You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@jspwiki.apache.org by Jason Morris <ja...@sydney.edu.au> on 2016/02/01 01:25:04 UTC
RE: FEATURE REQUEST: Restricting pages to users in certain roles
Hi All,
I'd like to request a feature to restrict page access/edit to users in certain roles.
Does anyone know if this already possible in JSPWiki?
Cheers,
Jason
Jason C. Morris | PhD Candidate
Department of Environmental Sciences | Faculty of Agriculture and Environment
THE UNIVERSITY OF SYDNEY, NSW, 2006
phone: +61 02 8627 1152
RE: FEATURE REQUEST: Restricting pages to users in certain roles
Posted by Jason Morris <ja...@sydney.edu.au>.
I think this is what I've been after. Thanks Juan.
Another case of RTFM ;-)
-----Original Message-----
From: Juan Pablo Santos Rodríguez [mailto:juanpablo.santos@gmail.com]
Sent: Tuesday, 2 February 2016 6:04 AM
To: user@jspwiki.apache.org
Subject: Re: FEATURE REQUEST: Restricting pages to users in certain roles
Hi,
you could check [#1] to see how to set up access control for individual wiki pages (ACLs markup) or system-wide security settings (security policy).
regarding glassfish, it shouldn't be necessary to perform any special task, unless you're providing container-based authentication. In that case, [#2] contains an example on how to do it using GF 3 and JSPWiki 2.8.3, setting it up with GF4 + JSPWiki 2.10 shouldn't be too much different..
HTH,
juan pablo
[#1]: https://jspwiki-wiki.apache.org/Wiki.jsp?page=Wiki.Admin.Security
[#2]:
http://blog.davekoelmeyer.co.nz/2012/01/28/container-based-authentication-with-jspwiki-glassfish-and-opendj/
On Mon, Feb 1, 2016 at 1:18 PM, Col Willis <co...@gmail.com> wrote:
> Sorry not touched Glassfish
>
> On 1 February 2016 at 11:40, Jason Morris <ja...@sydney.edu.au>
> wrote:
>
> > Thanks, Col!
> > The other tricky bit (which I should have stipulated) is that I’m
> > currently running JSPWiki on Glassfish 4.0.
> > Do you have a mod for impl this on Glassfish?
> > Cheers,
> > Jason
> >
> > Jason C. Morris | PhD Candidate
> > Department of Environmental Sciences | Faculty of Agriculture and
> > Environment THE UNIVERSITY OF SYDNEY, NSW, 2006
> > phone: +61 02 8627 1152
> >
> >
> > From: Col Willis [mailto:col.willis@gmail.com]
> > Sent: Monday, 1 February 2016 7:01 PM
> > To: user@jspwiki.apache.org
> > Cc: dev@jspwiki.apache.org
> > Subject: Re: FEATURE REQUEST: Restricting pages to users in certain
> > roles
> >
> > I have got this working, it took some time but I hope the below helps:
> >
> > I have got this working on my Apache Tomcat JSP Wiki Deployment:
> >
> >
> > Tomcat Users Conf File:
> > <role rolename="Admin"/>
> > <role rolename="Authenticated"/>
> > <role rolename="Trusted"/>
> >
> > <user username="col" password="SomePa55word" roles="Admin"/>
> >
> > ----------------------------------
> >
> > On your Wiki Pages....
> >
> > For Group Level Restrictions:
> > [{ALLOW comment Authenticated}]
> > [{ALLOW modify Admin}]
> >
> > For User Level Restriction:
> > [{ALLOW view col}]
> > [{ALLOW modify col}]
> >
> > -------------------------------------
> >
> > Now for the tricky bit, in JSPWiki-WAR Code:
> >
> > jspwiki.policy File:
> > (Attached)
> >
> > -------------------
> >
> > At the end of the web.xml:
> > ...
