Add new attachment

Only authorized users are allowed to upload new attachments.

This page (revision-93) was last changed on 06-Aug-2010 19:51 by  

This page was created on 17-Jul-2003 19:56 by Ebu

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Difference between version and

At line 1 changed 3 lines
''Authentication'' is the process of logging in, and making sure that the user actually is who he says he is.
''Authorization'', or access control, defines the rights and permissions of users, be they unauthenticated guests or known and authenticated individuals.
While the two are separate problems from an architecture perspective, an adminitrator usually considers them jointly. Thus, this combined status and instruction page.
Obsolete. Check out the [Security2.3Howto].
At line 5 changed one line
!Current status: early alpha. Only available in CVS.
The article ["Introduction to JSPWiki"|] in Linux Gazette has a link to this page, so it should be preserved with links to the current security/authentication system.
At line 7 removed 2 lines
JSPWiki version 2.1.51 is slowly acquiring auth capabilities.
Under development by [Janne|Janne Jalkanen]. Syntax may still change.
At line 10 removed 2 lines
User authentication and authorization works; groups don't. Only the three default groups ''Guest'', ''~NamedGuest'', and ''~KnownPerson'' are currently usable.
At line 14 changed 76 lines
!!Setting up user authentication
Add the following properties to '''':
jspwiki.authenticator = FileAuthenticator
jspwiki.fileAuthenticator.fileName = /tmp/passwords.txt
Edit the password file:
# The format is simply username = password
# No encryption is used currently.
# Comments are allowed; prepend with hash.
ebu = foobar
ubi = frobozz
Restart the container, and access the main page. If you use the default [template|JSP Wiki Templates], a small login box should appear in the left margin. Enter the username in the upper box and the password in the lower, and click on login. If you see the friendly greeting, you have authenticated successfully.
''~FileAuthenticator'' is a fairly simple class, ''com.ecyrd.jspwiki.auth.modules.~FileAuthenticator''. You write your own class to implement ''com.ecyrd.jspwiki.auth.~WikiAuthenticator'', make sure the webapp can find the class, and use the full class name for the ''jspwiki.authenticator'' property to do your own, custom authentication.
!!About Groups
Group support is not finished at this time. Three system groups are defined:
* anyone accessing the wiki belongs to group ''Guest''
* anyone who has set their name on the user preferences page belongs to group ''~NamedGuest''
* anyone who has been authenticated belongs to group ''~KnownPerson''
In the future, the default method to create a group Xyzzy with members Foo and Bar is to
* create a page called ''Xyzzy''
* on the page, add the statement [[{MEMBERS Foo, Bar}]
Naturally, a custom can be substituted, if you wish to look group information up in
some other manner.
!Access Rules
Plugin-like entries on a page define the access level of users. The following examples illustrate the syntax:
A publicly viewable page (since everyone belongs to group ''Guest'', editable only by users ebu and ubi:
[{ALLOW view Guest}]
[{DENY edit Guest}]
[{ALLOW edit ebu, ubi}]
A page viewable by ebu and ubi only, editable by ebu only:
[{DENY view Guest}]
[{ALLOW view ebu, ubi}]
[{DENY edit Guest}]
[{ALLOW edit ebu}]
As can be seen from the parameters, both usernames and group names can be specified in access rules. (We just can't specify new groups quite yet.) Note that ''edit'' does not imply ''view'', and that the order of inclusion-exclusion does not matter. Positive permission takes precedence.
;:Question: how does access rule order
!Default Access Rules
Theoretically, creating a page named ''~DefaultPermissions'' and placing a set of access rules on it should make those rules apply to all pages. Page-specific access rules should replace the defaults, if present. ''However'', the default system does not seem to work properly, and is liable to change (at least into a more configurable form).
Old discussion: [Requirements for JSPWiki Authentication]
[Category Development] - to be moved to Documentation once auth* is ready.
I was surprised to find this page deleted. I understand that the new security model is far better than this one; however, so long as v2.2.33 remains your "Current stable release" and 2.3.x / 2.4.x remain betas, you should keep the documentation for 2.2.33 available. All 3 of your security pages were properly marked at the top with the version numbers they applied to and I think that was the right way to do it. (I managed to diff version 79 and 80, grab the mark-up and copy it my Wiki (intranet, sorry) so I'm OK but for other
Version Date Modified Size Author Changes ... Change note
93 06-Aug-2010 19:51 0.804 kB to previous
92 12-Oct-2007 06:41 1.496 kB JanneJalkanen to previous | to last
91 11-Oct-2007 23:45 1.513 kB to previous | to last
90 26-Sep-2007 23:40 1.496 kB JanneJalkanen to previous | to last
89 26-Sep-2007 02:46 1.527 kB to previous | to last
88 26-Sep-2007 02:45 1.518 kB to previous | to last
87 25-Sep-2007 23:36 1.505 kB to previous | to last
86 30-Aug-2007 03:06 1.496 kB to previous | to last
85 05-Aug-2006 12:06 1.105 kB Janne Jalkanen to previous | to last
84 02-Aug-2006 17:25 0.938 kB Martin Hache to previous | to last
83 11-Jul-2006 17:12 0.257 kB to previous | to last
82 11-Jul-2006 16:31 0.057 kB to previous | to last
81 11-Jul-2006 16:30 0.052 kB to previous | to last
« This page (revision-93) was last changed on 06-Aug-2010 19:51 by