To make it easy for users to quickly get productive, JSPWiki ships with a fairly loose default policy out of the box:
| Permission | Anonymous Users | Asserted Users | Authenticated Users | Admin group | Implied Permission |
|---|---|---|---|---|---|
| VIEW all pages | x | x | x | x | |
| EDIT all pages | x | x | x | x | VIEW COMMENT |
| UPLOAD attachments to all pages | x | x | |||
| MODIFY all pages | x | x | EDIT UPLOAD | ||
| COMMENT on all existing pages | x | x | x | x | VIEW |
| CREATE new pages | x | x | x | x | |
| RENAME all pages | x | x | EDIT | ||
| DELETE all pages | x | EDIT | |||
| VIEW all WIKI-Groups | x | x | x | ||
| EDIT all WIKI-Groups | x | x | |||
| RENAME all WIKI-Groups | x | x | |||
| DELETE all WIKI-Groups | x | ||||
| CREATE new WIKI-Groups | x | x | |||
| CREATE WIKI-Profile | x | x | x | x | |
| EDIT user preferences | x | x | |||
| EDIT WIKI-Profile | x | x |
These privileges are the defaults. For page actions such as viewing, editing, and commenting, the privileges can be restricted further by adding an WIKI-ACLs to particular pages. It is important to note that WIKI-ACLs cannot elevate privileges above those already granted by the WIKI-Security Policy. For example, if the policy states that Anonymous users can read all pages (but not edit), an ACL on page Main that attempts to grant the Edit privilege to Anonymous will not work.
JSPWiki uses the standard Java 2 security policy APIs under the covers. Default permissions are granted using standard local security policy file syntax. When JSPWiki starts up, it loads the default policy file (stored in WEB-INF/jspwiki.policy). The "local policy" that is always read from WEB-INF/jspwiki.policy. The local WIKI-Security Policy will supplement the JVM-wide policy.
JSPWiki's default policy is suitable for a small team. It is probably too loose for a corporate intranet or public wiki.!! More Information There might be more information for this subject on one of the following: