This page is here for historical curiosity only, and will be removed shortly. It does not work. I repeat, it does not work. Do not report bugs. Do not use. Do not even think about using.
Authentication is the process of logging in, and making sure that the user actually is who he says he is. Authorization, or access control, defines the rights and permissions of users, be they unauthenticated guests or known and authenticated individuals. While the two are separate problems from an architecture perspective, an administrator usually considers them jointly. Thus, this combined status and instruction page.
User authentication and authorization works; groups don't. Only the three default groups Guest, NamedGuest, and KnownPerson are currently usable.
JSPWiki developers are invited to collect their observations on the Auth* scheme on Authorization and Authentication Development.
Setting up user authentication#
Add the following properties to jspwiki.properties:
jspwiki.authenticator = FileAuthenticator jspwiki.fileAuthenticator.fileName = /tmp/passwords.txt jspwiki.auth.useOldAuth=true # Add the following line authorize all users jspwiki.policy.strictLogins = true
Edit the password file:
# The format is simply username = password # No encryption is used currently. # Comments are allowed; prepend with hash. ebu = foobar ubi = frobozz
Restart the container, and access the main page. If you use the default template, a small login box should appear in the left margin. Enter the username in the upper box and the password in the lower, and click on login. If you see the friendly greeting, you have authenticated successfully.
Developers:#
FileAuthenticator is a fairly simple class (com.ecyrd.jspwiki.auth.modules.FileAuthenticator). You can write your own class to implement com.ecyrd.jspwiki.auth.WikiAuthenticator, make sure the webapp can find the class, and use the full class name for the jspwiki.authenticator property to do your own, custom authentication.
About Groups#
Group support is not finished at this time. Three system groups are defined:
- anyone accessing the wiki belongs to group Guest
- anyone who has set their name on the user preferences page belongs to group NamedGuest
- anyone who has been authenticated belongs to group KnownPerson
In the future, the default method to create a group Xyzzy with members Foo and Bar is to
- create a page called Xyzzy
- on the page, add the statement [{SET members='Foo, Bar'}]
Developers#
Groups actually work if you don't use the prospective default implementation (WikiDatabase) that uses WikiPages for group definition. I wrote a minor patch to UserManager, now available in the CVS HEAD. You can now define the property jspwiki.userdatabase = path.to.your.class and plug in a com.ecyrd.jspwiki.auth.UserDatabase implementation. Again, this is a fairly simple operation, but expect to adjust for Janne's changes before any version releases.
Authorization#
Page Access Rules#
Plugin-like entries on a page define the access level of users. The following examples illustrate the syntax:
A publicly viewable page (since everyone belongs to group Guest, editable only by users ebu and ubi:
[{ALLOW view Guest}] [{DENY edit Guest}] [{ALLOW edit ebu, ubi}]
A page viewable by ebu and ubi only, editable by ebu only:
[{DENY view Guest}] [{ALLOW view ebu, ubi}] [{DENY edit Guest}] [{ALLOW edit ebu}]
As can be seen from the parameters, both usernames and group names can be specified in access rules. (We just can't specify new groups quite yet.) Note that edit does not imply view, and that the order of inclusion-exclusion does not matter. Positive permission takes precedence.
Default Access Rules#
Theoretically, creating a page named DefaultPermissions and placing a set of access rules on it should make those rules apply to all pages. Page-specific access rules should replace the defaults, if present. However, the default system does not seem to work properly, and is liable to change (at least into a more configurable form).
2004.01.11 The format of the DefaultPermissions page has changed recently, apparently around version 2.1.104. Check out the description in the DefaultPermissions page that is included with the JSPWiki distribution for a good description. In brief, apparently you set a defaultpermissions variable now within the DefaultPermissions page. And this appears to have some limitiations as of 2.1.134 such as making changes to defaultpermissions aren't recognized until you restart. -- Mock.
Administrators#
Administrators are people who are allowed to do whatever they please in the wiki system. No access rights stop them.
You can set the name of the administrator group by setting the jspwiki.auth.administrator - property in your jspwiki.properties. For example:
jspwiki.auth.administrator = WikiAdmin
The default value for the admin group is "WikiAdmin".
