Hi,
I'm prototyping a club site where there will be a set of public pages
editable by a select group of editors, then a closed (non-public,
members-only) set of pages editable by anyone. The members-only pages
*must* be private, password-only, as they will contain private contact
info, etc. We don't want users to be able to set the ACL on a page to
open it up to the public, i.e., we only want admins to be able to alter
page-level ACL.
So it seems that we have a few options:
a. put ACLs on the public pages with the default being closed
or
b. put ACLs on every other page with the default being open
Neither of these seem particularly pleasant. Perhaps I'm missing
something in the current security arrangement.
Is there an easy way to set something like this up? What would the
files in WEB-INF look like?
I'm happy to write up any results of this discussion as documentation
on the wiki (as ClubSiteSecurityScenario?), since this seems like a
relatively common scenario.
Thanks,
Murray
...........................................................................
Murray Altheim <murray07 at altheim.com> === = =
http://www.altheim.com/murray/ = = ===
SGML Grease Monkey, Banjo Player, Wantanabe Zen Monk = = = =
Boundless wind and moon - the eye within eyes,
Inexhaustible heaven and earth - the light beyond light,
The willow dark, the flower bright - ten thousand houses,
Knock at any door - there's one who will respond.
-- The Blue Cliff Record
_______________________________________________
This is the Jspwiki-users mailing list, in which we discuss the
stable release (even-numbered, 2.4.x, 2.6.x), and user-issues.
For development discussion, please join jspwiki-dev.
http://ecyrd.com/cgi-bin/mailman/listinfo/jspwiki-users
http://www.jspwiki.org/JSPWikiMailingList