> >
> > <security-constraint>
> > <web-resource-collection>
> > <web-resource-name>Administrative Area</web-resource-name>
> > <url-pattern>/Wiki.jsp</url-pattern>
> > <url-pattern>/Delete.jsp</url-pattern>
> > <url-pattern>/Edit.jsp</url-pattern>
> > <url-pattern>/Comment.jsp</url-pattern>
> > <url-pattern>/Login.jsp</url-pattern>
> > <url-pattern>/NewGroup.jsp</url-pattern>
> > <url-pattern>/Rename.jsp</url-pattern>
> > <url-pattern>/Upload.jsp</url-pattern>
> > <url-pattern>/attach</url-pattern>
> > <http-method>DELETE</http-method>
> > <http-method>GET</http-method>
> > <http-method>HEAD</http-method>
> > <http-method>POST</http-method>
> > <http-method>PUT</http-method>
> > </web-resource-collection>
> > <auth-constraint>
> > <role-name>Admin</role-name>
> > </auth-constraint>
> > <user-data-constraint>
> > <transport-guarantee>CONFIDENTIAL</transport-guarantee>
> > </user-data-constraint>
> > </security-constraint>
> >
> > <security-constraint>
> > <web-resource-collection>
> > <web-resource-name>Trusted Area</web-resource-name>
> > <url-pattern>/Wiki.jsp</url-pattern>
> > <url-pattern>/Edit.jsp</url-pattern>
> > <url-pattern>/Comment.jsp</url-pattern>
> > <url-pattern>/Login.jsp</url-pattern>
> > <url-pattern>/Rename.jsp</url-pattern>
> > <url-pattern>/Upload.jsp</url-pattern>
> > <url-pattern>/attach</url-pattern>
> > <http-method>GET</http-method>
> > <http-method>HEAD</http-method>
> > <http-method>POST</http-method>
> > <http-method>PUT</http-method>
> > </web-resource-collection>
> > <auth-constraint>
> > <role-name>Trusted</role-name>
> > </auth-constraint>
> > <user-data-constraint>
> > <transport-guarantee>CONFIDENTIAL</transport-guarantee>
> > </user-data-constraint>
> > </security-constraint>
> >
> > <security-constraint>
> > <web-resource-collection>
> > <web-resource-name>Authenticated area</web-resource-name>
> > <url-pattern>/Wiki.jsp</url-pattern>
> > <url-pattern>/Comment.jsp</url-pattern>
> > <url-pattern>/Login.jsp</url-pattern>
> > <http-method>DELETE</http-method>
> > <http-method>GET</http-method>
> > <http-method>HEAD</http-method>
> > <http-method>POST</http-method>
> > <http-method>PUT</http-method>
> > </web-resource-collection>
> >
> > <auth-constraint>
> > <role-name>Authenticated</role-name>
> > </auth-constraint>
> >
> > <user-data-constraint>
> > <transport-guarantee>CONFIDENTIAL</transport-guarantee>
> > </user-data-constraint>
> > </security-constraint>
> >
> > <login-config>
> > <auth-method>FORM</auth-method>
> > <form-login-config>
> > <form-login-page>/LoginForm.jsp</form-login-page>
> > <form-error-page>/LoginForm.jsp</form-error-page>
> > </form-login-config>
> > </login-config>
> >
> > <security-role>
> > <description>
> > This logical role includes all Admin usersit
> > </description>
> > <role-name>Admin</role-name>
> > </security-role>
> > <security-role>
> > <description>
> > This logical role includes all Trusted users
> > </description>
> > <role-name>Trusted</role-name>
> > </security-role>
> > <security-role>
> > <description>
> > This logical role includes all Authenticated users
> > </description>
> > <role-name>Authenticated</role-name>
> > </security-role>
> >
> > </web-app>
> >
> > ---------------------------
> > There may have been other settings but I can not see these at the moment.
> >
> > Hope this helps
> >
> >
> > On 1 February 2016 at 00:25, Jason Morris
> > <jason.morris@sydney.edu.au <ma...@sydney.edu.au>> wrote:
> > Hi All,
> > I'd like to request a feature to restrict page access/edit to users
> > in certain roles.
> > Does anyone know if this already possible in JSPWiki?
> > Cheers,
> > Jason
> >
> >
> > Jason C. Morris | PhD Candidate
> > Department of Environmental Sciences | Faculty of Agriculture and
> > Environment THE UNIVERSITY OF SYDNEY, NSW, 2006
> > phone: +61 02 8627 1152<tel:%2B61%2002%208627%201152>
> >
> >
> >
> > --
> > Col W
> >
>
>
>
> --
> Col W
>
Re: FEATURE REQUEST: Restricting pages to users in certain roles
Posted by Juan Pablo Santos Rodríguez <ju...@gmail.com>.