On the group page you would then list those people who are a part of this group. For example, to make JackJones and JillJones administrators, use:
[{SET members='JackJones, JillJones'}]
FAQ#
Using Spring's Acegi security framework#
Is it possible to integrate JSPWiki into an existing Spring application secured by Acegi Security? What I want to achieve is a kind of single sign for my Spring Application (Acegi, MD5+salt passwords, User/Password stored in database) and JSPWiki. I guess I've to integrate JSPWiki into my webapp. Are there any Tips/Tricks howto achieve the best result? Do I have to write my UserDatabase class? Thanks a lot. ThomasBecker
Multiple Wiki Site Security#
Hmm, any indications on how security and such can be setup and administered on say a wiki installation of 8 wiki's with about 20 users? Am I going to have massive duplication and have to manually synch stuff between the wiki's? Any way to setup a master security configuration and have it propagate thru each wiki? (Tangentially related to my SecurityHelp question.) --JohnV
User/password databases can be shared. The default PageAuthorizer finds its permissions on the WikiPages themselves. --JanneJalkanen
Bear with me as all of this is new stuff. I've got a mix of unsecured and secured wikis; right now there's duplication all over the place, so I'm using MultipleWikis to help simplify things. The problem is that authentication is currently handled via container managed security, so secured wikis have different web.xmls that define which roles are allowed access. Is there any elegant way of handling this scenario? --KyleAdams
I extended JSPWiki to allow "/" in the page-names (but any other character might do it too) and wrote my own Filter (to be configured in web.xml not the new jspwiki-filters) - this will read a jspwiki page called "ACL".
Now the first token (pagename splitted by "/") of a wiki-pagename can be secured.
e.g. consider the pages "public/AnyInformation" and "private/MyInformation".
Within the "ACL" page I configured which role a user have to belong to to view/edit the private/ page.
The ACL page can be edited through jspwiki and the roles are checked against the container-security.
For sure a very specific implementation, but maybe you can pickup the idea to use filters to secure things.
--Mario
Limitting Access to Wiki to Particular Users#
How do i make it so only certain users can get access to the wiki at all? When i deny guest view priviledges i get a loop error in when access in the wiki. Allowing guest to view fixes this, but it also means guests can view pages and i don't want them to.
Create a page named LoginError and give Guest view permissions on it. --Killer
Thanks but can you explain what this accomplishes?
That accomplishes the behaviour you are looking for. In that case you can globally deny view from Guest and they will get a nice explanation saying why they cannot see anything. --Killer
Container Managed Security#
How do you integrate Container Managed Security with JspWiki 2.2 Authentication/Authorization?(I am not sure why everyone wants to create yet another set of usernames/passwords/security problems, etc.)
I turn on the security constraint in the web.xml. When a WikiPage has a page access rule set, it throws a login error and takes you to the login page. However the login page doesn't work with container managed security. So you can never login. That is, unless you set up a separate JspWiki authorization scheme like FileAuthenticator. So you end up with two competing authorization schemes.
- For howto secure web applications in JBoss see SecureTheJmxConsole
. I've done the same for JspWiki and it's really easy. -- JJarkko
- uhhh... and that's relevant how? I am not asking how to secure a web application in JBoss and I can already lock JspWiki 2.0 down using contain manager security but that's not anything integrated into the 2.2 authorization scheme (AFAIK). I am asking something specific about JspWiki 2.2 Authentication/Authorization. It would appear that it requires writing a JspWiki authentication plugin, which I haven't look into yet, in order to avoid yet another place for user names and passwords. Although, it seems so basic to me that it should be included as well as be default authentication scheme. And maybe it already works, so that's why I am asking before I go off and write something. If I misunderstand and you have actually written the plugin already then please share it.
