Security Controls For This Wiki

This WIKI uses LDAP#

This wiki uses LDAP for Authentication and Authorization and for storing the Digital Subject representing users.

Groups are defined within the Wiki and not in LDAP as we discovered how JSPWiki Roles and Groups differ.

Access to the Wiki is controlled by the dictcrole attribute values.

The Configuration Files For JSPWIKI And LDAP that we use.


If you are using JSPWiki 2.4.7 and higher, check out the diagnostic page admin/SecurityConfig.jsp. It runs a short series of tests and verifies that the security configuration is sound. The admin pages are disabled by default in later versions and need to be enabled.


Test Security Pages#


Security Overview#

This was originally setup on JSPWiki 2.4 which contains a rich and flexible set of security features. This makes JSPWiki well-suited for stand-alone deployments or as part of a larger corporate intranet. However, although JSPWiki's security subsystem is highly customizable, the default settings should be enough to get you started. Here's a description of the main features.

Feature Description Default
Anonymity and Trust Users can be anonymous, partially-trusted (aka "asserted" using a persistent cookie), or authenticated Anonymous and asserted users can read and edit the wiki.
Identity Management Users register themselves with the wiki by creating a profile with a password. After logging in, users can manage their own profiles. Profiles store their login id, full name, wiki name, e-mail address and (optionally) a password. JSPWiki's API allows any compliant user database to be plugged in for identity storage, such as LDAP or relational databases. JSPWiki uses a flat XML file as its user database for storing user profiles; passwords are hashed using SHA-1. It can also store profiles in any database that pros that specify who can view, edit, or modify them. ACLs can contain user names, Wiki names, wiki groups or externally-authorized roles. If the ACL contains a wiki group or role, the user must be a member of the group, or possess the role. An API allows administrators to store ACLs externally, in a manner independent from the page content.
ACLs are stored inside the wiki page itself, using special wiki markup.
Groups Users can create on-the-fly groups of users with a simple wizard. These groups can be added to ACLs to restrict access to particular pages. An API allows administrators to configure where group membership information is stored, such as in flat files or databases. JSPWiki stores group membership information in an XML file as its group database.
Roles Users may possess special roles that are associated with their identities, such as the "Authenticated" or "Admin" role. These roles can be added to ACLs to restrict access to particular pages. JSPWiki administrators can configure the wiki to consult an external "authorizer" such as a web container or database to determine whether a user possesses the role. JSPWiki consults the J2EE web container using isInRole to determine role possession.
Enterprise Integration Security policies are expressed using the J2SE-standard security policy file syntax; the location of the policy file can be customized by administrators. Authentication is managed using the Java Authentication and Authorization Service (JAAS); the location of the login configuration can be customized. The wiki can use supplemental J2EE web container constraints to supply authentication credentials and to enforce authorization checks. Container-managed authentication and authorization allows administrators to connect into enterprise security instructure components such as LDAP, Single Sign-On, PAM, Kerberos and Active Directory. Pre-configured Java2 security policy and JAAS configuration files are supplied, and loaded at startup time if administrators have not overridden them with their

WIKI Access Control Lists#

Individual pages maybe controlled by WIKI Access Control Lists.

JSPWiki Roles and Groups#

A Better(?) explanation than can be found on JSPWiki Roles and Groups and how they differ.

More Information#

There might be more information for this subject on one of the following: