Troubleshooting#

Configuration Issues#

Make sure the configuration is set up properly in the jspwiki.properties. This file normally stored in the JSPWiki webapp's WEB-INF directory; for example, $TOMCAT_HOME/webapps/JSPWiki/WEB-INF. For more information see Configuring JSPWiki and JSPWiki.properties.

Security Configuration#

If you are using JSPWiki 2.4.7 and higher, check out the diagnostic page admin/SecurityConfig.jsp. It runs a short series of tests and verifies that the security configuration is sound.

A common mistake is that JSPWiki is configured without JAAS, which turns off security checking and disables JSPWiki's own authentication system. To turn on JAAS, make sure 'jspwiki.security = jaas' is set in the jspwiki.properties file. Make sure it is not set to 'container' or 'off'.

Note: for releases of JSPWiki prior to 2.4-Stable, Install.jsp set 'jspwiki.security = container'. So, if you had previously used Install.jsp, make sure you change 'container' to 'jaas'.

Security Policies#

JSPWiki maintains something called a security policy, which provides the basic rules for controlling access to pages and groups. By default, the policy allows fairly open access to most parts of the wiki. Figuring out the security policy file isn't hard, but takes a little getting used to.

Here's how to allow everyone to be able to edit everything *except* for a subset of 'protected' pages:

1. Use the policy file to allow Anonymous to edit all pages.
2. Create a group named 'SuperSecretEditors'
3. On each of the 'protected' pages, add the [{ALLOW edit SuperSecretEditors}] directive.

Everyone is allowed to edit everything on non-protected pages. On protected pages, only members of the group SuperSecretEditors can edit.