Hi,
you could check [#1] to see how to set up access control for individual
wiki pages (ACLs markup) or system-wide security settings (security policy).
regarding glassfish, it shouldn't be necessary to perform any special task,
unless you're providing container-based authentication. In that case, [#2]
contains an example on how to do it using GF 3 and JSPWiki 2.8.3, setting
it up with GF4 + JSPWiki 2.10 shouldn't be too much different..
HTH,
juan pablo
[#1]: https://jspwiki-wiki.apache.org/Wiki.jsp?page=Wiki.Admin.Security
[#2]:
http://blog.davekoelmeyer.co.nz/2012/01/28/container-based-authentication-with-jspwiki-glassfish-and-opendj/
On Mon, Feb 1, 2016 at 1:18 PM, Col Willis <co...@gmail.com> wrote:
> Sorry not touched Glassfish
>
> On 1 February 2016 at 11:40, Jason Morris <ja...@sydney.edu.au>
> wrote:
>
> > Thanks, Col!
> > The other tricky bit (which I should have stipulated) is that I’m
> > currently running JSPWiki on Glassfish 4.0.
> > Do you have a mod for impl this on Glassfish?
> > Cheers,
> > Jason
> >
> > Jason C. Morris | PhD Candidate
> > Department of Environmental Sciences | Faculty of Agriculture and
> > Environment
> > THE UNIVERSITY OF SYDNEY, NSW, 2006
> > phone: +61 02 8627 1152
> >
> >
> > From: Col Willis [mailto:col.willis@gmail.com]
> > Sent: Monday, 1 February 2016 7:01 PM
> > To: user@jspwiki.apache.org
> > Cc: dev@jspwiki.apache.org
> > Subject: Re: FEATURE REQUEST: Restricting pages to users in certain roles
> >
> > I have got this working, it took some time but I hope the below helps:
> >
> > I have got this working on my Apache Tomcat JSP Wiki Deployment:
> >
> >
> > Tomcat Users Conf File:
> > <role rolename="Admin"/>
> > <role rolename="Authenticated"/>
> > <role rolename="Trusted"/>
> >
> > <user username="col" password="SomePa55word" roles="Admin"/>
> >
> > ----------------------------------
> >
> > On your Wiki Pages....
> >
> > For Group Level Restrictions:
> > [{ALLOW comment Authenticated}]
> > [{ALLOW modify Admin}]
> >
> > For User Level Restriction:
> > [{ALLOW view col}]
> > [{ALLOW modify col}]
> >
> > -------------------------------------
> >
> > Now for the tricky bit, in JSPWiki-WAR Code:
> >
> > jspwiki.policy File:
> > (Attached)
> >
> > -------------------
> >
> > At the end of the web.xml:
> > ...
