Update shiro part about coping shiro.ini.template to shiro.ini in conf

docs/security/shiroauthentication.md

@@ -31,7 +31,11 @@ When you connect to Apache Zeppelin, you will be asked to enter your credentials
 ## Security Setup
 You can setup **Zeppelin notebook authentication** in some simple steps.
 
-### 1. Secure the HTTP channel
+### 1. Enable Shiro
+By default in `conf`, you will find `shiro.ini.template`, this file is used as an example it is strongly recommended
+to create a `shiro.ini` file instead by doing the following command line `copy conf/shiro.ini.template conf/shiro.ini`.
+
+### 2. Secure the HTTP channel
 To secure the HTTP channel, you have to change both **anon** and **authc** settings in `conf/shiro.ini`. In here, **anon** means "the access is anonymous" and **authc** means "formed auth security".
 
 The default status of them is
@@ -49,10 +53,10 @@ Deactivate the line "/** = anon" and activate the line "/** = authc" in `conf/sh
 
 For the further information about  `shiro.ini` file format, please refer to [Shiro Configuration](http://shiro.apache.org/configuration.html#Configuration-INISections).
 
-### 2. Secure the Websocket channel
+### 3. Secure the Websocket channel
 Set to property **zeppelin.anonymous.allowed** to **false** in `conf/zeppelin-site.xml`. If you don't have this file yet, just copy `conf/zeppelin-site.xml.template` to `conf/zeppelin-site.xml`.
 
-### 3. Start Zeppelin
+### 4. Start Zeppelin
 
 ```
 bin/zeppelin-daemon.sh start (or restart)
@@ -60,7 +64,7 @@ bin/zeppelin-daemon.sh start (or restart)
 
 Then you can browse Zeppelin at [http://localhost:8080](http://localhost:8080).
 
-### 4. Login
+### 5. Login
 Finally, you can login using one of the below **username/password** combinations.
 
 <center><img src="../assets/themes/zeppelin/img/docs-img/zeppelin-login.png"></center>
@@ -94,7 +98,7 @@ ldapRealm.contextFactory.url = ldap://ldap.test.com:389
 ldapRealm.userDnTemplate = uid={0},ou=Users,dc=COMPANY,dc=COM
 ldapRealm.contextFactory.authenticationMechanism = SIMPLE
 ```
- 
+
 also define roles/groups that you want to have in system, like below;
 
 ```
@@ -159,8 +163,8 @@ securityManager.realms = $zeppelinHubRealm
 > Note: ZeppelinHub is not releated to apache Zeppelin project.
 
 ## Secure your Zeppelin information (optional)
-By default, anyone who defined in `[users]` can share **Interpreter Setting**, **Credential** and **Configuration** information in Apache Zeppelin. 
-Sometimes you might want to hide these information for your use case. 
+By default, anyone who defined in `[users]` can share **Interpreter Setting**, **Credential** and **Configuration** information in Apache Zeppelin.
+Sometimes you might want to hide these information for your use case.
 Since Shiro provides **url-based security**, you can hide the information by commenting or uncommenting these below lines in `conf/shiro.ini`.
 
 ```
@@ -171,9 +175,8 @@ Since Shiro provides **url-based security**, you can hide the information by com
 /api/credential/** = authc, roles[admin]
 ```
 
-In this case, only who have `admin` role can see **Interpreter Setting**, **Credential** and **Configuration** information. 
+In this case, only who have `admin` role can see **Interpreter Setting**, **Credential** and **Configuration** information.
 If you want to grant this permission to other users, you can change **roles[ ]** as you defined at `[users]` section.
 
 <br/>
 > **NOTE :** All of the above configurations are defined in the `conf/shiro.ini` file. This documentation is originally from [SECURITY-README.md](https://github.com/apache/zeppelin/blob/master/SECURITY-README.md).
-