| <!DOCTYPE html> |
| <!-- |
| | Generated by Apache Maven Doxia Site Renderer 1.8.1 |
| | Rendered using Apache Maven Fluido Skin 1.6 |
| --> |
| <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> |
| <head> |
| <meta charset="UTF-8" /> |
| <meta name="viewport" content="width=device-width, initial-scale=1.0" /> |
| <meta name="Date-Creation-yyyymmdd" content="20110916" /> |
| <meta http-equiv="Content-Language" content="en" /> |
| <title>Archiva Documentation – Archiva Security Configuration</title> |
| <link rel="stylesheet" href="../css/apache-maven-fluido-1.6.min.css" /> |
| <link rel="stylesheet" href="../css/site.css" /> |
| <link rel="stylesheet" href="../css/print.css" media="print" /> |
| <script type="text/javascript" src="../js/apache-maven-fluido-1.6.min.js"></script> |
| <!-- Google Analytics --> |
| <script type="text/javascript"> |
| var _gaq = _gaq || []; |
| _gaq.push(['_setAccount', 'UA-140879-5']); |
| _gaq.push(['_trackPageview']); |
| (function() { |
| var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true; |
| ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js'; |
| var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s); |
| })(); |
| </script> |
| </head> |
| <body class="topBarDisabled"> |
| <a href="https://github.com/apache/archiva"> |
| <img style="position: absolute; top: 0; right: 0; border: 0; z-index: 10000;" |
| src="https://s3.amazonaws.com/github/ribbons/forkme_right_gray_6d6d6d.png" |
| alt="Fork me on GitHub"> |
| </a> |
| <div class="container-fluid"> |
| <div id="banner"> |
| <div class="pull-left"><a href="http://archiva.apache.org/" id="bannerLeft"><img src="http://archiva.apache.org/images/archiva.png" alt="Apache Archiva"/></a></div> |
| <div class="pull-right"><a href="http://www.apache.org/" id="bannerRight"><img src="https://www.apache.org/images/asf_logo_wide_2016.png" alt="Apache Software Foundation"/></a></div> |
| <div class="clear"><hr/></div> |
| </div> |
| |
| <div id="breadcrumbs"> |
| <ul class="breadcrumb"> |
| <li class=""><a href="https://www.apache.org" class="externalLink" title="Apache">Apache</a><span class="divider">/</span></li> |
| <li class=""><a href="../../../index.html" title="Archiva">Archiva</a><span class="divider">/</span></li> |
| <li class=""><a href="../index.html" title="Archiva Documentation">Archiva Documentation</a><span class="divider">/</span></li> |
| <li class="active ">Archiva Security Configuration</li> |
| <li id="publishDate" class="pull-right"><span class="divider">|</span> Last Published: 2019-11-30</li> |
| <li id="projectVersion" class="pull-right">Version: 3.0.0-SNAPSHOT</li> |
| </ul> |
| </div> |
| <div class="row-fluid"> |
| <div id="leftColumn" class="span2"> |
| <div class="well sidebar-nav"> |
| <ul class="nav nav-list"> |
| <li class="nav-header">Introduction</li> |
| <li><a href="../quick-start.html" title="Quick Start"><span class="none"></span>Quick Start</a> </li> |
| <li><a href="../tour/index.html" title="Feature Tour"><span class="none"></span>Feature Tour</a> </li> |
| <li><a href="../release-notes.html" title="Release Notes"><span class="none"></span>Release Notes</a> </li> |
| <li><a href="../../../download.html" title="Downloads"><span class="none"></span>Downloads</a> </li> |
| <li class="nav-header">Users Guide</li> |
| <li><a href="../userguide/browsing.html" title="Browsing"><span class="none"></span>Browsing</a> </li> |
| <li><a href="../userguide/searching.html" title="Searching"><span class="none"></span>Searching</a> </li> |
| <li><a href="../userguide/delete-artifact.html" title="Deleting an Artifact"><span class="none"></span>Deleting an Artifact</a> </li> |
| <li><a href="../userguide/using-repository.html" title="Using as a repository"><span class="none"></span>Using as a repository</a> </li> |
| <li><a href="../userguide/deploy.html" title="Deploying to repository"><span class="none"></span>Deploying to repository</a> </li> |
| <li><a href="../userguide/virtual-repositories.html" title="Configuring Virtual Repositories"><span class="none"></span>Configuring Virtual Repositories</a> </li> |
| <li><a href="../userguide/rss.html" title="Rss Feeds in Archiva"><span class="none"></span>Rss Feeds in Archiva</a> </li> |
| <li><a href="../userguide/querying-artifacts.html" title="Querying Artifacts"><span class="none"></span>Querying Artifacts</a> </li> |
| <li class="nav-header">Administrators Guide</li> |
| <li><a href="../adminguide/installing.html" title="Installing Archiva"><span class="icon-chevron-right"></span>Installing Archiva</a> </li> |