- Hmm, let me try to explain things ;) If you secure your application according to the above link you get both Authentication and data needed for Authorization for the current user from the container (basic J2EE Servlet stuff). Then you can ask from the servlet container if the user has the specified role by using the HttpServletRequest.isUserInRole
and thus allow access if the user has the required role,as defined with the ALLOW method above, or disallow access in the case of DENY. Name of the authenticated user is available from request.getUserPrincipal
. IMHO the application doesn't have to know anything about where the login-user-name or his/hers role/group information came from. The only problem with CMS is that you need to use tools specific to the container/server to setup users,passwords and group information. Which isn't a problem if you just choose your backend carefully enough (e.g. database with simple schema or use LDAP). There's also securityfilter
project which tries to mimic container manager security. I don't know if it's any use but the site contains some information and discussion about J2EE/JSP/Servlet security related stuff. I haven't written any plugins for JspWiki, i've just found it and i'm very happy! ;) --jjarkko
- I think the requirement is really for a Container manager adapter for 2.2 auth model. Someone would need to write it - any volunteers? --JanneJalkanen
- Look at Container Managed Security for a brief overview, and look at Auth Plugin for how I did it. I'll clean the code up and post it for you all to marvel at what a hack programmer I really am -- FosterSchucker
- I am also interessed in using JSPWiki with CMS but it does not seem to be consistenly implemented in all containers. Tomcat provides a principal if the user once is authenticated. JBoss only provides the principal for pages in the secured context. I found something about this problem here: http://weblogs.java.net/pub/wlg/726
-- MDeichsel
Default Access Rules#
Since the page for default access rules applies to all pages, how do you set the access rules for the default access rules page. I want it so only WikiAdmin users can change the default access rules but since my default access rules are,
[{ALLOW view Guest}] [{ALLOW edit NamedGuest}] [{DENY edit Guest}], anyone can edit the page and change them that is a NamedGuest. I do not know how to secure only the DefaultPermissions page. Someone on my wiki keeps changing the default permissions. I want to keep them set. Possible? --JPS
--Fixed in JSPWiki v2.1.104. Thanks alot. It works great. --JPS
Hide Edit This Page#
Is it possible to only show the Edit This Page etc when the user is a KnownPerson? - ShelbieThe following:
<wiki:UserCheck exists="true"> <wiki:EditLink page="LeftMenu">Edit This Menu</wiki:EditLink> </wiki:UserCheck>will do what you want. (this code snippit is found in LeftMenu.jsp in the template directory).
UserCheck also accepts "false", this lets you do:
<wiki:UserCheck exists="true"> <wiki:Translate>[<wiki:UserName />]</wiki:Translate> </wiki:UserCheck> <wiki:UserCheck exists="false"> Please set your name in the<br /> <wiki:LinkTo page="UserPreferences">UserPreferences</wiki:LinkTo> </wiki:UserCheck>(also from LeftMenu.jsp) -- Foster Schucker
I am sorry, but I have jspwiki version 2.2.28 under tomcat and this is not working for me. My current setup is completely open - anyone can view and edit any page. I would like to change it so that
- for most people and pages, it continues to work the same way and
- from some pages, view and edit access are restricted to certain logged in persons only.
My questions are:
- Do I need to make some changes to Tomcat itself or can this be accomplished in JSPWiki itself?
- I made the changes in jspwiki.properties and restarted it, but I don't see a login box anywhere. What other steps am I missing?
- UPDATE: I also tried creating a DefaultPermissions page, but that doesn't help either.
It would be nice if there were a page with exactly the steps to do in order to turn on authentication. Thanks. -- SriramGopalan
I followed the changes to the properties file and added a file with the users. Still does not work... allows anyone to edit...
So I guess we are having the problesm... anyone's help will be appreaciated -- Greg --
Old discussion: Requirements for JSPWiki Authentication
Category Development - to be moved to Documentation once auth* is ready.
