%%(font-size: small; color:#3c90ee;)
(this is the beginning of some documentation on how to configure
authentication features using JSPWiki with Tomcat, courtesy of
Andrew Jaquith.)
%%

Tomcat's tomcat-users.xml file allows you to specify the roles that  
any user possesses. For example:
{{{
  <?xml version='1.0' encoding='utf-8'?>
  <tomcat-users>
     <role rolename="user"/>
     <role rolename="tomcat"/>
     <role rolename="role1"/>
     <user username="tomcat" password="tomcat" roles="user,tomcat"/>
     <user username="role1" password="tomcat" roles="role1"/>
     <user username="both" password="tomcat" roles="tomcat,role1"/>
  </tomcat-users>
}}}

"role" elements do exactly what you might imagine; you map these  
to users in each {{<user>}} elements' "roles" attribute. So for example, 
user "tomcat" is a member of role  "user" and role "tomcat"; user "both" is 
a member of role "tomcat" and also of "role1".

I don't recommend that you use the tomcat-users.xml authentication  
scheme for anything other than testing. For a production deployment,  
you should really be using something else, like database or LDAP  
authentication. Tomcat has good support for these authentication  
methods; see the documentation:

  [http://jakarta.apache.org/tomcat/tomcat-5.5-doc/realm-howto.html]\\
  [http://jakarta.apache.org/tomcat/tomcat-5.5-doc/config/realm.html]

If you don't want to use Tomcat's authentication scheme, you can use  
JSPWiki's own custom authentication. Configuration is fairly simple,  
but (per the previous thread) you need to adjust one configuration  
property in jspwiki.properties.
{{{
  jspwiki.useContainerAuth    = false
}}}
As I mentioned to John, I'm going to patch the code slightly to  
eliminate the need to configure this property.

One more thing to be aware of.... in JSPWiki, the concept of "group"  
is different from "role." Roles are things that are controlled either  
by JSPWiki or by your web application container (e.g., Tomcat). They  
are defined and managed by the system administrator, in most cases.

Groups, (or more properly, "wiki groups") are ad hoc collections of  
users that they can define themselves. That makes it easy to  
collaborate securely because users don't need an administrator to set  
them up. Groups are not controlled by the container, and are not  
"configured" per se. They can be created by embedding special markup  
in a wiki page by hand. But the easiest way is simply to open the  
~NewGroup.jsp page, which will do all of this for you. If you're  
logged in to the wiki, you should see a "create new group" link that  
takes you to the ~NewGroup.jsp page.

----
!! Discussion

At least as of v2.6 this page seems to be deprecated. Please mark to which versions these information correspond. --[FlorianHoleczek]

----

See more on [JSPWikiAuthentication].