| <li><a href="../adminguide/databases.html" title="Databases"><span class="none"></span>Databases</a> </li> |
| <li><a href="../adminguide/repositories-content-storage.html" title="Repositories Content Storage"><span class="none"></span>Repositories Content Storage</a> </li> |
| <li><a href="../adminguide/security.html" title="Security"><span class="icon-chevron-down"></span>Security</a> |
| <ul class="nav nav-list"> |
| <li><a href="../adminguide/users.html" title="Users"><span class="none"></span>Users</a> </li> |
| <li><a href="../adminguide/roles.html" title="Roles"><span class="none"></span>Roles</a> </li> |
| <li class="active"><a href="#"><span class="none"></span>Customising</a> |
| </li> |
| </ul> |
| </li> |
| <li><a href="../adminguide/configuration.html" title="Archiva Configuration"><span class="icon-chevron-right"></span>Archiva Configuration</a> </li> |
| <li><a href="../adminguide/webservices/rest.html" title="REST Apis"><span class="none"></span>REST Apis</a> </li> |
| <li><a href="../adminguide/configuration-files.html" title="Configuration Files"><span class="none"></span>Configuration Files</a> </li> |
| <li><a href="../adminguide/system-status.html" title="System Status"><span class="none"></span>System Status</a> </li> |
| <li><a href="../adminguide/logging.html" title="Log Files"><span class="icon-chevron-right"></span>Log Files</a> </li> |
| <li><a href="../adminguide/reports.html" title="Reports"><span class="none"></span>Reports</a> </li> |
| <li class="nav-header">Customising Archiva</li> |
| <li><a href="../customising/writing-consumer.html" title="Writing a Consumer Plugin"><span class="none"></span>Writing a Consumer Plugin</a> </li> |
| <li class="nav-header">More Information</li> |
| <li><a href="https://cwiki.apache.org/confluence/display/ARCHIVA/Index" class="externalLink" title="Archiva Wiki"><span class="none"></span>Archiva Wiki</a> </li> |
| <li class="nav-header">ASF</li> |
| <li><a href="https://www.apache.org/foundation/how-it-works.html" class="externalLink" title="How Apache Works"><span class="none"></span>How Apache Works</a> </li> |
| <li><a href="https://www.apache.org/foundation/" class="externalLink" title="Foundation"><span class="none"></span>Foundation</a> </li> |
| <li><a href="https://www.apache.org/foundation/sponsorship.html" class="externalLink" title="Sponsoring Apache"><span class="none"></span>Sponsoring Apache</a> </li> |
| <li><a href="https://www.apache.org/foundation/thanks.html" class="externalLink" title="Thanks"><span class="none"></span>Thanks</a> </li> |
| <li class="nav-header">Project Documentation</li> |
| <li><a href="../project-info.html" title="Project Information"><span class="icon-chevron-right"></span>Project Information</a> </li> |
| </ul> |
| <form id="search-form" action="https://www.google.com/search" method="get" > |
| <input value="https://archiva.apache.org/docs/3.0.0-SNAPSHOT/" name="sitesearch" type="hidden"/> |
| <input class="search-query" name="q" id="query" type="text" /> |
| </form> |
| <script type="text/javascript">asyncJs( 'https://cse.google.com/brand?form=search-form' )</script> |
| <hr /> |
| <div id="poweredBy"> |
| <div class="clear"></div> |
| <div class="clear"></div> |
| <div id="twitter"> |
| <a href="https://twitter.com/archiva" class="twitter-follow-button" data-show-count="false" data-align="left" data-size="medium" data-show-screen-name="true" data-lang="en">Follow archiva</a> |
| <script type="text/javascript">!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0];if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src="//platform.twitter.com/widgets.js";fjs.parentNode.insertBefore(js,fjs);}}(document,"script","twitter-wjs");</script> |
| </div> |
| <div class="clear"></div> |
| <div class="clear"></div> |
| <a href="http://maven.apache.org/" title="Built by Maven" class="poweredBy"><img class="builtBy" alt="Built by Maven" src="../images/logos/maven-feather.png" /></a> |
| </div> |
| </div> |
| </div> |
| <div id="bodyColumn" class="span10" > |
| <div class="section"> |
| <h2><a name="Archiva_Security_Configuration"></a>Archiva Security Configuration</h2> |
| <p>Security properties and password rules are configured now in the Redback Runtime Configuration properties (see <a href="./redback-runtime-configuration.html#Runtime_properties">Redback Runtime Configuration</a>).</p> |
| <p>The Redback Runtime Configuration properties are stored in <tt>archiva.xml</tt>. The former <tt>security.properties</tt> file, if it exists, is only used once for populating the Runtime Configuration settings. After that, this file will be ignored.</p> |
