Google Git
Sign in
apache / jspwiki / refs/heads/JSPWIKI_2_6_BRANCH / . / etc / web.xml
blob: f8344384ddaafd048fa1e01b71ee89432a1433a3 [file] [log] [blame]
<?xml version="1.0" encoding="ISO-8859-1"?>
<web-app xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
version="2.4">
<description>
JSPWiki is a free JSP-based WikiClone. It is licenced
under the Lesser GNU General Public License.
JSPWiki is maintained by Janne Jalkanen (+others),
jalkanen+jspwiki@ecyrd.com
</description>
<display-name>JSPWiki</display-name>
<!-- Resource bundle default location -->
<context-param>
<param-name>javax.servlet.jsp.jstl.fmt.localizationContext</param-name>
<param-value>templates.default</param-value>
</context-param>
<!--
This is new in 2.4. This defines a servlet filter which filters all requests.
-->
<filter>
<filter-name>WikiServletFilter</filter-name>
<filter-class>com.ecyrd.jspwiki.ui.WikiServletFilter</filter-class>
</filter>
<filter>
<filter-name>WikiJSPFilter</filter-name>
<filter-class>com.ecyrd.jspwiki.ui.WikiJSPFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>WikiServletFilter</filter-name>
<url-pattern>/attach/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>WikiServletFilter</filter-name>
<url-pattern>/atom/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>WikiServletFilter</filter-name>
<url-pattern>/dav/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>WikiServletFilter</filter-name>
<url-pattern>/RPCU/</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>WikiServletFilter</filter-name>
<url-pattern>/RPC2/</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>WikiServletFilter</filter-name>
<url-pattern>/JSON-RPC</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>WikiJSPFilter</filter-name>
<url-pattern>/wiki/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>WikiJSPFilter</filter-name>
<url-pattern>*.jsp</url-pattern>
</filter-mapping>
<!--
HttpSessionListener used for managing WikiSession's.
-->
<listener>
<listener-class>com.ecyrd.jspwiki.auth.SessionMonitor</listener-class>
</listener>
<!--
Now, let's define the XML-RPC interfaces. You probably don't have to
touch these.
First, we'll define the standard XML-RPC interface.
-->
<servlet>
<servlet-name>XMLRPC</servlet-name>
<servlet-class>com.ecyrd.jspwiki.xmlrpc.RPCServlet</servlet-class>
<init-param>
<param-name>handler</param-name>
<param-value>com.ecyrd.jspwiki.xmlrpc.RPCHandler</param-value>
</init-param>
<init-param>
<param-name>prefix</param-name>
<param-value>wiki</param-value>
</init-param>
</servlet>
<!--
OK, this then defines that our UTF-8 -capable server.
-->
<servlet>
<servlet-name>XMLRPC-UTF8</servlet-name>
<servlet-class>com.ecyrd.jspwiki.xmlrpc.RPCServlet</servlet-class>
<init-param>
<param-name>handler</param-name>
<param-value>com.ecyrd.jspwiki.xmlrpc.RPCHandlerUTF8</param-value>
</init-param>
<init-param>
<param-name>prefix</param-name>
<param-value>wiki</param-value>
</init-param>
</servlet>
<!-- JSON AJAX API -->
<servlet>
<servlet-name>com.metaparadigm.jsonrpc.JSONRPCServlet</servlet-name>
<servlet-class>com.metaparadigm.jsonrpc.JSONRPCServlet</servlet-class>
</servlet>
<!-- Atom Publishing Protocol -->
<servlet>
<servlet-name>ATOM</servlet-name>
<servlet-class>com.ecyrd.jspwiki.rpc.atom.AtomAPIServlet</servlet-class>
</servlet>
<!-- Maps short URLS to JSPs; also, detects webapp shutdown. -->
<servlet>
<servlet-name>WikiServlet</servlet-name>
<servlet-class>com.ecyrd.jspwiki.WikiServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet>
<servlet-name>DAVServlet</servlet-name>
<servlet-class>com.ecyrd.jspwiki.dav.WikiDavServlet</servlet-class>
</servlet>
<!--
Attachment exchange handler.
-->
<servlet>
<servlet-name>AttachmentServlet</servlet-name>
<servlet-class>com.ecyrd.jspwiki.attachment.AttachmentServlet</servlet-class>
</servlet>
<!-- PLACEHOLDER FOR PRE-COMPILED JSP SERVLETS -->
<!--
And finally, let us tell the servlet container which
URLs should correspond to which XML RPC servlet.
