Using JSPWiki in the enterprise

I’m quite a fan of JSPWiki.

I first came across it when I rolled it out at my last place of work, as an experiment. It worked out quite well, being used by just about every department of the company, and we did some internal extension of it via plugins so that it generated things like timetables out of Microsoft Project. By the time I left I think it had something like 800 pages (my former colleagues can correct me on that). In fact, its success was so complete that it induced the rollout of a proper intranet (which happened after I left).

I’ve just rolled out the latest stable version of JSPWiki at my new place, and it seems to be going OK so far. There’s a slower take-up, but then again the team is much, much smaller. It also reminded me that the default install requires you to enter “\” when you want a single line-break. This is completely brain-dead, and I can’t imagine any circumstance when you would possibly want this behaviour. For what it’s worth, MediaWiki also sports this mis-feature. In the earlier 2.0.52 I had applied a patch by Kieron Wilkinson which allowed for what you’d expect the default behaviour to be: implicit linebreaks.

The biggest complaint I received about my first rollout of JSPWiki (which was version 2.0.52) was the lack of ACLs. At first, there weren’t any, but the further the wiki moved into the sphere of people in a more, er, traditional mindset, the more complaints I got.

The latest version of JSPWiki (2.3) has an entire Security 2.3 system and allows the administrator to set both per-wiki and per-page permissions. The documentation is very good, but maybe the most informative information for those wishing to deploy JSPWiki in a business comes in the response to a question in the Security 2.3 FAQ:

The authentication system is totally pluggable, and is based on a Java-standard API — JAAS. […] You should be able to use container-managed authentication to establish who the user is by plugging Tomcat in to an LDAP server or JDBC database… just use their realm support, and turn on the single sign-on (SSO) feature to share cookies between webapps.

Now, as to the subject of what the user can do after authentication, if you are using container-managed authentication you can also use externally defined groups (such as those in LDAP or a database) to establish group membership (accounting, IT, sales, etc.) Then, you simply add access control lists (ACLs) to each page that specify which of those groups can access the page. If you want to set a default security policy for *all* pages or ranges of pages, too, that’s also possible. The policy file is a standard Java policy file, so that should be pretty straightforward to customize. But that’s it. A few config files to fiddle with, but no code to write — and it should hook into your web container security and enterprise realms without any difficulty at all.

I’ll definitely be trying this out when I get some time.

Structured Blogging opens up

OK so this is old news because I’ve not been the blogging mood, but I think it’s important enough to cover anyway.

In November 2005 I posted that:

by far the weakest point of structuredblogging, head and shoulders above any technical detail, is the total lack of any obvious update since April 2005. To all intents and purposes, the site and project look dead from the outside, offering only an email address where you can send comments and suggestions.

and that

I can’t see that structuredblogging stands a chance of gaining a foothold unless it opens up in the same way that the microformats crowd currently do.

Now, although the point was good, I was writing it from slightly the wrong perspective because as Bob Wyman wrote last month: Structured Blogging is a thing you do — not a format. This misconception was an easy one to make because of the lack of communication coming out of the Structured Blogging camp. No more.

The Structured Blogging website has been updated; there is a Structured Blogging blog; wiki (although a bit lacking in content), and a mailing list. There are new plugins for both WordPress and Movable Type which allow the author of a blog post to create posts packed to the rafters with microformat goodness. That’s right, the Structured Blogging plugins create blog posts with microformats. This is clearly the best way to go about it – creating tools for microformat creation is the current big problem facing microformats, and the Structured Blogging guys are creating solutions. Hurrah for them!

I don’t have an MT blog, but I plan on looking at the new WordPress 2.0 this week, and I’ll be checking out the Structured Blogging plugin and seeing if I feel the same way about it as Rod Boothby does about the MT one.

I’m looking forward to it!