt fails? You can catch all sorts of specific exceptions that tell you exactly what happened and allows you to handle and react accordingly:
+
+``` java
+try {
+ currentUser.login( token );
+ //if no exception, that's it, we're done!
+} catch ( UnknownAccountException uae ) {
+ //username wasn't in the system, show them an error message?
+} catch ( IncorrectCredentialsException ice ) {
+ //password didn't match, try again?
+} catch ( LockedAccountException lae ) {
+ //account for that username is locked - can't login. Show them a message?
+}
+ ... more types exceptions to check if you want ...
+} catch ( AuthenticationException ae ) {
+ //unexpected condition - error?
+}
+```
+
+There are many different types of exceptions you can check, or throw your own for custom conditions Shiro might not account for. See the [AuthenticationException JavaDoc](static/current/apidocs/org/apache/shiro/authc/AuthenticationException.html) for more.
+
+#tip('Handy Hint', 'Security best practice is to give generic login failure messages to users because you do not want to aid an attacker trying to break into your system.')
+
+Ok, so by now, we have a logged in user. What else can we do?
+
+Let's say who they are:
+
+``` java
+//print their identifying principal (in this case, a username):
+log.info( "User [" + currentUser.getPrincipal() + "] logged in successfully." );
+```
+
+We can also test to see if they have specific role or not:
+
+``` java
+if ( currentUser.hasRole( "schwartz" ) ) {
+ log.info("May the Schwartz be with you!" );
+} else {
+ log.info( "Hello, mere mortal." );
+}
+```
+
+We can also see if they have a permission to act on a certain type of entity:
+
+``` java
+if ( currentUser.isPermitted( "lightsaber:weild" ) ) {
+ log.info("You may use a lightsaber ring. Use it wisely.");
+} else {
+ log.info("Sorry, lightsaber rings are for schwartz masters only.");
+}
+```
+
+Also, we can perform an extremely powerful _instance-level_ permission check - the ability to see if the user has the ability to access a specific instance of a type:
+
+``` java
+if ( currentUser.isPermitted( "winnebago:drive:eagle5" ) ) {
+ log.info("You are permitted to 'drive' the 'winnebago' with license plate (id) 'eagle5'. " +
+ "Here are the keys - have fun!");
+} else {
+ log.info("Sorry, you aren't allowed to drive the 'eagle5' winnebago!");
+}
+```
+
+Piece of cake, right?
+
+Finally, when the user is done using the application, they can log out:
+
+``` java
+currentUser.logout(); //removes all identifying information and invalidates their session too.
+```
+
+Well, that's the core to using Apache Shiro at the application-developer level. And although there is some pretty sophisticated stuff going on under the hood to make this work so elegantly, that's really all there is to it.
+
+But you might ask yourself, "But who is responsible for getting the user data during a login (usernames and passwords, role and permissions, etc), and who actually performs those security checks during runtime?" Well, you do, by implementing what Shiro calls a [Realm](realm.html "Realm") and plugging that `Realm` into Shiro's configuration.
+
+However, how you configure a [Realm](realm.html "Realm") is largely dependent upon your runtime environment. For example, if you run a standalone application, or if you have a web based application, or a Spring or JEE container-based application, or combination thereof. That type of configuration is outside the scope of this QuickStart, since its aim is to get you comfortable with the API and Shiro's concepts.
+
+When you're ready to jump in with a little more detail, you'll definitely want to read the [Authentication Guide](java-authentication-guide.html "Java Authentication Guide") and [Authorization Guide](java-authorization-guide.html "Java Authorization Guide"). Then can move onto other [Documentation](documentation.html "Documentation"), in particularly the [Reference Manual](reference.html "Reference"), to answer any other questions. You'll also probably want to join the user [mailing list](mailing-lists.html "Mailing Lists") - you'll find that we have a great community with people willing to help whenever possible.
+
+Thanks for following along. We hope you enjoy using Apache Shiro!
