I had a hard time getting authentication & authorization to work in  JSPWiki v2.1.134-alpha using FileAuthenticator and PageAuthorizer.  I wanted to deny all access to the wiki except for authenticated users.

;:''The 2.1 branch authentication/authorization system is broken and should not be used.  Please use the following system to secure your wiki and wait for the new auth system coming in place later on... --JanneJalkanen''

I used the authentication built into tomcat. Setup $TOMCAT_HOME/conf/tomcat-users.xml like this:1

{{{
<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
  <role rolename="wikiuser"/>
  <role rolename="tomcat"/>
  <role rolename="admin"/>
  <user username="JacobMartinson" password="password" roles="wikiuser"/>
  <user username="ElJefe" password="password" roles="wikiuser"/>
</tomcat-users>
}}}

and then $TOMCAT_HOME/webapps/jspwiki/WEB-INF/web.xml like this:

{{{
   <security-constraint>
       <web-resource-collection>
           <web-resource-name>Protected Area</web-resource-name>
           <url-pattern>/*</url-pattern>
           <http-method>DELETE</http-method>
           <http-method>GET</http-method>
           <http-method>POST</http-method>
           <http-method>HEAD</http-method>
           <http-method>PUT</http-method>
       </web-resource-collection>
       <auth-constraint>
           <role-name>wikiuser</role-name>
       </auth-constraint>
   </security-constraint>

   <login-config>
      <auth-method>BASIC</auth-method>
      <realm-name>JSPWiki Editor</realm-name>
   </login-config>
}}}

Restart tomcat and it worked the first time.  This requires you to authenticate with basic http auth in order to view or edit any page.

-jacob (martinson.jacob at gmail.com

----
__JSPWiki authentication with 2.1.144-alpha__ (works great over here) -- PascalWillemsen 2005-05-27

This gives view access to everybody and edit access to logged in users.

Create passwords.txt in WEB-INF:

{{{
# The format is simply username = password
# No encryption is used currently.
# Comments are allowed; prepend with hash.
Pascal = TopSecret
}}}

Turn on JSPWiki authentication an tell JSPWiki where passwords.txt is in jspwiki.properties:
{{{
jspwiki.authorizer = PageAuthorizer
jspwiki.authenticator = FileAuthenticator
jspwiki.fileAuthenticator.fileName = <path-to-JSPWiki>/WEB-INF/passwords.txt
jspwiki.policy.strictLogins = true
}}}

Edit JSPWiki/templates/default/LeftMenu.jsp:
{{{
...
</wiki:NoSuchPage>

<wiki:Include page="LoginBox.jsp" />

<!-- End of automatically generated page -->
}}}

Edit JSPWiki/templates/default/LoginBox.jsp:
{{{
<%@ taglib uri="/WEB-INF/jspwiki.tld" prefix="wiki" %>

<%-- Provides a small login/logout form to include in a side bar. --%>

<div class="loginbox">
  <hr />
  <wiki:UserCheck status="unvalidated">
    <form action="<wiki:Variable var="baseURL"/>Login.jsp" accept-charset="UTF-8" method="post" >
      <b>Login</b><br />
      <input type="hidden" name="page" value="<wiki:Variable var="pagename"/>" />
      Username: <input type="text" name="uid" size="8" />
      <br />
      Password:  <input type="password" name="passwd" size="8" />
      <br />
      <input type="submit" name="action" value="login" />
    </form>
  </wiki:UserCheck>
  <wiki:UserCheck status="validated">
    <form action="<wiki:Variable var="baseURL"/>Login.jsp" accept-charset="UTF-8">
    <p>
      <input type="hidden" name="page" value="<wiki:Variable var="pagename"/>" />
      <input type="submit" name="action" value="logout" />
    </p>
    </form>
    <hr />
  </wiki:UserCheck>
</div>
}}}

Put this in DefaultPermissions.txt:
{{{
[{SET defaultpermissions='ALLOW view Guest;ALLOW edit KnownPerson;DENY edit Guest'}]
}}}

Create a KnownPerson.txt defining the members of group KnownPerson (separate multiple usernames with a comma and a space):
{{{
[{SET members='Pascal'}]
}}}

Restart Tomcat.

----
I have followed all the steps above and I'm redirect to the Loginbox.jsp. As a Guest user i should see the main page and I would have to log in just to edit any page. Am i right? Is anything wrong?


----

Does this work with 2.2.33?

--TM, 26-Feb-2006