<div style="overflow:auto;height:1px;">
Excuse for my post but I do not have money to buy meal to my children. Forgive me please.
http://hrentut.org/college/college-sex-for-books.html college sex for books
http://hrentut.org/job/federal-job-in-south-carolina.html federal job in south carolina
http://hrentut.org/college/college-sex-interracial.html college sex interracial
http://hrentut.org/jobs/wastewater-treatment-plant-operator-jobs.html wastewater treatment plant operator jobs
http://hrentut.org/college/college-sex-parties.html college sex parties
http://hrentut.org/dog/dog-bite-attorney.html dog bite attorney
http://hrentut.org/college/college-sex-photos.html college sex photos
http://hrentut.org/adult/free-adult-games-online.html free adult games online
http://hrentut.org/air/spirit-air.html spirit air
http://hrentut.org/dog/dog-generatot.html dog generatot
http://hrentut.org/auto/auto-wholesalers.html auto wholesalers
http://hrentut.org/college/olympia-college-in-il.html olympia college in il
http://hrentut.org/job/park-house-north-manchester-general-nhs-staff-nurse-job-description.html park house north manchester general nhs staff nurse job description
http://hrentut.org/college/college-shooting-statistics.html college shooting statistics
http://hrentut.org/sex/nude-lesbian-sex.html nude lesbian sex
http://hrentut.org/cheats/donkey-kong-country-cheats.html donkey kong country cheats
http://hrentut.org/car/car-care-council.html car care council
http://hrentut.org/car/nitro-remote-control-gas-car.html nitro remote control gas car
http://hrentut.org/dog/signs-of-dog-pregnancy.html signs of dog pregnancy
http://hrentut.org/estate/lyons-il-real-estate.html lyons il real estate
http://hrentut.org/college/college-site-money-adult-student.html college site money adult student
http://hrentut.org/music/new-music-lyric.html new music lyric
http://hrentut.org/college/agnes-scott-college-gaines-auditorium.html agnes scott college gaines auditorium
http://hrentut.org/college/college-sites.html college sites
http://hrentut.org/college/college-size.html college size
http://hrentut.org/college/college-slackers.html college slackers
http://hrentut.org/estate/real-estate-listings-las-vegas.html real estate listings las vegas
http://hrentut.org/car/mopar-race-car.html mopar race car
http://hrentut.org/girl/asian-girl-g-string.html asian girl g string
http://hrentut.org/furniture/accent-furniture-cabinet.html accent furniture cabinet
http://hrentut.org/football/stranraer-football-club.html stranraer football club
http://hrentut.org/home/mother-nature-home-remedies.html mother nature home remedies
http://hrentut.org/air/easter-air-forces.html easter air forces
http://hrentut.org/home/work-at-home-sewing-no-registration-fee.html work at home sewing no registration fee
http://hrentut.org/air/air-force-ones-wholesale.html air force ones wholesale
http://hrentut.org/girl/daddys-girl.html daddys girl
http://hrentut.org/music/sheet-music-too-much-dave-mrthews.html sheet music too much dave mrthews
http://hrentut.org/jobs/jobs-washington-dc.html jobs washington dc
http://hrentut.org/airline/japan-airline-cheapest-lowest-airfares.html japan airline cheapest lowest airfares
http://hrentut.org/college/college-softball-polls.html college softball polls
http://hrentut.org/dogs/hotels-that-excepts-small-dogs-in-middlesex-county--newjersey.html hotels that excepts small dogs in middlesex county newjersey
http://hrentut.org/dog/columbiana-dog-pound.html columbiana dog pound
http://hrentut.org/college/college-softball-spring-training-in-tuscon--arizona.html college softball spring training in tuscon arizona
http://hrentut.org/adult/free-thumbnail-links-adult-porn.html free thumbnail links adult porn
http://hrentut.org/music/shane-movie-music.html shane movie music
http://hrentut.org/home/contemporary-home-office.html contemporary home office
http://hrentut.org/gay/gay-pissing-videos.html gay pissing videos
http://hrentut.org/auto/auto-mechanic-history.html auto mechanic history
http://hrentut.org/college/which-college-did-maya-angelou-attend.html which college did maya angelou attend
http://hrentut.org/game/pornholio-game.html pornholio game