\ No newline at end of file
diff --git a/articles.html.vtl b/articles.html.vtl
deleted file mode 100644
index f8185ae04c..0000000000
--- a/articles.html.vtl
+++ /dev/null
@@ -1,63 +0,0 @@
-Apache Shiro Articles
-
-Here are some articles written by and for members of the Apache Shiro community. Please post any errata to the user or dev mailing lists.
-
-Introductory Articles
-New to Shiro? Here are some great introductory articles:
-
-
-
-
-
-
-
-
-
-- An Introduction to Shiro (formerly JSecurity/Ki) - A Beginner's Tutorial by Bruce Phillips:
-
-
-
-Additional Articles
-Once you've gotten your feet wet, you might find these useful too:
-
-
-
-
-
-
-
-
-
-
-
-
-
-- Facebook Login with Apache Shiro by Mike Warren on 28 November 2011
-
-
-
-
-- Apache Shiro - a blog series by Meri
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/articles.md b/articles.md
new file mode 100644
index 0000000000..681cea352f
--- /dev/null
+++ b/articles.md
@@ -0,0 +1,60 @@
+
+#Apache Shiro Articles
+
+Here are some articles written by and for members of the Apache Shiro community. Please post any errata to the user or dev [mailing lists](mailing-lists.html "Mailing Lists").
+
+
+##Introductory Articles
+
+New to Shiro? Here are some great introductory articles:
+
+* **[Application Security with Apache Shiro](https://www.infoq.com/articles/apache-shiro)** InfoQ article by Les Hazlewood, Apache Shiro PMC Chair.
+
+* **[Apache Shiro Beginner's Webapp Tutorial](webapp-tutorial.html "Apache Shiro Beginner's Webapp Tutorial"): a step-by-step tutorial to enable Shiro in a web application** on 19 November 2013 by Les Hazlewood
+
+* **[What's new in Apache Shiro 1.2](https://stormpath.com/blog/whats-new-apache-shiro-12)** on 13 March 2012 by Les Hazlewood.
+
+* **[Introducing Apache Shiro](http://www.ibm.com/developerworks/web/library/wa-apacheshiro/)** by Nathan Good on IBM DeveloperWorks, 14 September 2010.
+
+* **An Introduction to Shiro (formerly JSecurity/Ki) - A Beginner's Tutorial** by [Bruce Phillips](http://www.brucephillips.name):
+ * [Part 1](http://www.brucephillips.name/blog/index.cfm/2009/4/5/An-Introduction-to-Ki-formerly-JSecurity--A-Beginners--Tutorial-Part-1)
+ * [Part 2](http://www.brucephillips.name/blog/index.cfm/2009/4/5/An-Introduction-to-Ki-formerly-JSecurity--A-Beginners--Tutorial-Part-2)
+ * [Part 3](http://www.brucephillips.name/blog/index.cfm/2009/4/5/An-Introduction-to-Ki-formerly-JSecurity--A-Beginners--Tutorial-Part-3)
+ * [Part 4](http://www.brucephillips.name/blog/index.cfm/2009/4/5/An-Introduction-to-Ki-formerly-JSecurity--A-Beginners--Tutorial-Part-4)
+ * [Part 5](http://www.brucephillips.name/blog/index.cfm/2009/5/1/An-Introduction-to-Ki-formerly-JSecurity--A-Beginners-Tutorial-Part-5)
+
+
+##Additional Articles
+
+Once you've gotten your feet wet, you might find these useful too:
+
+* **[How to Integrate Apache Shiro with JavaEE6](http://czetsuya-tech.blogspot.com/2012/10/how-to-integrate-apache-shiro-with.html?spref=tw)** by czetsuya on 11 October 2012.
+
+* **[Custom Apache Shiro JDBC Realm](https://mehmetceliksoy.wordpress.com/2015/06/28/shiro-jdbc-realm/)** by Mehmet Celiksoy
+
+* **[Spring MVC + Shiro + myBatis + JSR-303 Validation](https://bubba-h57.github.io/H57_Shiro/)** by Rob Hines et. al. on 2 April 2012.