| <p>These are the default properties. The file can be found in in Redback's svn repo: <a class="externalLink" href="http://svn.apache.org/repos/asf/archiva/redback/redback-core/trunk/redback-configuration/src/main/resources/org/apache/archiva/redback/config-defaults.properties"> config-defaults.properties</a></p> |
| <div class="source"><pre class="prettyprint"># Licensed to the Apache Software Foundation (ASF) under one |
| # or more contributor license agreements. See the NOTICE file |
| # distributed with this work for additional information |
| # regarding copyright ownership. The ASF licenses this file |
| # to you under the Apache License, Version 2.0 (the |
| # "License"); you may not use this file except in compliance |
| # with the License. You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, |
| # software distributed under the License is distributed on an |
| # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| # KIND, either express or implied. See the License for the |
| # specific language governing permissions and limitations |
| # under the License. |
| |
| # -------------------------------------------------------------------- |
| # Application Configuration |
| |
| application.timestamp=EEE d MMM yyyy HH:mm:ss Z |
| |
| # -------------------------------------------------------------------- |
| # JDBC Setup |
| |
| #jdbc.driver.name=org.apache.derby.jdbc.EmbeddedDriver |
| #jdbc.url=jdbc:derby:memory:users-tests;create=true |
| |
| jdbc.driver.name=org.hsqldb.jdbcDriver |
| jdbc.url=jdbc:hsqldb:mem:redback-test |
| |
| jdbc.username=sa |
| jdbc.password= |
| |
| # -------------------------------------------------------------------- |
| # Email Settings |
| |
| email.jndiSessionName=java:comp/env/mail/Session |
| email.smtp.host=localhost |
| email.smtp.port=25 |
| email.smtp.ssl.enabled=false |
| email.smtp.tls.enabled=false |
| email.smtp.username= |
| email.smtp.password= |
| |
| #TODO: move description elsewhere, remove bad default |
| # All emails sent by the system will be from the following address |
| #email.from.address=${user.name}@localhost |
| # All emails sent by the system will be from the following user name (used in conjunction with address) |
| #email.from.name=Unconfigured Username |
| |
| # If all email addresses (from new user registration) require an account validation email. |
| email.validation.required=true |
| # Timeout (in minutes) for the key generated for an email validation to remain valid. |
| # 2880 minutes = 48 hours |
| email.validation.timeout=2880 |
| # The subject line for the email message. |
| email.validation.subject=Welcome |
| |
| #TODO: move description elsewhere, remove bad default |
| # Get the Feedback to use for any outgoing emails. |
| # NOTE: if feedback.path starts with a "/" it is appended to the end of the value provided in application.url |
| # This value can be in the format/syntax of "/feedback.action" or even "mailto:feedback@application.com" |
| #email.feedback.path=/feedback.action |
| |
| #Set the application base URL. The default is to derive it from the HTTP request |
| #application.url=http://myurl.mycompany.com |
| |
| # -------------------------------------------------------------------- |
| # Auto Login Settings |
| |
| security.rememberme.enabled=true |
| # Timeout in days ( 365 days = 1 year ) |
| security.rememberme.timeout=365 |
| security.rememberme.path=/ |
| security.rememberme.domain= |
| security.rememberme.secure=false |
| |
| # Single Sign On |
| # Timeout in minutes |
| security.signon.timeout=30 |
| |
| # -------------------------------------------------------------------- |
| # Default Username Values |
| redback.default.admin=admin |
| redback.default.guest=guest |
| |
| # -------------------------------------------------------------------- |
| # Security Policies |
| |
| #security.policy.password.encoder= |
| security.policy.password.previous.count=6 |
| security.policy.password.expiration.enabled=true |
| security.policy.password.expiration.days=90 |
| security.policy.password.expiration.notify.days=10 |
| security.policy.allowed.login.attempt=10 |
| |
| # turn off the perclick enforcement of various security policies, slightly |
| # more heavyweight since it will ensure that the User object on each click |
| # is up to date |
| security.policy.strict.enforcement.enabled=true |
| security.policy.strict.force.password.change.enabled=true |
| |
| # -------------------------------------------------------------------- |
| # Password Rules |