http://hrentut.org/dog/north-carolina-dog-training-house-bill.html north carolina dog training house bill
http://hrentut.org/college/college-sorority-girls.html college sorority girls
http://hrentut.org/air/quency-air-compresser.html quency air compresser
http://hrentut.org/games/anima-games.html anima games
http://hrentut.org/estate/elders-real-estate---dickson--a-c-t-.html elders real estate dickson a c t
http://hrentut.org/jobs/jobs-for-purchasing-assisstants.html jobs for purchasing assisstants
http://hrentut.org/college/arapahoe-community-college-littleton--co.html arapahoe community college littleton co
http://hrentut.org/estate/estate-agents-herts.html estate agents herts
http://hrentut.org/girl/words-to-girl-next-door.html words to girl next door
http://hrentut.org/car/car-stereo-speakers.html car stereo speakers
http://hrentut.org/airline/airline-power-adapter-for-macbookpro.html airline power adapter for macbookpro
http://hrentut.org/dog/shakey-dog--ghostface-.html shakey dog ghostface
http://hrentut.org/home/home-made-helicopters.html home made helicopters
http://hrentut.org/job/free-job-evaluation-forms.html free job evaluation forms
http://hrentut.org/air/kenmore-air-filters.html kenmore air filters
http://hrentut.org/college/college-sport-magazines.html college sport magazines
http://hrentut.org/girl/very-hairy-girl.html very hairy girl
http://hrentut.org/home/simple-science-experiments-at-home-edu.html simple science experiments at home edu
http://hrentut.org/college/college-sports-merchandise.html college sports merchandise
http://hrentut.org/music/who-invented-punk-music-.html who invented punk music
http://hrentut.org/hotels/shorncliffe--hotels.html shorncliffe hotels
http://hrentut.org/college/college-sports-recruiting.html college sports recruiting
http://hrentut.org/music/free-leonard-cohen-hallelujah-music.html free leonard cohen hallelujah music
http://hrentut.org/jobs/easy-jobs.html easy jobs
http://hrentut.org/car/dress-up-under-car-hood.html dress up under car hood
http://hrentut.org/music/ring-girl-competition-music.html ring girl competition music
http://hrentut.org/car/best-value-car-hire-auckland-zealand.html best value car hire auckland zealand
http://hrentut.org/music/villa-music-puerto-rico.html villa music puerto rico
http://hrentut.org/college/jefferson-community-college-ny.html jefferson community college ny
http://hrentut.org/car/car-rentalk.html car rentalk
http://hrentut.org/car/used-car-dealerships-in-mi.html used car dealerships in mi
http://hrentut.org/college/college-spring-break-trips.html college spring break trips
http://hrentut.org/college/macon-state-college.html macon state college
http://hrentut.org/home/100--home-financing.html 100 home financing
http://hrentut.org/college/college-springs-meta-tags.html college springs meta tags
http://hrentut.org/cheats/kids-book-cheats.html kids book cheats
http://hrentut.org/furniture/best-home-office-furniture-web-sites.html best home office furniture web sites
http://hrentut.org/sex/sex-yer.html sex yer
http://hrentut.org/music/sindhi-music-sindhi-songs.html sindhi music sindhi songs
http://hrentut.org/college/college-squares.html college squares
http://hrentut.org/car/smart-car-build.html smart car build
http://hrentut.org/college/college-stadium-capicity.html college stadium capicity
http://hrentut.org/car/car-loan-minnesota-title.html car loan minnesota title
http://hrentut.org/estate/colorado-springs-downtown-real-estate.html colorado springs downtown real estate
http://hrentut.org/air/d24tic-air-intake.html d24tic air intake
http://hrentut.org/adult/fun-adult-videos.html fun adult videos
http://hrentut.org/game/snail-mail-free-dowload-game.html snail mail free dowload game
http://hrentut.org/car/creative-car-audio.html creative car audio
http://hrentut.org/car/accessory-car-snooper-performance-product-snooper-r-snooper-sr5-nav-sat-snooper-snoopersrus-co-uk.html accessory car snooper performance product snooper r snooper sr5 nav sat snooper snoopersrus co uk
http://hrentut.org/girls/naked-anime-girls.html naked anime girls
http://hrentut.org/air/park-air-millennium-view-attachment.html park air millennium view attachment
http://hrentut.org/home/news-about-winners-home-sense.html news about winners home sense
