[
https://issues.apache.org/jira/browse/JSPWIKI-266?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12595852#action_12595852
]
Janne Jalkanen commented on JSPWIKI-266:
----------------------------------------
Ah, okay. The Admin UI (at /admin/Admin.jsp) allows hand-creation of user
accounts. All you need to do is to prevent people from creating their own
(using any method that suits your setup).
However, the Admin UI is still an experimental feature, so it's a bit clunky.
But it's functional.
> Add ability to restrict account creation
> ----------------------------------------
>
> Key: JSPWIKI-266
> URL: https://issues.apache.org/jira/browse/JSPWIKI-266
> Project: JSPWiki
> Issue Type: New Feature
> Components: Authentication&Authorization
> Reporter: Aaron Hamid
>
> This is a formal feature request (because I could not find an existing issue)
> for the "Admin Creates User Profiles" Idea here:
> http://www.jspwiki.org/wiki/IdeaAdminCreatesUserProfiles
> Once way to implement it would be, that a different permission,
> "createProfile", be added, still configurable in the jspwiki.policy file.
> This way the desired policy could be configured such that the admin group has
> the "createProfile" permission, while the Authenticated have their
> "editProfile" permission.
> Workarounds are presented here
> http://www.jspwiki.org/wiki/AllowOnlyAdministratorCreateUserAccounts but have
> drawbacks, including allowing arbitrary junk accounts or forcing security to
> be configured external to the application.
> The proposal above, a new "createProfile" permission, seems like a
> straightforward way to address this concern directly in the product expanding
> its usefulness without weird workarounds.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