> >
> > <security-constraint>
> > <web-resource-collection>
> > <web-resource-name>Administrative Area</web-resource-name>
> > <url-pattern>/Wiki.jsp</url-pattern>
> > <url-pattern>/Delete.jsp</url-pattern>
> > <url-pattern>/Edit.jsp</url-pattern>
> > <url-pattern>/Comment.jsp</url-pattern>
> > <url-pattern>/Login.jsp</url-pattern>
> > <url-pattern>/NewGroup.jsp</url-pattern>
> > <url-pattern>/Rename.jsp</url-pattern>
> > <url-pattern>/Upload.jsp</url-pattern>
> > <url-pattern>/attach</url-pattern>
> > <http-method>DELETE</http-method>
> > <http-method>GET</http-method>
> > <http-method>HEAD</http-method>
> > <http-method>POST</http-method>
> > <http-method>PUT</http-method>
> > </web-resource-collection>
> > <auth-constraint>
> > <role-name>Admin</role-name>
> > </auth-constraint>
> > <user-data-constraint>
> > <transport-guarantee>CONFIDENTIAL</transport-guarantee>
> > </user-data-constraint>
> > </security-constraint>
> >
> > <security-constraint>
> > <web-resource-collection>
> > <web-resource-name>Trusted Area</web-resource-name>
> > <url-pattern>/Wiki.jsp</url-pattern>
> > <url-pattern>/Edit.jsp</url-pattern>
> > <url-pattern>/Comment.jsp</url-pattern>
> > <url-pattern>/Login.jsp</url-pattern>
> > <url-pattern>/Rename.jsp</url-pattern>
> > <url-pattern>/Upload.jsp</url-pattern>
> > <url-pattern>/attach</url-pattern>
> > <http-method>GET</http-method>
> > <http-method>HEAD</http-method>
> > <http-method>POST</http-method>
> > <http-method>PUT</http-method>
> > </web-resource-collection>
> > <auth-constraint>
> > <role-name>Trusted</role-name>
> > </auth-constraint>
> > <user-data-constraint>
> > <transport-guarantee>CONFIDENTIAL</transport-guarantee>
> > </user-data-constraint>
> > </security-constraint>
> >
> > <security-constraint>
> > <web-resource-collection>
> > <web-resource-name>Authenticated area</web-resource-name>
> > <url-pattern>/Wiki.jsp</url-pattern>
> > <url-pattern>/Comment.jsp</url-pattern>
> > <url-pattern>/Login.jsp</url-pattern>
> > <http-method>DELETE</http-method>
> > <http-method>GET</http-method>
> > <http-method>HEAD</http-method>
> > <http-method>POST</http-method>
> > <http-method>PUT</http-method>
> > </web-resource-collection>
> >
> > <auth-constraint>
> > <role-name>Authenticated</role-name>
> > </auth-constraint>
> >
> > <user-data-constraint>
> > <transport-guarantee>CONFIDENTIAL</transport-guarantee>
> > </user-data-constraint>
> > </security-constraint>
> >
> > <login-config>
> > <auth-method>FORM</auth-method>
> > <form-login-config>
> > <form-login-page>/LoginForm.jsp</form-login-page>
> > <form-error-page>/LoginForm.jsp</form-error-page>
> > </form-login-config>
> > </login-config>
> >
> > <security-role>
> > <description>
> > This logical role includes all Admin usersit
> > </description>
> > <role-name>Admin</role-name>
> > </security-role>
> > <security-role>
> > <description>
> > This logical role includes all Trusted users
> > </description>
> > <role-name>Trusted</role-name>
> > </security-role>
> > <security-role>
> > <description>
> > This logical role includes all Authenticated users
> > </description>
> > <role-name>Authenticated</role-name>
> > </security-role>
> >
> > </web-app>
> >
> > ---------------------------
> > There may have been other settings but I can not see these at the moment.
> >
> > Hope this helps
> >
> >
> > On 1 February 2016 at 00:25, Jason Morris <jason.morris@sydney.edu.au
> > <ma...@sydney.edu.au>> wrote:
> > Hi All,
> > I'd like to request a feature to restrict page access/edit to users in
> > certain roles.
> > Does anyone know if this already possible in JSPWiki?
> > Cheers,
> > Jason
> >
> >
> > Jason C. Morris | PhD Candidate
> > Department of Environmental Sciences | Faculty of Agriculture and
> > Environment
> > THE UNIVERSITY OF SYDNEY, NSW, 2006
> > phone: +61 02 8627 1152<tel:%2B61%2002%208627%201152>
> >
> >
> >
> > --
> > Col W
> >
>
>
>
> --
> Col W
>
Re: FEATURE REQUEST: Restricting pages to users in certain roles
Posted by Col Willis <co...@gmail.com>.
Sorry not touched Glassfish
On 1 February 2016 at 11:40, Jason Morris <ja...@sydney.edu.au>
wrote:
> Thanks, Col!
> The other tricky bit (which I should have stipulated) is that I’m
> currently running JSPWiki on Glassfish 4.0.
> Do you have a mod for impl this on Glassfish?