-->
<!-- By default, this is disabled. If you want to enabled it,
just uncomment the whole section. -->
<!-- REMOVE ME TO ENABLE XML-RPC
<servlet-mapping>
<servlet-name>XMLRPC</servlet-name>
<url-pattern>/RPC2/</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>XMLRPC-UTF8</servlet-name>
<url-pattern>/RPCU/</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>ATOM</servlet-name>
<url-pattern>/atom/*</url-pattern>
</servlet-mapping>
AND REMOVE ME TOO -->
<servlet-mapping>
<servlet-name>AttachmentServlet</servlet-name>
<url-pattern>/attach/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>WikiServlet</servlet-name>
<url-pattern>/wiki/*</url-pattern>
</servlet-mapping>
<!-- Remove to enable WebDav. EXPERIMENTAL FEATURE!
<servlet-mapping>
<servlet-name>DAVServlet</servlet-name>
<url-pattern>/dav/*</url-pattern>
</servlet-mapping>
-->
<servlet-mapping>
<servlet-name>com.metaparadigm.jsonrpc.JSONRPCServlet</servlet-name>
<url-pattern>/JSON-RPC</url-pattern>
</servlet-mapping>
<!-- This means that we don't have to use redirection
from index.html anymore. Yay! -->
<welcome-file-list>
<welcome-file>Wiki.jsp</welcome-file>
</welcome-file-list>
<!-- Error pages -->
<error-page>
<error-code>403</error-code>
<location>/error/Forbidden.html</location>
</error-page>
<!-- REMOVE ME TO ENABLE JDBC DATABASE
<resource-ref>
<description>
Resource reference to JNDI factory for the JDBCUserDatabase.
</description>
<res-ref-name>
jdbc/UserDatabase
</res-ref-name>
<res-type>
javax.sql.DataSource
</res-type>
<res-auth>
Container
</res-auth>
</resource-ref>
<resource-ref>
<description>
Resource reference to JNDI factory for the JDBCGroupDatabase.
</description>
<res-ref-name>
jdbc/GroupDatabase
</res-ref-name>
<res-type>
javax.sql.DataSource
</res-type>
<res-auth>
Container
</res-auth>
</resource-ref>
REMOVE ME TO ENABLE JDBC DATABASE -->
<!-- REMOVE ME TO ENABLE JAVAMAIL
<resource-ref>
<description>Resource reference to a container-managed JNDI JavaMail factory for sending e-mails.</description>
<res-ref-name>mail/Session</res-ref-name>
<res-type>javax.mail.Session</res-type>
<res-auth>Container</res-auth>
</resource-ref>
REMOVE ME TO ENABLE JAVAMAIL -->
<!--
CONTAINER-MANAGED AUTHENTICATION & AUTHORIZATION
Here we define the users which are allowed to access JSPWiki.
These restrictions cause the web container to apply further
contraints to the default security policy in jspwiki.policy,
and should be suitable for a corporate intranet or public wiki.
In particular, the restrictions below allow all users to
read documents, but only Authenticated users can comment
on or edit them (i.e., access the Edit.jsp page).
Users with the role Admin are the only persons who can
delete pages.
To implement this policy, the container enforces two web
resource constraints: one for the Administrator resources,
and one for Authenticated users. Note that the "role-name"
values are significant and should match the role names
retrieved by your web container's security realm. The roles
of "Admin" and "Authenticated" are assigned by the web
container at login time.
For example, if you are using Tomcat's built-in "memory realm",
you should edit the $CATALINA_HOME/conf/tomcat-users.xml file
and add the desired actual user accounts. Each user must possess
one or both of the Admin or Authenticated roles. For other realm
types, consult your web container's documentation.
Alternatively, you could also replace all references to
"Authenticated" and "Admin" with role names that match those
returned by your container's security realm. We don't care
either way, as long as they match.
Note that accessing protected resources will cause your
container to try to use SSL to secure the web session.
This, of course, assumes your web container (or web server)
is configured with SSL support. If you do not wish to use SSL,
remove the "user-data-constraint" elements.
-->
<!-- REMOVE ME TO ENABLE CONTAINER-MANAGED AUTH
<security-constraint>
<web-resource-collection>
<web-resource-name>Administrative Area</web-resource-name>
<url-pattern>/Delete.jsp</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>Admin</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Authenticated area</web-resource-name>
<url-pattern>/Edit.jsp</url-pattern>
<url-pattern>/Comment.jsp</url-pattern>
<url-pattern>/Login.jsp</url-pattern>
<url-pattern>/NewGroup.jsp</url-pattern>
<url-pattern>/Rename.jsp</url-pattern>
<url-pattern>/Upload.jsp</url-pattern>
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>HEAD</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<web-resource-collection>
<web-resource-name>Read-only Area</web-resource-name>
<url-pattern>/attach</url-pattern>
<http-method>DELETE</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>Admin</role-name>
<role-name>Authenticated</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/LoginForm.jsp</form-login-page>
<form-error-page>/LoginForm.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description>
This logical role includes all authenticated users
</description>
<role-name>Authenticated</role-name>
</security-role>
<security-role>
<description>
This logical role includes all administrative users
</description>
<role-name>Admin</role-name>
</security-role>
REMOVE ME TO ENABLE CONTAINER-MANAGED AUTH -->
</web-app>