I think this is what I've been after. Thanks Juan. Another case of RTFM ;-)
-----Original Message----- From: Juan Pablo Santos Rodríguez [mailto:juanpablo.san...@gmail.com] Sent: Tuesday, 2 February 2016 6:04 AM To: user@jspwiki.apache.org Subject: Re: FEATURE REQUEST: Restricting pages to users in certain roles Hi, you could check [#1] to see how to set up access control for individual wiki pages (ACLs markup) or system-wide security settings (security policy). regarding glassfish, it shouldn't be necessary to perform any special task, unless you're providing container-based authentication. In that case, [#2] contains an example on how to do it using GF 3 and JSPWiki 2.8.3, setting it up with GF4 + JSPWiki 2.10 shouldn't be too much different.. HTH, juan pablo [#1]: https://jspwiki-wiki.apache.org/Wiki.jsp?page=Wiki.Admin.Security [#2]: http://blog.davekoelmeyer.co.nz/2012/01/28/container-based-authentication-with-jspwiki-glassfish-and-opendj/ On Mon, Feb 1, 2016 at 1:18 PM, Col Willis <col.wil...@gmail.com> wrote: > Sorry not touched Glassfish > > On 1 February 2016 at 11:40, Jason Morris <jason.mor...@sydney.edu.au> > wrote: > > > Thanks, Col! > > The other tricky bit (which I should have stipulated) is that I’m > > currently running JSPWiki on Glassfish 4.0. > > Do you have a mod for impl this on Glassfish? > > Cheers, > > Jason > > > > Jason C. Morris | PhD Candidate > > Department of Environmental Sciences | Faculty of Agriculture and > > Environment THE UNIVERSITY OF SYDNEY, NSW, 2006 > > phone: +61 02 8627 1152 > > > > > > From: Col Willis [mailto:col.wil...@gmail.com] > > Sent: Monday, 1 February 2016 7:01 PM > > To: user@jspwiki.apache.org > > Cc: d...@jspwiki.apache.org > > Subject: Re: FEATURE REQUEST: Restricting pages to users in certain > > roles > > > > I have got this working, it took some time but I hope the below helps: > > > > I have got this working on my Apache Tomcat JSP Wiki Deployment: > > > > > > Tomcat Users Conf File: > > <role rolename="Admin"/> > > <role rolename="Authenticated"/> > > <role rolename="Trusted"/> > > > > <user username="col" password="SomePa55word" roles="Admin"/> > > > > ---------------------------------- > > > > On your Wiki Pages.... > > > > For Group Level Restrictions: > > [{ALLOW comment Authenticated}] > > [{ALLOW modify Admin}] > > > > For User Level Restriction: > > [{ALLOW view col}] > > [{ALLOW modify col}] > > > > ------------------------------------- > > > > Now for the tricky bit, in JSPWiki-WAR Code: > > > > jspwiki.policy File: > > (Attached) > > > > ------------------- > > > > At the end of the web.xml: > > ... > > > > <security-constraint> > > <web-resource-collection> > > <web-resource-name>Administrative Area</web-resource-name> > > <url-pattern>/Wiki.jsp</url-pattern> > > <url-pattern>/Delete.jsp</url-pattern> > > <url-pattern>/Edit.jsp</url-pattern> > > <url-pattern>/Comment.jsp</url-pattern> > > <url-pattern>/Login.jsp</url-pattern> > > <url-pattern>/NewGroup.jsp</url-pattern> > > <url-pattern>/Rename.jsp</url-pattern> > > <url-pattern>/Upload.jsp</url-pattern> > > <url-pattern>/attach</url-pattern> > > <http-method>DELETE</http-method> > > <http-method>GET</http-method> > > <http-method>HEAD</http-method> > > <http-method>POST</http-method> > > <http-method>PUT</http-method> > > </web-resource-collection> > > <auth-constraint> > > <role-name>Admin</role-name> > > </auth-constraint> > > <user-data-constraint> > > <transport-guarantee>CONFIDENTIAL</transport-guarantee> > > </user-data-constraint> > > </security-constraint> > > > > <security-constraint> > > <web-resource-collection> > > <web-resource-name>Trusted Area</web-resource-name> > > <url-pattern>/Wiki.jsp</url-pattern> > > <url-pattern>/Edit.jsp</url-pattern> > > <url-pattern>/Comment.jsp</url-pattern> > > <url-pattern>/Login.jsp</url-pattern> > > <url-pattern>/Rename.jsp</url-pattern> > > <url-pattern>/Upload.jsp</url-pattern> > > <url-pattern>/attach</url-pattern> > > <http-method>GET</http-method> > > <http-method>HEAD</http-method> > > <http-method>POST</http-method> > > <http-method>PUT</http-method> > > </web-resource-collection> > > <auth-constraint> > > <role-name>Trusted</role-name> > > </auth-constraint> > > <user-data-constraint> > > <transport-guarantee>CONFIDENTIAL</transport-guarantee> > > </user-data-constraint> > > </security-constraint> > > > > <security-constraint> > > <web-resource-collection> > > <web-resource-name>Authenticated area</web-resource-name> > > <url-pattern>/Wiki.jsp</url-pattern> > > <url-pattern>/Comment.jsp</url-pattern> > > <url-pattern>/Login.jsp</url-pattern> > > <http-method>DELETE</http-method> > > <http-method>GET</http-method> > > <http-method>HEAD</http-method> > > <http-method>POST</http-method> > > <http-method>PUT</http-method> > > </web-resource-collection> > > > > <auth-constraint> > > <role-name>Authenticated</role-name> > > </auth-constraint> > > > > <user-data-constraint> > > <transport-guarantee>CONFIDENTIAL</transport-guarantee> > > </user-data-constraint> > > </security-constraint> > > > > <login-config> > > <auth-method>FORM</auth-method> > > <form-login-config> > > <form-login-page>/LoginForm.jsp</form-login-page> > > <form-error-page>/LoginForm.jsp</form-error-page> > > </form-login-config> > > </login-config> > > > > <security-role> > > <description> > > This logical role includes all Admin usersit > > </description> > > <role-name>Admin</role-name> > > </security-role> > > <security-role> > > <description> > > This logical role includes all Trusted users > > </description> > > <role-name>Trusted</role-name> > > </security-role> > > <security-role> > > <description> > > This logical role includes all Authenticated users > > </description> > > <role-name>Authenticated</role-name> > > </security-role> > > > > </web-app> > > > > --------------------------- > > There may have been other settings but I can not see these at the moment. > > > > Hope this helps > > > > > > On 1 February 2016 at 00:25, Jason Morris > > <jason.mor...@sydney.edu.au <mailto:jason.mor...@sydney.edu.au>> wrote: > > Hi All, > > I'd like to request a feature to restrict page access/edit to users > > in certain roles. > > Does anyone know if this already possible in JSPWiki? > > Cheers, > > Jason > > > > > > Jason C. Morris | PhD Candidate > > Department of Environmental Sciences | Faculty of Agriculture and > > Environment THE UNIVERSITY OF SYDNEY, NSW, 2006 > > phone: +61 02 8627 1152<tel:%2B61%2002%208627%201152> > > > > > > > > -- > > Col W > > > > > > -- > Col W >
