Hi, as Dirk says, ACLs protect at page level. https://jspwiki-wiki.apache.org/Wiki.jsp?page=Wiki.Admin.Security should be a good starting point to get into them.
The reason right now of not protecting at section level is mainly b/c of several places showing the page markup: source page, the search engine, (which indexes the page markup so you could get grasp of results you shouldn't be able to see). Also page editing would get a lot harder without being able sections you're not supposed to see/edit, etc. The easiest way to achieve section level ACL right now is through the InsertPagePlugin approach explained by Dirk best regards, juan pablo On Thu, Jul 11, 2019 at 12:57 AM Foster Schucker <fos...@schucker.org> wrote: > I had written an Auth plugin > (https://www.ecyrd.com/JSPWiki/wiki/AuthPlugin) that allowed nesting. > > I also edited Diff.jsp and Edit.jsp to not show the source if you were > not allowed to see all the page. > > I'm not sure how the new Auth works, I branched off of JSPWiki before > that got added, but it may be easy for the current group to make those > changes. > > On 7/10/2019 4:26 PM, Dirk Frederickx wrote: > > Hi Jerry, > > > > AFAIK you can only protect whole pages in JSPWiki, with a page ACL. > > EG: [{ALLOW edit Authenticated }] > > > > You could put sensitive sections inside an IF plugin which will only > > render for certain Users or certain user Groups. > > See https://jspwiki-wiki.apache.org/Wiki.jsp?page=IfPlugin for more > > examples. > > (note: looking at the source of the page will still reveal the protected > > content, so this approach is not 100% secure. > > > > You can also put the protected content in another page, eg. by using the > > InsertPagePlugin plugin. > > This other page will then contain an [{ALLOW ... }] ACL to define the > right > > security rules. The access to that page will always pass via the security > > gates of JSPWiki before revealing its content to the user. > > > > BR > > dirk > > > > > > On Tue, Jul 9, 2019 at 6:44 PM Jerry Malcolm<techst...@malcolms.com> > wrote: > > > >> Is it possible to make certain sections/pages of the Wiki protected from > >> view and edit by a special role and other sections/pages protected by a > >> different role? > >> > >> Thx > >> > >> >