> Cheers,
> Jason
>
> Jason C. Morris | PhD Candidate
> Department of Environmental Sciences | Faculty of Agriculture and
> Environment
> THE UNIVERSITY OF SYDNEY, NSW, 2006
> phone: +61 02 8627 1152
>
>
> From: Col Willis [mailto:col.willis@gmail.com]
> Sent: Monday, 1 February 2016 7:01 PM
> To: user@jspwiki.apache.org
> Cc: dev@jspwiki.apache.org
> Subject: Re: FEATURE REQUEST: Restricting pages to users in certain roles
>
> I have got this working, it took some time but I hope the below helps:
>
> I have got this working on my Apache Tomcat JSP Wiki Deployment:
>
>
> Tomcat Users Conf File:
> <role rolename="Admin"/>
> <role rolename="Authenticated"/>
> <role rolename="Trusted"/>
>
> <user username="col" password="SomePa55word" roles="Admin"/>
>
> ----------------------------------
>
> On your Wiki Pages....
>
> For Group Level Restrictions:
> [{ALLOW comment Authenticated}]
> [{ALLOW modify Admin}]
>
> For User Level Restriction:
> [{ALLOW view col}]
> [{ALLOW modify col}]
>
> -------------------------------------
>
> Now for the tricky bit, in JSPWiki-WAR Code:
>
> jspwiki.policy File:
> (Attached)
>
> -------------------
>
> At the end of the web.xml:
> ...
>
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>Administrative Area</web-resource-name>
> <url-pattern>/Wiki.jsp</url-pattern>
> <url-pattern>/Delete.jsp</url-pattern>
> <url-pattern>/Edit.jsp</url-pattern>
> <url-pattern>/Comment.jsp</url-pattern>
> <url-pattern>/Login.jsp</url-pattern>
> <url-pattern>/NewGroup.jsp</url-pattern>
> <url-pattern>/Rename.jsp</url-pattern>
> <url-pattern>/Upload.jsp</url-pattern>
> <url-pattern>/attach</url-pattern>
> <http-method>DELETE</http-method>
> <http-method>GET</http-method>
> <http-method>HEAD</http-method>
> <http-method>POST</http-method>
> <http-method>PUT</http-method>
> </web-resource-collection>
> <auth-constraint>
> <role-name>Admin</role-name>
> </auth-constraint>
> <user-data-constraint>
> <transport-guarantee>CONFIDENTIAL</transport-guarantee>
> </user-data-constraint>
> </security-constraint>
>
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>Trusted Area</web-resource-name>
> <url-pattern>/Wiki.jsp</url-pattern>
> <url-pattern>/Edit.jsp</url-pattern>
> <url-pattern>/Comment.jsp</url-pattern>
> <url-pattern>/Login.jsp</url-pattern>
> <url-pattern>/Rename.jsp</url-pattern>
> <url-pattern>/Upload.jsp</url-pattern>
> <url-pattern>/attach</url-pattern>
> <http-method>GET</http-method>
> <http-method>HEAD</http-method>
> <http-method>POST</http-method>
> <http-method>PUT</http-method>
> </web-resource-collection>
> <auth-constraint>
> <role-name>Trusted</role-name>
> </auth-constraint>
> <user-data-constraint>
> <transport-guarantee>CONFIDENTIAL</transport-guarantee>
> </user-data-constraint>
> </security-constraint>
>
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>Authenticated area</web-resource-name>
> <url-pattern>/Wiki.jsp</url-pattern>
> <url-pattern>/Comment.jsp</url-pattern>
> <url-pattern>/Login.jsp</url-pattern>
> <http-method>DELETE</http-method>
> <http-method>GET</http-method>
> <http-method>HEAD</http-method>
> <http-method>POST</http-method>
> <http-method>PUT</http-method>
> </web-resource-collection>
>
> <auth-constraint>
> <role-name>Authenticated</role-name>
> </auth-constraint>
>
> <user-data-constraint>
> <transport-guarantee>CONFIDENTIAL</transport-guarantee>
> </user-data-constraint>
> </security-constraint>
>
> <login-config>
> <auth-method>FORM</auth-method>
> <form-login-config>
> <form-login-page>/LoginForm.jsp</form-login-page>
> <form-error-page>/LoginForm.jsp</form-error-page>
> </form-login-config>
> </login-config>
>
> <security-role>
> <description>
> This logical role includes all Admin usersit
> </description>
> <role-name>Admin</role-name>
> </security-role>
> <security-role>
> <description>
> This logical role includes all Trusted users
> </description>
> <role-name>Trusted</role-name>
> </security-role>
> <security-role>
> <description>
> This logical role includes all Authenticated users
> </description>
> <role-name>Authenticated</role-name>
> </security-role>
>
> </web-app>
>
> ---------------------------
> There may have been other settings but I can not see these at the moment.
