To secure a KnowWE(JSPWiki) installation, you have to edit two files:

* {{jspwiki.properties}}: 
** at the very bottom uncomment the line {{jspwiki.approver.workflow.saveWikiPage=Admin}} to enable the forced approval of new user accounts by an admin. (Make sure there is an 'Admin' group)
** make sure the option {{allowHTML}} is set to {{false}}

* {{jspwiki.policiy}}:  comment the permissions of 'Anonymous' to disable anonymous editing
   before:
%%prettify %% after:
%%prettify {{{
grant principal com.ecyrd.jspwiki.auth.authorize.Role "Anonymous" {
    permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*", "modify";
    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "createPages";
};
}}}%%

{{{
grant principal com.ecyrd.jspwiki.auth.authorize.Role "Anonymous" {
//    permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*", "modify";
//    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "createPages";
};
}}}

* {{Install.jsp}}: Make sure that the file Install.jsp is deleted from the root folder of the web application.

* Default Admin Account: Be sure to change or deactivate the default admin account, before you go online. The password is published on this website! [User FAQ]

After that, restart the container and the wiki is secure.

%%Todo
This How-To could be extended
%


%%tags
howto security
%