http://hrentut.org/college/college-graduate-gift-ideas.html college graduate gift ideas
http://hrentut.org/sex/sex-in-suburbia-dvd.html sex in suburbia dvd
http://hrentut.org/music/dorian-music.html dorian music
http://hrentut.org/html/neopets-html-backround-codes.html neopets html backround codes
http://hrentut.org/auto/vinyl-auto-graphics.html vinyl auto graphics
http://hrentut.org/college/college-station-phone-book.html college station phone book
http://hrentut.org/dog/service-dog-patches.html service dog patches
http://hrentut.org/music/verizon-music-choice.html verizon music choice
http://hrentut.org/job/blonde-models-nude-hand-job-movies.html blonde models nude hand job movies
http://hrentut.org/games/free-free-free-all-free-games-online.html free free free all free games online
http://hrentut.org/college/college-station-texas.html college station texas
http://hrentut.org/auto/auto-body-shop.html auto body shop
http://hrentut.org/girl/car-exotic-girl.html car exotic girl
http://hrentut.org/college/college-station-zambia-mission-trip.html college station zambia mission trip
http://hrentut.org/jobs/texas-education-jobs.html texas education jobs
http://hrentut.org/estate/estate-beneficiary-rights.html estate beneficiary rights
http://hrentut.org/college/fanshawe-college.html fanshawe college
http://hrentut.org/games/elizabethan-games-and-entertainment.html elizabethan games and entertainment
http://hrentut.org/estate/lovettsville-virginia-real-estate.html lovettsville virginia real estate
http://hrentut.org/html/http---frontwindow-onychic-be-doubledoor-html.html http frontwindow onychic be doubledoor html
http://hrentut.org/air/air-brake-p-arts.html air brake p arts
http://hrentut.org/games/mortal-kombat-games-online.html mortal kombat games online
http://hrentut.org/college/college-stories-wild-sex.html college stories wild sex
http://hrentut.org/job/summer-job-opportunities-maryland.html summer job opportunities maryland
http://hrentut.org/car/sirius-stc2-car-kit.html sirius stc2 car kit
http://hrentut.org/job/bank-manager-job-description.html bank manager job description
http://hrentut.org/games/children-pc-video-games-made-for-19901999.html children pc video games made for 19901999
http://hrentut.org/college/college-strength-conditioning-coach.html college strength conditioning coach
http://hrentut.org/estate/crystal-river-real-estate.html crystal river real estate
http://hrentut.org/air/does-air-have-to-have-mass.html does air have to have mass
http://hrentut.org/estate/brower-real-estate.html brower real estate
http://hrentut.org/furniture/hand-carved-furniture--mizner-style.html hand carved furniture mizner style
http://hrentut.org/home/refinance-mortgage-calculator-home-purchase-prequalify-southfloridalenders-net.html refinance mortgage calculator home purchase prequalify southfloridalenders net
http://hrentut.org/dogs/graphic-clipart-of-cats-and-dogs.html graphic clipart of cats and dogs
http://hrentut.org/car/honda-car-club--aberdeen.html honda car club aberdeen
http://hrentut.org/hotels/eindhoven-hotels.html eindhoven hotels
http://hrentut.org/jobs/derby-jobs.html derby jobs
http://hrentut.org/college/middlesex-county-college-spring-2006-phi-theta-kappa-diane-wesnowsky.html middlesex county college spring 2006 phi theta kappa diane wesnowsky
http://hrentut.org/sex/marriage------men-lose-interest--andnot-sex.html marriage men lose interest andnot sex
http://hrentut.org/music/online-music-subscription.html online music subscription
http://hrentut.org/cheats/old-money-cheats-for-roller-coaster-tycoon.html old money cheats for roller coaster tycoon
http://hrentut.org/music/final-fantasy-opera-music-lyric.html final fantasy opera music lyric
http://hrentut.org/home/home-depot-financial-report.html home depot financial report
http://hrentut.org/air/all-inclusive-discount-resort-and-air.html all inclusive discount resort and air
http://hrentut.org/dog/real-bacon-dog-treats.html real bacon dog treats
http://hrentut.org/estate/commercial-real-estate-washington-state.html commercial real estate washington state
http://hrentut.org/hotels/st-louis-hotels-downtown.html st louis hotels downtown
http://hrentut.org/air/burke-v--air-france.html burke v air france
</div>