I had a hard time getting authentication & authorization to work in JSPWiki v2.1.134-alpha using FileAuthenticator and PageAuthorizer. I wanted to deny all access to the wiki except for authenticated users.

The 2.1 branch authentication/authorization system is broken and should not be used. Please use the following system to secure your wiki and wait for the new auth system coming in place later on... --JanneJalkanen

I used the authentication built into tomcat. Setup $TOMCAT_HOME/conf/tomcat-users.xml like this:1

<?xml version='1.0' encoding='utf-8'?>
  <role rolename="wikiuser"/>
  <role rolename="tomcat"/>
  <role rolename="admin"/>
  <user username="JacobMartinson" password="password" roles="wikiuser"/>
  <user username="ElJefe" password="password" roles="wikiuser"/>

and then $TOMCAT_HOME/webapps/jspwiki/WEB-INF/web.xml like this:

           <web-resource-name>Protected Area</web-resource-name>

      <realm-name>JSPWiki Editor</realm-name>

Restart tomcat and it worked the first time. This requires you to authenticate with basic http auth in order to view or edit any page.

-jacob (martinson.jacob at gmail.com

JSPWiki authentication with 2.1.144-alpha (works great over here) -- PascalWillemsen 2005-05-27

This gives view access to everybody and edit access to logged in users.

Create passwords.txt in WEB-INF:

# The format is simply username = password
# No encryption is used currently.
# Comments are allowed; prepend with hash.
Pascal = TopSecret

Turn on JSPWiki authentication an tell JSPWiki where passwords.txt is in jspwiki.properties:

jspwiki.authorizer = PageAuthorizer
jspwiki.authenticator = FileAuthenticator
jspwiki.fileAuthenticator.fileName = <path-to-JSPWiki>/WEB-INF/passwords.txt
jspwiki.policy.strictLogins = true

Edit JSPWiki/templates/default/LeftMenu.jsp:


<wiki:Include page="LoginBox.jsp" />

<!-- End of automatically generated page -->

Edit JSPWiki/templates/default/LoginBox.jsp:

<%@ taglib uri="/WEB-INF/jspwiki.tld" prefix="wiki" %>

<%-- Provides a small login/logout form to include in a side bar. --%>

<div class="loginbox">
  <hr />
  <wiki:UserCheck status="unvalidated">
    <form action="<wiki:Variable var="baseURL"/>Login.jsp" accept-charset="UTF-8" method="post" >
      <b>Login</b><br />
      <input type="hidden" name="page" value="<wiki:Variable var="pagename"/>" />
      Username: <input type="text" name="uid" size="8" />
      <br />
      Password:  <input type="password" name="passwd" size="8" />
      <br />
      <input type="submit" name="action" value="login" />
  <wiki:UserCheck status="validated">
    <form action="<wiki:Variable var="baseURL"/>Login.jsp" accept-charset="UTF-8">
      <input type="hidden" name="page" value="<wiki:Variable var="pagename"/>" />
      <input type="submit" name="action" value="logout" />
    <hr />

Put this in DefaultPermissions.txt:

[{SET defaultpermissions='ALLOW view Guest;ALLOW edit KnownPerson;DENY edit Guest'}]

Create a KnownPerson.txt defining the members of group KnownPerson (separate multiple usernames with a comma and a space):

[{SET members='Pascal'}]

Restart Tomcat.

I have followed all the steps above and I'm redirect to the Loginbox.jsp. As a Guest user i should see the main page and I would have to log in just to edit any page. Am i right? Is anything wrong?

Does this work with 2.2.33?

--TM, 26-Feb-2006

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-18) was last changed on 20-Nov-2010 04:19 by