| security.policy.password.rule.alphanumeric.enabled=false |
| security.policy.password.rule.alphacount.enabled=true |
| security.policy.password.rule.alphacount.minimum=1 |
| security.policy.password.rule.characterlength.enabled=true |
| security.policy.password.rule.characterlength.minimum=1 |
| security.policy.password.rule.characterlength.maximum=24 |
| security.policy.password.rule.musthave.enabled=true |
| security.policy.password.rule.numericalcount.enabled=true |
| security.policy.password.rule.numericalcount.minimum=1 |
| security.policy.password.rule.reuse.enabled=true |
| security.policy.password.rule.nowhitespace.enabled=true |
| |
| # -------------------------------------------------------------------- |
| # ldap settings |
| # |
| ldap.bind.authenticator.enabled=false |
| |
| # ldap options for configuration via properties file |
| #ldap.config.hostname= |
| #ldap.config.port= |
| #ldap.config.base.dn= |
| #ldap.config.context.factory= |
| #ldap.config.bind.dn= |
| #ldap.config.password= |
| #ldap.config.authentication.method= |
| |
| # config parameter for the ConfigurableUserManager |
| user.manager.impl=jpa |
| |
| |
| # REST security settings |
| |
| # Cross Site Request Forgery (CSRF) Prevention |
| # -------------------------------------------- |
| # Enable/Disable CSRF filtering. |
| # Possible values: true, false |
| rest.csrffilter.enabled=true |
| # Base URL used to verify the origin headers of the requests. If not set or empty |
| # it tries to determine the base url automatically |
| rest.baseUrl= |
| # What to do, if the request contains no Origin or Referer header. |
| # If true, requests without Origin or Referer Header are denied, otherwise accepted. |
| # Possible values: true, false |
| rest.csrffilter.absentorigin.deny=true |
| # Enable/Disable the token validation only. |
| # If true, the validation of the CSRF tokens will be disabled. |
| # Possible values: true, false |
| rest.csrffilter.disableTokenValidation=false |
| </pre></div> |
| <p><b>Note:</b> If installed standalone, Archiva's list of configuration files is <i>itself</i> configurable, and can be found in: <tt>apps/archiva/WEB-INF/applicationContext.xml</tt></p> |
| <p>Values from sources</p> |
| <div class="source"><pre class="prettyprint"><bean name="commons-configuration" class="org.apache.archiva.components.registry.commons.CommonsConfigurationRegistry" |
| init-method="initialize"> |
| <property name="properties"> |
| <value> |
| <![CDATA[ |
| <configuration> |
| <system/> |
| <jndi prefix="java:comp/env" config-optional="true"/> |
| <xml fileName="${appserver.base}/conf/archiva.xml" config-optional="true" |
| config-name="org.apache.archiva.base" |
| config-at="org.apache.archiva"/> |
| <xml fileName="${appserver.base}/conf/shared.xml" config-optional="true" |
| config-name="org.apache.maven.shared.app.base" config-at="org.apache.maven.shared.app"/> |
| <xml fileName="${appserver.base}/conf/common.xml" config-optional="true"/> |
| <properties fileName="${appserver.base}/conf/security.properties" config-optional="true" |
| config-at="org.apache.archiva.redback"/> |
| <xml fileName="${appserver.home}/conf/archiva.xml" config-optional="true" |
| config-at="org.apache.archiva"/> |
| <xml fileName="${appserver.home}/conf/shared.xml" config-optional="true" |
| config-at="org.apache.maven.shared.app"/> |
| <xml fileName="${appserver.home}/conf/common.xml" config-optional="true"/> |
| <properties fileName="${appserver.home}/conf/security.properties" config-optional="true" |
| config-at="org.apache.archiva.redback"/> |
| <properties fileName="org/apache/archiva/redback-security.properties" config-at="org.apache.archiva.redback"/> |
| </configuration> |
| ]]> |
| </value> |
| </property> |
| </bean> |
| </pre></div></div> |
| </div> |
| </div> |
| </div> |
| <hr/> |
| <footer> |
| <div class="container-fluid"> |
| <div class="row-fluid"> |
| <div class="row"> |
| <div class="span6 offset1">Apache Archiva, Archiva, Apache, the Apache feather logo, and the Apache Archiva project logos are trademarks of The Apache Software Foundation.</div> |
| </div> |
| <div class="row"> |
| |
| </div> |
| <div class="row"> |
| <div class="span6 offset2"> |
| <p> |
| <a href="https://archiva.apache.org/docs/3.0.0-SNAPSHOT/privacy-policy.html">Privacy Policy</a> |
| </p> |
| </div> |
| </div> |
| </div> |
| <div id="ohloh" class="pull-right"> |
| <script type="text/javascript" src="https://www.ohloh.net/p/6670/widgets/project_thin_badge.js"></script> |
| </div> |
| </div> |
| </footer> |
| </body> |
| </html> |