Thanks, Col! The other tricky bit (which I should have stipulated) is that I’m currently running JSPWiki on Glassfish 4.0. Do you have a mod for impl this on Glassfish? Cheers, Jason
Jason C. Morris | PhD Candidate Department of Environmental Sciences | Faculty of Agriculture and Environment THE UNIVERSITY OF SYDNEY, NSW, 2006 phone: +61 02 8627 1152 From: Col Willis [mailto:col.wil...@gmail.com] Sent: Monday, 1 February 2016 7:01 PM To: user@jspwiki.apache.org Cc: d...@jspwiki.apache.org Subject: Re: FEATURE REQUEST: Restricting pages to users in certain roles I have got this working, it took some time but I hope the below helps: I have got this working on my Apache Tomcat JSP Wiki Deployment: Tomcat Users Conf File: <role rolename="Admin"/> <role rolename="Authenticated"/> <role rolename="Trusted"/> <user username="col" password="SomePa55word" roles="Admin"/> ---------------------------------- On your Wiki Pages.... For Group Level Restrictions: [{ALLOW comment Authenticated}] [{ALLOW modify Admin}] For User Level Restriction: [{ALLOW view col}] [{ALLOW modify col}] ------------------------------------- Now for the tricky bit, in JSPWiki-WAR Code: jspwiki.policy File: (Attached) ------------------- At the end of the web.xml: ... <security-constraint> <web-resource-collection> <web-resource-name>Administrative Area</web-resource-name> <url-pattern>/Wiki.jsp</url-pattern> <url-pattern>/Delete.jsp</url-pattern> <url-pattern>/Edit.jsp</url-pattern> <url-pattern>/Comment.jsp</url-pattern> <url-pattern>/Login.jsp</url-pattern> <url-pattern>/NewGroup.jsp</url-pattern> <url-pattern>/Rename.jsp</url-pattern> <url-pattern>/Upload.jsp</url-pattern> <url-pattern>/attach</url-pattern> <http-method>DELETE</http-method> <http-method>GET</http-method> <http-method>HEAD</http-method> <http-method>POST</http-method> <http-method>PUT</http-method> </web-resource-collection> <auth-constraint> <role-name>Admin</role-name> </auth-constraint> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint> <security-constraint> <web-resource-collection> <web-resource-name>Trusted Area</web-resource-name> <url-pattern>/Wiki.jsp</url-pattern> <url-pattern>/Edit.jsp</url-pattern> <url-pattern>/Comment.jsp</url-pattern> <url-pattern>/Login.jsp</url-pattern> <url-pattern>/Rename.jsp</url-pattern> <url-pattern>/Upload.jsp</url-pattern> <url-pattern>/attach</url-pattern> <http-method>GET</http-method> <http-method>HEAD</http-method> <http-method>POST</http-method> <http-method>PUT</http-method> </web-resource-collection> <auth-constraint> <role-name>Trusted</role-name> </auth-constraint> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint> <security-constraint> <web-resource-collection> <web-resource-name>Authenticated area</web-resource-name> <url-pattern>/Wiki.jsp</url-pattern> <url-pattern>/Comment.jsp</url-pattern> <url-pattern>/Login.jsp</url-pattern> <http-method>DELETE</http-method> <http-method>GET</http-method> <http-method>HEAD</http-method> <http-method>POST</http-method> <http-method>PUT</http-method> </web-resource-collection> <auth-constraint> <role-name>Authenticated</role-name> </auth-constraint> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint> <login-config> <auth-method>FORM</auth-method> <form-login-config> <form-login-page>/LoginForm.jsp</form-login-page> <form-error-page>/LoginForm.jsp</form-error-page> </form-login-config> </login-config> <security-role> <description> This logical role includes all Admin usersit </description> <role-name>Admin</role-name> </security-role> <security-role> <description> This logical role includes all Trusted users </description> <role-name>Trusted</role-name> </security-role> <security-role> <description> This logical role includes all Authenticated users </description> <role-name>Authenticated</role-name> </security-role> </web-app> --------------------------- There may have been other settings but I can not see these at the moment. Hope this helps On 1 February 2016 at 00:25, Jason Morris <jason.mor...@sydney.edu.au<mailto:jason.mor...@sydney.edu.au>> wrote: Hi All, I'd like to request a feature to restrict page access/edit to users in certain roles. Does anyone know if this already possible in JSPWiki? Cheers, Jason Jason C. Morris | PhD Candidate Department of Environmental Sciences | Faculty of Agriculture and Environment THE UNIVERSITY OF SYDNEY, NSW, 2006 phone: +61 02 8627 1152<tel:%2B61%2002%208627%201152> -- Col W
