<meta charset="UTF-8">
<meta name="robots" content="noindex,nofollow" />
<link rel="shortcut icon" type="image/x-icon" href="/wiki/images/favicon.ico" />
<link rel="icon" type="image/x-icon" href="/wiki/images/favicon.ico" />

<pre>
[{ALLOW view All}]
[{ALLOW delete jim,Admin}]

[{TableOfContents}]

!!! This WIKI uses [LDAP]
This wiki uses [LDAP] for [Authentication] and [Authorization] and for storing the [Digital Subject] representing users. 

Groups are defined within the Wiki and not in LDAP as we discovered how [JSPWiki Roles and Groups] differ.

Access to the Wiki is controlled by the [dictcrole attribute values|Dictcrole Attribute Values].

The [Configuration Files For JSPWIKI And LDAP] that we use.

!! Note
If you are using JSPWiki 2.4.7 and higher, check out the diagnostic page [admin/SecurityConfig.jsp|http://http://ldapwiki.willeke.com/wiki/admin/SecurityConfig.jsp]. It runs a short series of tests and verifies that the security configuration is sound.
The __admin pages are disabled by default__ in later versions and need to be enabled.

!! [Groups|GroupsOnThisWiki]

!Test Security Pages
* [Test No One Allowed Security Page|Wiki Test No One Allowed Security Page]
* [Test Some Allowed Security Page|Wiki Test Some Allowed Security Page]
* [Test Edit By Some Allowed Security Page|Wiki Test Edit By Some Allowed Security Page]!! Features

!Security Overview
This was originally setup on JSPWiki 2.4 which contains a rich and flexible set of security features. This makes JSPWiki well-suited for stand-alone deployments or as part of a larger corporate intranet. However, although JSPWiki's security subsystem is highly customizable, the default settings should be enough to get you started. Here's a description of the main features.

|| Feature || Description || Default
| [Anonymity] and Trust | Users can be [Anonymous], partially-trusted (''aka'' &quot;asserted&quot; using a persistent cookie), or [Authenticated] | Anonymous and asserted users can read and edit the wiki.
| Identity Management | Users register themselves with the wiki by creating a profile with a password. After logging in, users can manage their own profiles. Profiles store their login id, full name, wiki name, e-mail address and (optionally) a password. JSPWiki's API allows any compliant user database to be plugged in for identity storage, such as LDAP or relational databases. | JSPWiki uses a flat XML file as its user [database] for storing user profiles; passwords are hashed using SHA-1. It can also store profiles in any database that pros that specify who can view, edit, or modify them. ACLs can contain user names, Wiki names, wiki groups or externally-authorized roles. If the [ACL] contains a wiki group or role, the user must be a member of the group, or possess the role. An API allows administrators to store ACLs externally, in a manner independent from the page content.\\ACLs are stored inside the wiki page itself, using special wiki markup.
| Groups | Users can create on-the-fly groups of users with a simple wizard. These groups can be added to ACLs to restrict access to particular pages. An API allows administrators to configure where group membership information is stored, such as in flat files or databases. | [JSPWiki] stores group membership information in an XML file as its [group] [database].
| [Roles] | Users may possess special] roles that are associated with their identities, such as the &quot;Authenticated&quot; or &quot;Admin&quot; role. These roles can be added to ACLs to restrict access to particular pages. JSPWiki administrators can configure the wiki to consult an external &quot;authorizer&quot; such as a web container or database to determine whether a user possesses the role. | JSPWiki consults the J2EE web container using ''isInRole'' to determine role possession.
| Enterprise Integration | Security policies are expressed using the J2SE-standard security policy file syntax; the location of the policy file can be customized by administrators. Authentication is managed using the Java Authentication and Authorization Service (JAAS); the location of the login configuration can be customized. The wiki can use supplemental [J2EE] web container constraints to supply authentication credentials and to enforce authorization checks. Container-managed authentication and authorization allows administrators to connect into enterprise security infrastructure components such as [LDAP], Single Sign-On, [PAM], [Kerberos] and [Active Directory|Microsoft Active Directory]. | Pre-configured Java2 security policy and [JAAS] configuration files are supplied, and loaded at startup time if administrators have not overridden them with their 

!! [WIKI Access Control Lists]
Individual pages maybe controlled by [WIKI Access Control Lists].
!! [JSPWiki Roles and Groups]
A Better(?) explanation can be found on [JSPWiki Roles and Groups] and how they differ.

!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
</pre>