+
+* **[Securing ZK Applications with Apache Shiro](https://www.zkoss.org/wiki/Small_Talks/2012/March/Securing_ZK_Applications_With_Apache_Shiro)** by Ashish Dasnurkar on 6 March 2012.
+
+* **Facebook Login with Apache Shiro** by Mike Warren on 28 November 2011
+ * [Part 1](https://mrdwnotes.wordpress.com/2011/11/28/using-apache-shiro-security-to-allow-login-via-facebook-part-1/)
+ * [Part 2](https://mrdwnotes.wordpress.com/2011/11/28/using-apache-shiro-security-to-allow-login-via-facebook-part-2/)
+
+* **Apache Shiro - a blog series by Meri**
+ * [Part 1 - Basics](http://meri-stuff.blogspot.com/2011/03/apache-shiro-part-1-basics.html) on 27 March 2011
+ * [Part 2 - Realms, Database and PGP Certificates](http://meri-stuff.blogspot.com/2011/04/apache-shiro-part-2-realms-database-and.html) on 18 April 2011
+ * [Part 3 - Cryptography](http://meri-stuff.blogspot.com/2011/12/apache-shiro-part-3-cryptography.html) on 4 December 2011
+
+* **[The New RBAC: Resource-Based Access Control](https://stormpath.com/blog/new-rbac-resource-based-access-control)** by Les Hazlewood on 9 May 2011
+
+* **[HTTP Authentication and Security with Apache Shiro](http://blog.xebia.com/author/yamsellem/)** blog article by yamsellem on 18 April 2011.
+
+* **[Using Shiro for Authorization via CDI Interceptors then Easily Test with Arquillian](http://spring-java-ee.blogspot.com/2011/04/using-shiro-for-authorization-via-cdi.html)** blog article by Hendy Irawan on 16 April 2011.
+
+* **[Apache Shiro Support for Mule](http://blogs.mulesoft.com/dev/mule-dev/apache-shiro-support-for-mule/)** by Dan Diephouse on 10 January 2011.
+
+* **[Apache Shiro on Google AppEngine](http://www.gdevelop.com/blog/2010/12/apache-shiro-on-appengine)** by Trung on 13 December 2010.
+
+* **[Apache Shiro tags for JSF - Securing Your JSF Pages](http://techbeats.deluan.com/apache-shiro-tags-for-jsffacelets)** by Deluan Quintão on 1 November 2010.
+
+* **Shiro DevNexus 2009 Presentation** by Jeremy Haile: ([PDF](assets/images/articles/Ki-DevNexus-2009.pdf?version=1&modificationDate=1246602947000)) ([Keynote](assets/images/articles/Ki-DevNexus-2009.key.zip?version=1&modificationDate=1246602947000)) ([Powerpoint](assets/images/articles/Ki-DevNexus-2009.ppt.zip?version=1&modificationDate=1246602947000))
\ No newline at end of file
diff --git a/authentication-guide.html.vtl b/authentication-guide.html.vtl
index fdf5bfa7fc..3b697ff7a5 100644
--- a/authentication-guide.html.vtl
+++ b/authentication-guide.html.vtl
@@ -1,11 +1 @@
-This page has been moved. You are being redirected.
-
-
-
-#warning('Redirection Notice', 'This page should redirect to Java Authentication Guide.')
-
-
+#redirect('java-authentication-guide.html', 'Authentication Guide')
diff --git a/documentation.html.vtl b/documentation.html.vtl
deleted file mode 100644
index 3a6f092b38..0000000000
--- a/documentation.html.vtl
+++ /dev/null
@@ -1,59 +0,0 @@
-#parse("templates/includes.vtl")
-
-Apache Shiro Documentation
-
-Introduction
-Helpful if read in order:
-
-
-Apache Shiro Reference and API
-
-Reference Manual
-
-
-
-Guides - important Shiro concepts:
-
-
-Current Release
-Apache Shiro ${latestRelease} (Download)
-
-
-
-
-
-Lend a hand with documentation
-
-While we hope this documentation helps you with the work you're doing with Apache Shiro, the community is improving
- and expanding the documentation all the time. If you'd like to help the Shiro project, please consider corrected,
- expanding, or adding documentation where you see a need. Every little bit of help you provide expands the community
- and in turn improves Shiro.
