(this is the beginning of some documentation on how to configure authentication features using JSPWiki with Tomcat, courtesy of Andrew Jaquith.)

Tomcat's tomcat-users.xml file allows you to specify the roles that any user possesses. For example:

  <?xml version='1.0' encoding='utf-8'?>
     <role rolename="user"/>
     <role rolename="tomcat"/>
     <role rolename="role1"/>
     <user username="tomcat" password="tomcat" roles="user,tomcat"/>
     <user username="role1" password="tomcat" roles="role1"/>
     <user username="both" password="tomcat" roles="tomcat,role1"/>

"role" elements do exactly what you might imagine; you map these to users in each <user> elements' "roles" attribute. So for example, user "tomcat" is a member of role "user" and role "tomcat"; user "both" is a member of role "tomcat" and also of "role1".

I don't recommend that you use the tomcat-users.xml authentication scheme for anything other than testing. For a production deployment, you should really be using something else, like database or LDAP authentication. Tomcat has good support for these authentication methods; see the documentation:


If you don't want to use Tomcat's authentication scheme, you can use JSPWiki's own custom authentication. Configuration is fairly simple, but (per the previous thread) you need to adjust one configuration property in jspwiki.properties.

  jspwiki.useContainerAuth    = false
As I mentioned to John, I'm going to patch the code slightly to eliminate the need to configure this property.

One more thing to be aware of.... in JSPWiki, the concept of "group" is different from "role." Roles are things that are controlled either by JSPWiki or by your web application container (e.g., Tomcat). They are defined and managed by the system administrator, in most cases.

Groups, (or more properly, "wiki groups") are ad hoc collections of users that they can define themselves. That makes it easy to collaborate securely because users don't need an administrator to set them up. Groups are not controlled by the container, and are not "configured" per se. They can be created by embedding special markup in a wiki page by hand. But the easiest way is simply to open the NewGroup.jsp page, which will do all of this for you. If you're logged in to the wiki, you should see a "create new group" link that takes you to the NewGroup.jsp page.


At least as of v2.6 this page seems to be deprecated. Please mark to which versions these information correspond. --FlorianHoleczek

See more on JSPWikiAuthentication.

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-6) was last changed on 12-Jan-2008 12:56 by FlorianHoleczek