etc/jspwiki.policy - jspwiki - Git at Google

 // $Id: jspwiki.policy,v 1.23 2007-07-06 10:36:36 jalkanen Exp $
 //
 // This file contains the local security policy for JSPWiki.
 // It provides the permissions rules for the JSPWiki
 // environment, and should be suitable for most purposes.
 // JSPWiki will load this policy when the wiki webapp starts.
 //
 // As noted, this is the 'local' policy for this instance of JSPWiki.
 // You can also use the standard Java 2 security policy mechanisms
 // to create a consolidated 'global policy' (JVM-wide) that will be checked first,
 // before this local policy. This is ideal for situations in which you are
 // running multiple instances of JSPWiki in your web container.
 // To set a global security policy for all running instances of JSPWiki,
 // you will need to specify the location of the global policy by setting the
 // JVM system property 'java.security.policy' in the command line script
 // you use to start your web container. See the documentation
 // pages at http://doc.jspwiki.org/2.4/wiki/InstallingJSPWiki. If you
 // don't know what this means, don't worry about it.
 //
 // Also, if you are running JSPWiki with a security policy, you will probably
 // want to copy the contents of the file jspwiki-container.policy into your
 // container's policy. See that file for more details.
 //
 // ------ EVERYTHING THAT FOLLOWS IS THE 'LOCAL' POLICY FOR YOUR WIKI ------

 // The first policy block grants privileges that all users need, regardless of
 // the roles or groups they belong to. Everyone can register with the wiki and
 // log in. Everyone can edit their profile after they authenticate.
 // Everyone can also view all wiki pages unless otherwise protected by an ACL.
 // If that seems too loose for your needs, you can restrict page-viewing
 // privileges by moving the PagePermission 'view' grant to one of the other blocks.

 grant principal com.ecyrd.jspwiki.auth.authorize.Role "All" {
     permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*", "view";
     permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "editPreferences";
     permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "editProfile";
     permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "login";
 };


 // The second policy block is extremely loose, and unsuited for public-facing wikis.
 // Anonymous users are allowed to create, edit and comment on all pages.
 //
 // Note: For Internet-facing wikis, you are strongly advised to remove the
 // lines containing the "modify" and "createPages" permissions; this will make
 // the wiki read-only for anonymous users.

 // Note that "modify" implies *both* "edit" and "upload", so if you wish to
 // allow editing only, then replace "modify" with "edit".

 grant principal com.ecyrd.jspwiki.auth.authorize.Role "Anonymous" {
     permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*", "modify";
     permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "createPages";
 };


 // This next policy block is also pretty loose. It allows users who claim to
 // be someone (via their cookie) to create, edit and comment on all pages,
 // as well as upload files.
 // They can also view the membership list of groups.

 grant principal com.ecyrd.jspwiki.auth.authorize.Role "Asserted" {
     permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*", "modify";
     permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "createPages";
     permission com.ecyrd.jspwiki.auth.permissions.GroupPermission "*:*", "view";
 };


 // Authenticated users can do most things: view, create, edit and
 // comment on all pages; upload files to existing ones; create and edit
 // wiki groups; and rename existing pages. Authenticated users can also
 // edit groups they are members of.

 grant principal com.ecyrd.jspwiki.auth.authorize.Role "Authenticated" {
     permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*", "modify,rename";
     permission com.ecyrd.jspwiki.auth.permissions.GroupPermission "*:*", "view";
     permission com.ecyrd.jspwiki.auth.permissions.GroupPermission "*:<groupmember>", "edit";
     permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "createPages,createGroups";
 };


 // Administrators (principals or roles possessing AllPermission)
 // are allowed to delete any page, and can edit, rename and delete
 // groups. You should match the permission target (here, 'JSPWiki')
 // with the value of the 'jspwiki.applicationName' property in
 // jspwiki.properties. Two administative groups are set up below:
 // the wiki group "Admin" (stored by default in wiki page GroupAdmin)
 // and the container role "Admin" (managed by the web container).