-
-The easiest way to contribute your documentation is to send it to the User Forum or the User Mailing List.
\ No newline at end of file
diff --git a/documentation.md.vtl b/documentation.md.vtl
new file mode 100644
index 0000000000..a5901f6d61
--- /dev/null
+++ b/documentation.md.vtl
@@ -0,0 +1,45 @@
+#parse("templates/includes.vtl")
+
+#[[#Apache Shiro Documentation]]#
+
+
+#[[###Introduction]]#
+
+Helpful if read in order:
+
+* [Application Security with Apache Shiro](https://www.infoq.com/articles/apache-shiro) - full intro article on InfoQ.com
+* [10 Minute Tutorial](10-minute-tutorial.html "10 Minute Tutorial")
+* [Beginner's Webapp Tutorial: a step-by-step tutorial to enable Shiro in a web application](webapp-tutorial.html "Beginner's Webapp Tutorial")
+
+
+#[[##Apache Shiro Reference and API]]#
+
+
+#[[###Reference Manual]]#
+
+* [Reference Manual](reference.html "Reference")
+
+
+#[[###Guides - important Shiro concepts:]]#
+
+* [10 Minute Tutorial](10-minute-tutorial.html "10 Minute Tutorial")
+* [Beginner's Webapp Tutorial: a step-by-step tutorial to enable Shiro in a web application](webapp-tutorial.html)
+* [Authentication Guide](java-authentication-guide.html "Java Authentication Guide")
+* [Authorization Guide](java-authorization-guide.html "Java Authorization Guide")
+* Community-contributed [Articles](articles.html "Articles")
+
+
+#[[###Current Release]]#
+
+Apache Shiro ${latestRelease} ([Download](download.html "Download"))
+
+* [API](static/${latestRelease}/apidocs) (JavaDoc)
+* [Browse Source](static/${latestRelease}/xref/) (XREF)
+* [Maven Static Site](static/${latestRelease}/)
+
+
+#[[##Lend a hand with documentation]]#
+
+While we hope this documentation helps you with the work you're doing with Apache Shiro, the community is improving and expanding the documentation all the time. If you'd like to help the Shiro project, please consider corrected, expanding, or adding documentation where you see a need. Every little bit of help you provide expands the community and in turn improves Shiro.
+
+The easiest way to contribute your documentation is to send it to the [User Forum](http://shiro-user.582556.n2.nabble.com/) or the [User Mailing List](mailing-lists.html "Mailing Lists").
\ No newline at end of file
diff --git a/features-overview.html b/features-overview.html
deleted file mode 100644
index 293b70a058..0000000000
--- a/features-overview.html
+++ /dev/null
@@ -1,39 +0,0 @@
-Apache Shiro Features Overview
-
-Apache Shiro aims to be the most comprehensive, but also the easiest to use Java security framework available. Here are some of the frameworks finer points:
-
-- The easiest to understand Java Security API anywhere. Class and Interface names are intuitive and make sense. Anything is pluggable but good defaults exist for everything.
-
-
-- Support authentication ('logins') across one or more pluggable data sources (LDAP, JDBC, ActiveDirectory, etc).
-
-
-- Perform authorization ('access control') based on roles or fine-grained permissions, also using pluggable data sources.
-
-
-- First-class caching support for enhanced application performance.
-
-
-- Built-in POJO-based Enterprise Session Management. Use in both web and non-web environments or in any environment where Single Sign On (SSO) or clustered or distributed sessions are desired.
-
-
-- Heterogeneous client session access. You are no longer forced to use only the HttpSession or Stateful Session Beans, which often unnecessarily tied applications to specific environments. Flash applets, C# applications, Java Web Start, and Web Applications, etc. can now all share session state regardless of deployment environment.
