John -- I don't know the answer to question #1 offhand, but as for #2,
security for each wiki is controlled by the jspwiki.policy file in WEB-
INF. Each wiki has its own. You can also use a "global" policy file by
specifying the JVM property java.security.policy, but note that this
option will go away in 3.0. (Many people found global policies
confusing.)
On Jun 8, 2009, at 6:57, "Volkar, John M." <[email protected]> wrote:
I was looking into setting up a 2.8.x with security, and was looking
to
see if jspwiki.policy could be set in server.xml as a context
parameter
like I do for the jspwiki.properties file (see MultipleWikis page).
There is a question on the MultipleWikis page about this that links to
page "Security 2.3 FAQ". This appears to require a login, I (of
course)
have forgotten what I used for the jspwiki.org site, and attempted to
re-register. In several attempts to register I get a "invalid
profile"
message (presumably because one of the elements I was using to
register
existed my old profile?). So I'm wanting the info on that page, so I
figure fine, I'll just register as a temporary user "SnarfBlatt", and
just use that profile...
The registration succeeded, but when I then tried to access the page
"Security 2.3 FAQ", I get a "Forbidden" message. The site shows me as
Authenticated as "SnarfBlatt", but access is denied?
So two questions:
1) Why can't I get to the page "Security 2.3 FAQ" as SnarfBlatt?
(Idle
curiosity/annoyance)
and
2) How can I override the jspwiki.policy on a per-wiki basis when
setting up MultipleWikis?
Regards,
John Volkar