>
> Hope this helps
>
>
> On 1 February 2016 at 00:25, Jason Morris <jason.morris@sydney.edu.au
> <ma...@sydney.edu.au>> wrote:
> Hi All,
> I'd like to request a feature to restrict page access/edit to users in
> certain roles.
> Does anyone know if this already possible in JSPWiki?
> Cheers,
> Jason
>
>
> Jason C. Morris | PhD Candidate
> Department of Environmental Sciences | Faculty of Agriculture and
> Environment
> THE UNIVERSITY OF SYDNEY, NSW, 2006
> phone: +61 02 8627 1152<tel:%2B61%2002%208627%201152>
>
>
>
> --
> Col W
>
--
Col W
RE: FEATURE REQUEST: Restricting pages to users in certain roles
Posted by Jason Morris <ja...@sydney.edu.au>.
Thanks, Col!
The other tricky bit (which I should have stipulated) is that I’m currently running JSPWiki on Glassfish 4.0.
Do you have a mod for impl this on Glassfish?
Cheers,
Jason
Jason C. Morris | PhD Candidate
Department of Environmental Sciences | Faculty of Agriculture and Environment
THE UNIVERSITY OF SYDNEY, NSW, 2006
phone: +61 02 8627 1152
From: Col Willis [mailto:col.willis@gmail.com]
Sent: Monday, 1 February 2016 7:01 PM
To: user@jspwiki.apache.org
Cc: dev@jspwiki.apache.org
Subject: Re: FEATURE REQUEST: Restricting pages to users in certain roles
I have got this working, it took some time but I hope the below helps:
I have got this working on my Apache Tomcat JSP Wiki Deployment:
Tomcat Users Conf File:
<role rolename="Admin"/>
<role rolename="Authenticated"/>
<role rolename="Trusted"/>
<user username="col" password="SomePa55word" roles="Admin"/>
----------------------------------
On your Wiki Pages....
For Group Level Restrictions:
[{ALLOW comment Authenticated}]
[{ALLOW modify Admin}]
For User Level Restriction:
[{ALLOW view col}]
[{ALLOW modify col}]
-------------------------------------
Now for the tricky bit, in JSPWiki-WAR Code:
jspwiki.policy File:
(Attached)
-------------------
At the end of the web.xml:
...
<security-constraint>
<web-resource-collection>
<web-resource-name>Administrative Area</web-resource-name>
<url-pattern>/Wiki.jsp</url-pattern>
<url-pattern>/Delete.jsp</url-pattern>
<url-pattern>/Edit.jsp</url-pattern>
<url-pattern>/Comment.jsp</url-pattern>
<url-pattern>/Login.jsp</url-pattern>
<url-pattern>/NewGroup.jsp</url-pattern>
<url-pattern>/Rename.jsp</url-pattern>
<url-pattern>/Upload.jsp</url-pattern>
<url-pattern>/attach</url-pattern>
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>HEAD</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>Admin</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Trusted Area</web-resource-name>
<url-pattern>/Wiki.jsp</url-pattern>
<url-pattern>/Edit.jsp</url-pattern>
<url-pattern>/Comment.jsp</url-pattern>
<url-pattern>/Login.jsp</url-pattern>
<url-pattern>/Rename.jsp</url-pattern>
<url-pattern>/Upload.jsp</url-pattern>
<url-pattern>/attach</url-pattern>
<http-method>GET</http-method>
<http-method>HEAD</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>Trusted</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Authenticated area</web-resource-name>
<url-pattern>/Wiki.jsp</url-pattern>
<url-pattern>/Comment.jsp</url-pattern>
<url-pattern>/Login.jsp</url-pattern>
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>HEAD</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>Authenticated</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/LoginForm.jsp</form-login-page>
<form-error-page>/LoginForm.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description>
This logical role includes all Admin usersit
</description>
<role-name>Admin</role-name>
</security-role>
<security-role>
<description>
This logical role includes all Trusted users
</description>
<role-name>Trusted</role-name>
</security-role>
<security-role>
<description>
This logical role includes all Authenticated users
</description>
<role-name>Authenticated</role-name>
</security-role>
</web-app>
---------------------------
There may have been other settings but I can not see these at the moment.
