jspwiki-2.10.1的权限配置与使用

2.10.1的下载路径:         http://www.apache.org/dist/jspwiki/2.10.1/binaries/

jspwiki是一款apache推出的开源的基于jsp的wiki系统，基于文件系统，具有权限管理和搜索功能。就jspwiki的配置和使用总结如下：

环境：

• tomcat 7
  
• jdk1.6 32位
  
• jspwiki2.10.1
  

配置：

1 下载JSPWiki.war，放进tomcat的webapp文件夹下。启动tomcat，JSPWiki就会自动部署。

2 按照官网的说明，此时wiki就可以使用了。在浏览器中打开localhost:8080/JSPWiki/Install.jsp（即http://<myhost>/<appname>/Install.jsp）来初始化wiki，需要填的是baseURL，然后点配置，此时会提示你，自动生成了一个用户名为admin，密码随机的账户，一定要记住这个密码。否则就得重新部署了。

3 点击配置之后，网页会提示在tomcat的路径下生成一个temp文件夹，其中包含一个jspwiki-custom.properties文件。这个jspwiki-custom.properties文件很重要，用于配置wiki的各种参数。有的博客说，在应用的WEB-INF文件夹下会有一个jspwiki.properties也可以用于修改配置，实际上，那是很老的版本了。现在已经无法在这个文件夹下找到这个文件了。

4 修改temp文件下的jspwiki-custom.properties是没用的，配置不会生效。按照官网的说法，应该放到tomcat的lib目录中去，或者其他classpath路径中。

5 我的jspwiki-custom.properties配置如下：

#Fri Jul 04 13:48:45 CST 2014

jspwiki.basicAttachmentProvider.storageDir=D:/program/jspwiki/wiki_content

jspwiki.fileSystemProvider.pageDir=D:/program/jspwiki/wiki_content

jspwiki.pageProvider=VersioningFileProvider

jspwiki.applicationName=MyWiki

jspwiki.security=jaas

jspwiki.workDir=D:/program/jspwiki/wiki_content/temp

jspwiki.baseURL=http\://localhost\:8080/JSPWiki/

#日志文件的路径

log4j.appender.FileLog.File=D:/program/jspwiki/wiki_content/jspwiki.log

#支持中文搜索

jspwiki.lucene.analyzer = org.apache.lucene.analysis.cjk.CJKAnalyzer

jspwiki.encoding = UTF-8

#支持html

jspwiki.translatorReader.allowHTML = true

6 由于tomcat 的原因，这样配置之后，还是不能支持中文搜索，需要：

• 在Tomcat的 Server.xml中的Connector加入属性URIEncoding="UTF-8"（我的Connector有两个，两个都加了该属性）
  
• 把各个JSP中都加入UTF-8的标记。（<%@ page pageEncoding="utf-8"%>）

这样就配置完成了。不过这么配置之后的wiki是没有任何内容的。所以添加一些内容。建议下载jspwiki-wikipages-zh_CN-2.10.1.zip，即中文wikipage的示例，解压之后，放入jspwiki.fileSystemProvider.pageDir这一项配置的文件夹中。

7 jspwiki添加页面的方法，就是在地址栏中输入http://<myhost>/<appname>/Wiki.jsp?page=XXXXXX，如果这个XXXXXX是没有的页面，就会提示你新增页面了。

8 在编辑页面的时候点击右边的帮助，可以查看wiki页面的语法。

----             水平分隔线

\\               强制断行

[link]           创建 "link" 的超链接，其中 "link" 可以是内部 Wiki 名称（Wiki 页面

                 名称）或者外部链接（http://）

[text|link]      创建一个显示文本和实际超链接不同的超链接，其中“text”为要 显示的文本；“link”为实际的超链接。

[text|wiki:link] 创建一个显示文本和实际超链接不同的超链接，

                 并且超链接指向指定的 Wiki（比如 JSPWiki、MediaWiki 等等）。

                 这种链接支持 Wiki 之间的链接。

*                创建一个项目列表（星号 '*' 必需为所在行第一个字符）。用连续多个星号（**）

                 表示次级项目符号。

#                创建一个编号列表（星号 '*' 必需为所在行第一个字符）。用连续多个＃号（##，###）

                 表示缩进/次级编号。

!, !!, !!!       在行首加上感叹号（！）生成标题。

                 感叹号越多表示标题越大。

__text__         文本加粗。

''text''         给文本斜体效果（注意是单引号 '）

{{text}}         使文本变为等款字体。

;term:def        用 'def' 定义 'term'。用空的 'term' 可以表示简短注释（如，;:Created on 2008/02/28）。

|text|more text 生成表格。两条竖线“||”表示表格标题。

9 权限控制。这个是最复杂的。jspwiki的权限可以再两个地方控制，一个是在应用的WEB-INF文件夹下的jspwiki.policy中进行修改，另外就是在编辑页面的时候修改。编辑页面时可修改的是页面的访问权限。即让那些用户访问，不让那些用户访问。页面级别的权限控制要比全局控制的优先级高。需要在页面的最顶端加上

