JSPWiki supports multiple levels of authentication and trust. Users can be anonymous, have "asserted" identities using cookies, be authenticated, or be administrators:
|Status||Description||The User greeting Shows..|
|Anonymous||User not logged in, and has not supplied a cookie||"G'day (anonymous guest)"|
|Asserted||User's browser contains a cookie called JSPWikiAssertedName||"G'day, username (not logged in)"|
|Authenticated||User logged in with a login id and password||"G'day, username (authenticated)"|
Depending on the default security policy and page access controls in place, users may (or may not) be required to authenticate.
When a user decides to log in - or is challenged to do so by a page access control or security policy - he or she sees a standard web form with a username field and a masked password field. After receiving the submitted web form, JSPWiki attempts to log the user in.
If you lose your password, you can ask to have a new, random password sent to the mail address stored in your User Profile.
Although some wikis are anonymous, many are not. Often, wikis give users the ability to create an identity for the website. JSPWiki includes a basic self-registration page that allows users to set up and manage their own wiki profiles.
By default, the form asks for:
If container-managed authentication is used, the user ID will not be editable; the container will supply this value.
When the user saves the profile, JSPWiki checks to make sure that the new user id, wiki name and full name aren't already used by someone else. If so, the user is given the opportunity to choose different values.
After a user creates a wiki profile, he or she may edit it at a later time via the My Prefs link. By default, users must be authenticated to edit their own profiles.