Greetings,
I'm running into an issue whereby i want to restrict access to a specific
jsp wiki page with something like
[{ALLOW read LdapGroup1}]
where by the user role LdapGroup1 is tomcat managed and backed by an
LDAP/active directory setup.
What i'm noticing is that JSP seems to require all roles/groups to be
defined in the web.xml of jspwiki. That's not really feasible in my case
whereby we want to give sysadmins flexibility to declare what they
need/want and have it just work in the wiki.
I think i've narrowed this down to how the default authorization manager
works.
Question1: is there any built in solutions for this scenario or should i
extend DefaultAuthorizationManager and rig up my own desired logic?
Question 2: is there a syntax for authorization that is something like,
allow users who are in group1 AND group2? ie require membership/role in
more than one role, if they don't have group1 and group2, access denied