[{ALLOW 权限 角色}]

[{DENY 权限 角色}]

例如：

[{ALLOW edit GroupAdmin}]

[{ALLOW view All}]

在jspwiki.policy中修改的是全局权限，可以对用户组的权限进行管理。jspwiki默认的用户组有：

用户组解释All所有用户Anonymous未登录用户，也没有cookie的用户Asserted未登录，但有cookie的用户Authenticated登录用户Admin管理员

可以看出，All包含其他所有用户组。

权限管理的语法是：

grant principal org.apache.wiki.auth.authorize.Role "<用户组名>" {

    permission org.apache.wiki.auth.permissions.PagePermission "*:*", "<权限1>";

    permission org.apache.wiki.auth.permissions.WikiPermission "*", "<权限2>";

permission org.apache.wiki.auth.permissions.WikiPermission "*", "<权限3>";

};

 

例如：

grant principal org.apache.wiki.auth.authorize.Role "All" {

    permission org.apache.wiki.auth.permissions.PagePermission "*:*", "view";

    permission org.apache.wiki.auth.permissions.WikiPermission "*", "login";

    permission org.apache.wiki.auth.permissions.WikiPermission "*", "editProfile";

};

给所有用户看、登录、注册的权利。

权限分为四类：

• com.ecyrd.jspwiki.auth.permissions.PagePermission 页面权限 这个权限是我们最常使用的权限, 限定了用户可以对页面进行哪些操作, 可以使用的权限包括: *, comment, delete, edit, modify, rename, upload, view.
  
• com.ecyrd.jspwiki.auth.permissions.WikiPermission Wiki 权限 这个权限则定义了用户登录, 注册, 建立新页面是否可用, 也是比较常用的. 包括: createGroups, createPages, editPreferences, editProfile 和 login.
  
• com.ecyrd.jspwiki.auth.permissions.GroupPermission 组权限 这个权限一般来说只对管理员进行开放, 用来对用户分组, 注意每个 Group 的名称也对应着一个安全角色, 这样便于为多个用户指定一个权限.
• com.ecyrd.jspwiki.auth.permissions.AllPermission 所有权限 警告: 这个权限很危险, 一般来说只对管理员开放.

最后给出一个例子，一般用户可以浏览、注册、登录wiki，但是无法修改页面内容和新增页面。之后admin组的成员能够修改和新增页面。

//  Licensed to the Apache Software Foundation (ASF) under one

//  or more contributor license agreements.  See the NOTICE file

//  distributed with this work for additional information

//  regarding copyright ownership.  The ASF licenses this file

//  to you under the Apache License, Version 2.0 (the

//  "License"); you may not use this file except in compliance

//  with the License.  You may obtain a copy of the License at

//

//    http://www.apache.org/licenses/LICENSE-2.0

//

//  Unless required by applicable law or agreed to in writing,

//  software distributed under the License is distributed on an

//  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY

//  KIND, either express or implied.  See the License for the

//  specific language governing permissions and limitations

//  under the License.

// $Id: jspwiki.policy,v 1.23 2007-07-06 10:36:36 jalkanen Exp $

//

// This file contains the local security policy for JSPWiki.

// It provides the permissions rules for the JSPWiki

// environment, and should be suitable for most purposes.

// JSPWiki will load this policy when the wiki webapp starts.

//

// As noted, this is the 'local' policy for this instance of JSPWiki.

// You can also use the standard Java 2 security policy mechanisms

// to create a consolidated 'global policy' (JVM-wide) that will be checked first,

// before this local policy. This is ideal for situations in which you are

// running multiple instances of JSPWiki in your web container.

// To set a global security policy for all running instances of JSPWiki,

// you will need to specify the location of the global policy by setting the

// JVM system property 'java.security.policy' in the command line script

// you use to start your web container. See the documentation

// pages at http://doc.jspwiki.org/2.4/wiki/InstallingJSPWiki. If you

// don't know what this means, don't worry about it.

