Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

It is recommended that if you are going to be having any sensitive information then the first thing you do is enable the default ACL and set it to deny access to everyone.


As of Weave 2.5.25 it's possible to also list individual users in an ACL. Before then you could only reference groups that users belong to, but this has to be enabled by setting a system property (because of the security implications).

To do this you need to define the property in ...\weave\service\conf\wrapper.conf, and/or ...\weave\startup.cmd, depending upon how you start Weave.
For example in wrapper.conf, and the bottom of the file, there will already be a number of system properties defined, e.g.
  wrapper.java.additional.4 = -Dfile.encoding=UTF-8
you just need to find the highest number, add one to it, and create a new line with the named property and value, so for the current default version of that file you'd add:
  wrapper.java.additional.22 = -Dweave.enable.user.acl=true
You should be able to figure it out for startup.cmd, it's the same basic premise.

Once you've added the system property and restarted Weave you should be able to directly reference user names in the allow/deny entries in an ACL.

Namespace

urn:com.cohga.server.acl#1.0

...