-
-
-- Simple Single Sign-On (SSO) support piggybacking the above Enterprise Session Management. If sessions are federated across multiple applications, the user's authentication state can be shared too. Log in once to any application and the others all recognize that log-in.
-
-
-- Secure data with the easiest possible Cryptography APIs available, giving you power and simplicity beyond what Java provides by default for ciphers and hashes.
-
-
-- An incredibly robust yet low-configuration web framework that can secure any url or resource, automatically handle logins and logouts, perform Remember Me services, and more.
-
-
-- Extremely low number of required dependencies. Standalone configuration requires only slf4j-api.jar and one of slf4j's binding .jars. Web configuration additionally requires commons-beanutils-core.jar. Feature-based dependencies (Ehcache caching, Quartz-based Session validation, Spring dependency injection, etc.) can be added when needed.
-
-
-Want more information on what Shiro can do?
-Check out the specific features for each of Shiro's major components: Authentications, Authorization, Session Management, and Cryptogrpahy.
-
-Get Started in 10 Minutes with Shiro
-Try out Shiro for yourself with our 10 Minute Tutorial. And if you have any questions about Shiro, please check out our community forum or user mailing list for answers from the community.
\ No newline at end of file
diff --git a/features-overview.md b/features-overview.md
new file mode 100644
index 0000000000..dac731026e
--- /dev/null
+++ b/features-overview.md
@@ -0,0 +1,34 @@
+
+#Apache Shiro Features Overview
+
+Apache Shiro aims to be the most comprehensive, but also the easiest to use Java security framework available. Here are some of the frameworks finer points:
+
+* The easiest to understand Java Security API anywhere. Class and Interface names are intuitive and _make sense_. Anything is pluggable but good defaults exist for everything.
+
+* Support authentication ('logins') across one or more pluggable data sources (LDAP, JDBC, ActiveDirectory, etc).
+
+* Perform authorization ('access control') based on roles or fine-grained permissions, also using pluggable data sources.
+
+* First-class caching support for enhanced application performance.
+
+* Built-in POJO-based Enterprise Session Management. Use in both web and non-web environments or in any environment where Single Sign On (SSO) or clustered or distributed sessions are desired.
+
+* _Heterogeneous_ client session access. You are no longer forced to use only the `HttpSession` or Stateful Session Beans, which often unnecessarily tied applications to specific environments. Flash applets, C# applications, Java Web Start, and Web Applications, etc. can now all share session state regardless of deployment environment.
+
+* Simple Single Sign-On (SSO) support piggybacking the above Enterprise Session Management. If sessions are federated across multiple applications, the user's authentication state can be shared too. Log in once to any application and the others all recognize that log-in.
+
+* Secure data with the easiest possible Cryptography APIs available, giving you power and simplicity beyond what Java provides by default for ciphers and hashes.
+
+* An incredibly robust yet **_low-configuration_** web framework that can secure any url or resource, automatically handle logins and logouts, perform Remember Me services, and more.
+
+* Extremely low number of required dependencies. Standalone configuration requires only `slf4j-api.jar` and one of slf4j's binding .jars. Web configuration additionally requires `commons-beanutils-core.jar`. Feature-based dependencies (Ehcache caching, Quartz-based Session validation, Spring dependency injection, etc.) can be added when needed.
+
+
+##Want more information on what Shiro can do?
+
+Check out the specific features for each of Shiro's major components: [Authentications](authentication-features.html "Authentication Features"), [Authorization](authorization-features.html "Authorization Features"), [Session Management](session-management-features.html "Session Management Features"), and [Cryptogrpahy](cryptography-features.html "Cryptography Features").
+
+
+##Get Started in 10 Minutes with Shiro
+
+Try out Shiro for yourself with our [10 Minute Tutorial](10-minute-tutorial.html "10 Minute Tutorial"). And if you have any questions about Shiro, please check out our [community forum](forums.html "Forums") or [user mailing list](mailing-lists.html "Mailing Lists") for answers from the community.
\ No newline at end of file