To secure a KnowWE(JSPWiki) installation, you have to edit two files:

  • jspwiki.properties:
    • at the very bottom uncomment the line jspwiki.approver.workflow.saveWikiPage=Admin to enable the forced approval of new user accounts by an admin. (Make sure there is an 'Admin' group)
    • make sure the option allowHTML is set to false
  • jspwiki.policiy: comment the permissions of 'Anonymous' to disable anonymous editing before:
after: grant principal com.ecyrd.jspwiki.auth.authorize.Role "Anonymous" { permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*", "modify"; permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "createPages"; };
grant principal com.ecyrd.jspwiki.auth.authorize.Role "Anonymous" {
//    permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*", "modify";
//    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "createPages";
};
* Install.jsp: Make sure that the file Install.jsp is deleted from the root folder of the web application.

After that, restart the container and the wiki is secure.

This How-To could be extended