 grant principal com.ecyrd.jspwiki.auth.GroupPrincipal "Admin" {
     permission com.ecyrd.jspwiki.auth.permissions.AllPermission "*";
 };
 grant principal com.ecyrd.jspwiki.auth.authorize.Role "Admin" {
     permission com.ecyrd.jspwiki.auth.permissions.AllPermission "*";
 };
	// $Id: jspwiki.policy,v 1.23 2007-07-06 10:36:36 jalkanen Exp $
	//
	// This file contains the local security policy for JSPWiki.
	// It provides the permissions rules for the JSPWiki
	// environment, and should be suitable for most purposes.
	// JSPWiki will load this policy when the wiki webapp starts.
	//
	// As noted, this is the 'local' policy for this instance of JSPWiki.
	// You can also use the standard Java 2 security policy mechanisms
	// to create a consolidated 'global policy' (JVM-wide) that will be checked first,
	// before this local policy. This is ideal for situations in which you are
	// running multiple instances of JSPWiki in your web container.
	// To set a global security policy for all running instances of JSPWiki,
	// you will need to specify the location of the global policy by setting the
	// JVM system property 'java.security.policy' in the command line script
	// you use to start your web container. See the documentation
	// pages at http://doc.jspwiki.org/2.4/wiki/InstallingJSPWiki. If you
	// don't know what this means, don't worry about it.
	//
	// Also, if you are running JSPWiki with a security policy, you will probably
	// want to copy the contents of the file jspwiki-container.policy into your
	// container's policy. See that file for more details.
	//
	// ------ EVERYTHING THAT FOLLOWS IS THE 'LOCAL' POLICY FOR YOUR WIKI ------

	// The first policy block grants privileges that all users need, regardless of
	// the roles or groups they belong to. Everyone can register with the wiki and
	// log in. Everyone can edit their profile after they authenticate.
	// Everyone can also view all wiki pages unless otherwise protected by an ACL.
	// If that seems too loose for your needs, you can restrict page-viewing
	// privileges by moving the PagePermission 'view' grant to one of the other blocks.

	grant principal com.ecyrd.jspwiki.auth.authorize.Role "All" {
	permission com.ecyrd.jspwiki.auth.permissions.PagePermission ":", "view";
	permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "editPreferences";
	permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "editProfile";
	permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "login";
	};


	// The second policy block is extremely loose, and unsuited for public-facing wikis.
	// Anonymous users are allowed to create, edit and comment on all pages.
	//
	// Note: For Internet-facing wikis, you are strongly advised to remove the
	// lines containing the "modify" and "createPages" permissions; this will make
	// the wiki read-only for anonymous users.

	// Note that "modify" implies both "edit" and "upload", so if you wish to
	// allow editing only, then replace "modify" with "edit".

	grant principal com.ecyrd.jspwiki.auth.authorize.Role "Anonymous" {
	permission com.ecyrd.jspwiki.auth.permissions.PagePermission ":", "modify";
	permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "createPages";
	};


	// This next policy block is also pretty loose. It allows users who claim to
	// be someone (via their cookie) to create, edit and comment on all pages,
	// as well as upload files.
	// They can also view the membership list of groups.

	grant principal com.ecyrd.jspwiki.auth.authorize.Role "Asserted" {
	permission com.ecyrd.jspwiki.auth.permissions.PagePermission ":", "modify";
	permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "createPages";
	permission com.ecyrd.jspwiki.auth.permissions.GroupPermission ":", "view";
	};


	// Authenticated users can do most things: view, create, edit and
	// comment on all pages; upload files to existing ones; create and edit
	// wiki groups; and rename existing pages. Authenticated users can also
	// edit groups they are members of.

	grant principal com.ecyrd.jspwiki.auth.authorize.Role "Authenticated" {
	permission com.ecyrd.jspwiki.auth.permissions.PagePermission ":", "modify,rename";
	permission com.ecyrd.jspwiki.auth.permissions.GroupPermission ":", "view";
	permission com.ecyrd.jspwiki.auth.permissions.GroupPermission "*:<groupmember>", "edit";
	permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "createPages,createGroups";
	};


	// Administrators (principals or roles possessing AllPermission)
	// are allowed to delete any page, and can edit, rename and delete
	// groups. You should match the permission target (here, 'JSPWiki')
	// with the value of the 'jspwiki.applicationName' property in
	// jspwiki.properties. Two administative groups are set up below:
	// the wiki group "Admin" (stored by default in wiki page GroupAdmin)
	// and the container role "Admin" (managed by the web container).

	grant principal com.ecyrd.jspwiki.auth.GroupPrincipal "Admin" {
	permission com.ecyrd.jspwiki.auth.permissions.AllPermission "*";
	};
	grant principal com.ecyrd.jspwiki.auth.authorize.Role "Admin" {
	permission com.ecyrd.jspwiki.auth.permissions.AllPermission "*";
	};