//

// Also, if you are running JSPWiki with a security policy, you will probably

// want to copy the contents of the file jspwiki-container.policy into your

// container's policy. See that file for more details.

//

// ------ EVERYTHING THAT FOLLOWS IS THE 'LOCAL' POLICY FOR YOUR WIKI ------

// The first policy block grants privileges that all users need, regardless of

// the roles or groups they belong to. Everyone can register with the wiki and

// log in. Everyone can edit their profile after they authenticate.

// Everyone can also view all wiki pages unless otherwise protected by an ACL.

// If that seems too loose for your needs, you can restrict page-viewing

// privileges by moving the PagePermission 'view' grant to one of the other blocks.

//grant principal org.apache.wiki.auth.authorize.Role "All" {

//    permission org.apache.wiki.auth.permissions.PagePermission "*:*", "view";

//    permission org.apache.wiki.auth.permissions.WikiPermission "*", "editPreferences";

//    permission org.apache.wiki.auth.permissions.WikiPermission "*", "editProfile";

//    permission org.apache.wiki.auth.permissions.WikiPermission "*", "login";

//};

grant principal org.apache.wiki.auth.authorize.Role "All" {

    permission org.apache.wiki.auth.permissions.PagePermission "*:*", "view";

    permission org.apache.wiki.auth.permissions.WikiPermission "*", "login";

permission org.apache.wiki.auth.permissions.WikiPermission "*", "editProfile";

};

// The second policy block is extremely loose, and unsuited for public-facing wikis.

// Anonymous users are allowed to create, edit and comment on all pages.

//

// Note: For Internet-facing wikis, you are strongly advised to remove the

// lines containing the "modify" and "createPages" permissions; this will make

// the wiki read-only for anonymous users.

// Note that "modify" implies *both* "edit" and "upload", so if you wish to

// allow editing only, then replace "modify" with "edit".

//grant principal org.apache.wiki.auth.authorize.Role "Anonymous" {

//    permission org.apache.wiki.auth.permissions.PagePermission "*:*", "modify";

//    permission org.apache.wiki.auth.permissions.WikiPermission "*", "createPages";

//};

// This next policy block is also pretty loose. It allows users who claim to

// be someone (via their cookie) to create, edit and comment on all pages,

// as well as upload files.

// They can also view the membership list of groups.

//grant principal org.apache.wiki.auth.authorize.Role "Asserted" {

//    permission org.apache.wiki.auth.permissions.PagePermission "*:*", "modify";

//    permission org.apache.wiki.auth.permissions.WikiPermission "*", "createPages";

//    permission org.apache.wiki.auth.permissions.GroupPermission "*:*", "view";

//};

// Authenticated users can do most things: view, create, edit and

// comment on all pages; upload files to existing ones; create and edit

// wiki groups; and rename existing pages. Authenticated users can also

// edit groups they are members of.

//grant principal org.apache.wiki.auth.authorize.Role "Authenticated" {

//   permission org.apache.wiki.auth.permissions.PagePermission "*:*", "modify,rename";

//    permission org.apache.wiki.auth.permissions.GroupPermission "*:*", "view";

//    permission org.apache.wiki.auth.permissions.GroupPermission "*:<groupmember>", "edit";

//    permission org.apache.wiki.auth.permissions.WikiPermission "*", "createPages,createGroups";

//};

grant principal org.apache.wiki.auth.authorize.Role "Authenticated" {

    permission org.apache.wiki.auth.permissions.GroupPermission "*:*", "view";

};

// Administrators (principals or roles possessing AllPermission)

// are allowed to delete any page, and can edit, rename and delete

// groups. You should match the permission target (here, 'JSPWiki')

// with the value of the 'jspwiki.applicationName' property in

// jspwiki.properties. Two administative groups are set up below:

// the wiki group "Admin" (stored by default in wiki page GroupAdmin)

// and the container role "Admin" (managed by the web container).

grant principal org.apache.wiki.auth.GroupPrincipal "Admin" {

    permission org.apache.wiki.auth.permissions.AllPermission "*";

};

grant principal org.apache.wiki.auth.authorize.Role "Admin" {

    permission org.apache.wiki.auth.permissions.AllPermission "*";

};

引用自http://blog.csdn.net/castle07/article/details/37564311#reply