Hope this helps
On 1 February 2016 at 00:25, Jason Morris <ja...@sydney.edu.au>> wrote:
Hi All,
I'd like to request a feature to restrict page access/edit to users in certain roles.
Does anyone know if this already possible in JSPWiki?
Cheers,
Jason
Jason C. Morris | PhD Candidate
Department of Environmental Sciences | Faculty of Agriculture and Environment
THE UNIVERSITY OF SYDNEY, NSW, 2006
phone: +61 02 8627 1152<tel:%2B61%2002%208627%201152>
--
Col W
Re: FEATURE REQUEST: Restricting pages to users in certain roles
Posted by Col Willis <co...@gmail.com>.
I have got this working, it took some time but I hope the below helps:
I have got this working on my Apache Tomcat JSP Wiki Deployment:
Tomcat Users Conf File:
<role rolename="Admin"/>
<role rolename="Authenticated"/>
<role rolename="Trusted"/>
<user username="col" password="SomePa55word" roles="Admin"/>
----------------------------------
On your Wiki Pages....
For Group Level Restrictions:
[{ALLOW comment Authenticated}]
[{ALLOW modify Admin}]
For User Level Restriction:
[{ALLOW view col}]
[{ALLOW modify col}]
-------------------------------------
Now for the tricky bit, in JSPWiki-WAR Code:
jspwiki.policy File:
(Attached)
-------------------
At the end of the web.xml:
...
<security-constraint>
<web-resource-collection>
<web-resource-name>Administrative Area</web-resource-name>
<url-pattern>/Wiki.jsp</url-pattern>
<url-pattern>/Delete.jsp</url-pattern>
<url-pattern>/Edit.jsp</url-pattern>
<url-pattern>/Comment.jsp</url-pattern>
<url-pattern>/Login.jsp</url-pattern>
<url-pattern>/NewGroup.jsp</url-pattern>
<url-pattern>/Rename.jsp</url-pattern>
<url-pattern>/Upload.jsp</url-pattern>
<url-pattern>/attach</url-pattern>
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>HEAD</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>Admin</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Trusted Area</web-resource-name>
<url-pattern>/Wiki.jsp</url-pattern>
<url-pattern>/Edit.jsp</url-pattern>
<url-pattern>/Comment.jsp</url-pattern>
<url-pattern>/Login.jsp</url-pattern>
<url-pattern>/Rename.jsp</url-pattern>
<url-pattern>/Upload.jsp</url-pattern>
<url-pattern>/attach</url-pattern>
<http-method>GET</http-method>
<http-method>HEAD</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>Trusted</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Authenticated area</web-resource-name>
<url-pattern>/Wiki.jsp</url-pattern>
<url-pattern>/Comment.jsp</url-pattern>
<url-pattern>/Login.jsp</url-pattern>
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>HEAD</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>Authenticated</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/LoginForm.jsp</form-login-page>
<form-error-page>/LoginForm.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description>
This logical role includes all Admin usersit
</description>
<role-name>Admin</role-name>
</security-role>
<security-role>
<description>
This logical role includes all Trusted users
</description>
<role-name>Trusted</role-name>
</security-role>
<security-role>
<description>
This logical role includes all Authenticated users
</description>
<role-name>Authenticated</role-name>
</security-role>
</web-app>
---------------------------
There may have been other settings but I can not see these at the moment.
Hope this helps
On 1 February 2016 at 00:25, Jason Morris <ja...@sydney.edu.au>
wrote:
> Hi All,
> I'd like to request a feature to restrict page access/edit to users in
> certain roles.
> Does anyone know if this already possible in JSPWiki?
> Cheers,
> Jason
>
>
> Jason C. Morris | PhD Candidate
> Department of Environmental Sciences | Faculty of Agriculture and
> Environment
> THE UNIVERSITY OF SYDNEY, NSW, 2006
> phone: +61 02 8627 1152
>
>
--
Col W