This page (revision-117) was last changed on 14-Mar-2022 10:44 by Albrecht Striffler

This page was created on 20-Nov-2012 14:18 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note
117 14-Mar-2022 10:44 2 KB Albrecht Striffler to previous
116 16-Jun-2020 14:53 2 KB Albrecht Striffler to previous | to last
115 16-Jun-2020 14:53 2 KB Albrecht Striffler to previous | to last
114 25-Apr-2019 17:16 2 KB Albrecht Striffler to previous | to last
113 25-Apr-2019 17:15 2 KB Albrecht Striffler to previous | to last
112 25-Apr-2019 17:14 2 KB Albrecht Striffler to previous | to last
111 19-Sep-2017 16:07 2 KB Albrecht Striffler to previous | to last
110 16-Jun-2015 20:07 2 KB Sebastian Furth to previous | to last
109 16-Jun-2015 20:07 2 KB Sebastian Furth to previous | to last
108 16-Jun-2015 20:06 2 KB Sebastian Furth to previous | to last
107 16-Jun-2015 20:05 2 KB Sebastian Furth to previous | to last
106 16-Jun-2015 20:03 2 KB Sebastian Furth to previous | to last
105 11-Aug-2014 11:33 1 KB Albrecht Striffler to previous | to last
104 11-Aug-2014 11:33 1 KB Albrecht Striffler to previous | to last
103 11-Aug-2014 11:32 1 KB Albrecht Striffler to previous | to last
102 26-Jun-2014 12:10 1 KB Albrecht Striffler to previous | to last
101 26-Jun-2014 12:10 1 KB Albrecht Striffler to previous | to last

Page References

Incoming links Outgoing links

Version management

Difference between version and

At line 9 added one line
!!! [d3web-KnowWE - change user rights for KnowWE]
At line 10 removed 3 lines
%%Todo
Tutorials: !!! d3web-KnowWE - change user rights for KnowWE
@user: Carsten Wasner
At line 14 removed 2 lines
%
!!! d3web-KnowWE - change user rights for KnowWE.
At line 17 removed 3 lines
When working in larger groups, it might be necessary to restrict user access to wikipages.
This can be done on eache wikipage individually, but yields problems like maintainance issues or excessive editing. \\
A better solution would be to create wiki specific user groups an define access rules.
At line 21 removed 2 lines
In __${KnowWE-Home}\webapps\KnowWE\WEB-INF\jspwiki.properties activate__\\
__java.security.policy = $basedir\knowWeWiki.policy__
At line 24 removed 109 lines
In this policy-file define your specific rules:
{{{
EXAMPLE
// $Id: jspwiki.policy,v 1.23 2007-07-06 10:36:36 jalkanen Exp $
//
// This file contains the local security policy for JSPWiki.
// It provides the permissions rules for the JSPWiki
// environment, and should be suitable for most purposes.
// JSPWiki will load this policy when the wiki webapp starts.
//
// As noted, this is the 'local' policy for this instance of JSPWiki.
// You can also use the standard Java 2 security policy mechanisms
// to create a consolidated 'global policy' (JVM-wide) that will be checked first,
// before this local policy. This is ideal for situations in which you are
// running multiple instances of JSPWiki in your web container.
// To set a global security policy for all running instances of JSPWiki,
// you will need to specify the location of the global policy by setting the
// JVM system property 'java.security.policy' in the command line script
// you use to start your web container. See the documentation
// pages at http://doc.jspwiki.org/2.4/wiki/InstallingJSPWiki. If you
// don't know what this means, don't worry about it.
//
// Also, if you are running JSPWiki with a security policy, you will probably
// want to copy the contents of the file jspwiki-container.policy into your
// container's policy. See that file for more details.
//
// ------ EVERYTHING THAT FOLLOWS IS THE 'LOCAL' POLICY FOR YOUR WIKI ------
// The first policy block grants privileges that all users need, regardless of
// the roles or groups they belong to. Everyone can register with the wiki and
// log in. Everyone can edit their profile after they authenticate.
// Everyone can also view all wiki pages unless otherwise protected by an ACL.
// If that seems too loose for your needs, you can restrict page-viewing
// privileges by moving the PagePermission 'view' grant to one of the other blocks.
grant principal com.ecyrd.jspwiki.auth.authorize.Role "All" {
permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*", "view";
permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "editPreferences";
permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "editProfile";
permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "login";
};
// The second policy block is extremely loose, and unsuited for public-facing wikis.
// Anonymous users are allowed to create, edit and comment on all pages.
//
// Note: For Internet-facing wikis, you are strongly advised to remove the
// lines containing the "modify" and "createPages" permissions; this will make
// the wiki read-only for anonymous users.
// Note that "modify" implies *both* "edit" and "upload", so if you wish to
// allow editing only, then replace "modify" with "edit".
grant principal com.ecyrd.jspwiki.auth.authorize.Role "Anonymous" {
// permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*", "modify";
// permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "createPages";
};
// This next policy block is also pretty loose. It allows users who claim to
// be someone (via their cookie) to create, edit and comment on all pages,
// as well as upload files.
// They can also view the membership list of groups.
grant principal com.ecyrd.jspwiki.auth.authorize.Role "Asserted" {
// permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*", "modify";
// permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "createPages";
permission com.ecyrd.jspwiki.auth.permissions.GroupPermission "*:*", "view";
};
// Authenticated users can do most things: view, create, edit and
// comment on all pages; upload files to existing ones; create and edit
// wiki groups; and rename existing pages. Authenticated users can also
// edit groups they are members of.
grant principal com.ecyrd.jspwiki.auth.authorize.Role "Authenticated" {
// permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*", "modify,rename";
permission com.ecyrd.jspwiki.auth.permissions.GroupPermission "*:*", "view";
// permission com.ecyrd.jspwiki.auth.permissions.GroupPermission "*:<groupmember>", "edit";
// permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "createPages,createGroups";
};
// Administrators (principals or roles possessing AllPermission)
// are allowed to delete any page, and can edit, rename and delete
// groups. You should match the permission target (here, 'JSPWiki')
// with the value of the 'jspwiki.applicationName' property in
// jspwiki.properties. Two administative groups are set up below:
// the wiki group "Admin" (stored by default in wiki page GroupAdmin)
// and the container role "Admin" (managed by the web container).
grant principal com.ecyrd.jspwiki.auth.GroupPrincipal "Admin" {
permission com.ecyrd.jspwiki.auth.permissions.AllPermission "*";
};
grant principal com.ecyrd.jspwiki.auth.authorize.Role "Admin" {
permission com.ecyrd.jspwiki.auth.permissions.AllPermission "*";
};
grant principal com.ecyrd.jspwiki.auth.GroupPrincipal "myUserGroup" {
permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*", "modify,rename";
permission com.ecyrd.jspwiki.auth.permissions.GroupPermission "*:*", "view";
permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "createPages";
};
}}}