Role-based security sounds terrific, but in practice it can be problematic for wikis. Because traditional role-based access controls often assume that everything is configured by an administrator. This creates a support bottleneck, and a barrier to adoption.

To make role-based access controls more flexible, JSPWiki allows users to create WIKI-Groups. These are special roles that users can create themselves. Users create WIKI-Groups by clicking on the front page link Create a new group. The JSP NewGroup.jsp opens.

The user gives the WIKI-Groups a name and enumerates its members. The "save" button creates a new wiki group that contains the membership list. By default, any member of the group can edit the membership list.

WIKI-Roles, WIKI-Groups and WIKI-ACLs are used to control access within the wiki.

Some More Thoughts#

WIKI-Groups are discretionary sets of users that have decided to associate themselves into a group.

Functionally, they are just like WIKI-Roles, but with a key difference: WIKI-Groups are managed by JSPWiki and not by the container.

WIKI-Groups were deliberately meant to be managed outside of the web container, so that users can create discretionary "roles" without getting system admins involved. This is an intentional feature, and a very powerful one.

Technical Implementation#

The default group database implementation stores member lists in an XML file. The location of this file should be in a secure directory in the filesystem; for example, in /etc or your servlet container's configuration directory

If you do not supply a value for this property, a blank group database will be initialized in the WEB-INF/ directory of the deployed webapp. Since these directories are often overwritten when webapps are undeployed or redeployed, you should probably set this property to something useful as soon as you can. But for test wikis, it's probably ok to leave this un-set, as long as users know that their groups could "disappear" if the wiki app is ever redeployed.

WIKI-Groups are stored using a GroupDatabase implementation which is by default uses an XML file for persistent storage. You could override with your own GroupDatabase implementation with this property:

jspwiki.groupdatabase = org.apache.wiki.auth.authorize.XMLGroupDatabase 

JSPWiki Roles and Groups#

Some thoughts about when to use JSPWiki Roles and Groups

Groups in this wiki:#


More Information#

There might be more information for this subject on one of the following:

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-10) was last changed on 14-Sep-2014 09:14 by jim