| <!DOCTYPE html> |
| <!-- |
| | Generated by Apache Maven Doxia |
| | Rendered using Apache Maven Fluido Skin 1.3.1 |
| --> |
| <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> |
| <head> |
| <meta charset="UTF-8" /> |
| <meta name="viewport" content="width=device-width, initial-scale=1.0" /> |
| <meta name="Date-Revision-yyyymmdd" content="20170517" /> |
| <meta http-equiv="Content-Language" content="en" /> |
| <title>Apache Redback – Configuration</title> |
| <link rel="stylesheet" href="./css/apache-maven-fluido-1.3.1.min.css" /> |
| <link rel="stylesheet" href="./css/site.css" /> |
| <link rel="stylesheet" href="./css/print.css" media="print" /> |
| |
| |
| <script type="text/javascript" src="./js/apache-maven-fluido-1.3.1.min.js"></script> |
| |
| |
| <!-- Google Analytics --> |
| <script type="text/javascript"> |
| |
| var _gaq = _gaq || []; |
| _gaq.push(['_setAccount', 'UA-140879-5']); |
| _gaq.push(['_trackPageview']); |
| |
| (function() { |
| var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true; |
| ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js'; |
| var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s); |
| })(); |
| |
| </script> |
| </head> |
| <body class="topBarEnabled"> |
| |
| |
| |
| |
| |
| <div id="topbar" class="navbar navbar-fixed-top "> |
| <div class="navbar-inner"> |
| <div class="container"><div class="nav-collapse"> |
| |
| |
| <ul class="nav"> |
| <li class="dropdown"> |
| <a href="#" class="dropdown-toggle" data-toggle="dropdown">Overview <b class="caret"></b></a> |
| <ul class="dropdown-menu"> |
| |
| <li> <a href="index.html" title="Introduction">Introduction</a> |
| </li> |
| |
| <li> <a href="authentication.html" title="Authentication">Authentication</a> |
| </li> |
| |
| <li> <a href="authorization.html" title="Authorization">Authorization</a> |
| </li> |
| |
| <li> <a href="user-management.html" title="User Management">User Management</a> |
| </li> |
| |
| <li> <a href="key-store.html" title="Key Stores">Key Stores</a> |
| </li> |
| |
| <li> <a href="configuration.html" title="Configuration">Configuration</a> |
| </li> |
| |
| <li class="dropdown-submenu"> |
| <a href="rbac/introduction.html" title="Role Based Access Control">Role Based Access Control</a> |
| <ul class="dropdown-menu"> |
| <li> <a href="rbac/role-management.html" title="Role Management">Role Management</a> |
| </li> |
| </ul> |
| </li> |
| |
| <li> <a href="integration/ldap.html" title="Ldap">Ldap</a> |
| </li> |
| |
| <li> <a href="integration/rest.html" title="Rest">Rest</a> |
| </li> |
| </ul> |
| </li> |
| <li class="dropdown"> |
| <a href="#" class="dropdown-toggle" data-toggle="dropdown">Development <b class="caret"></b></a> |
| <ul class="dropdown-menu"> |
| |
| <li> <a href="development/extending-authn.html" title="Extending Redback Authentication">Extending Redback Authentication</a> |
| </li> |
| |
| <li> <a href="../redback/components" title="Redback Components">Redback Components</a> |
| </li> |
| |
| <li> <a href="../redback/core" title="Redback Core">Redback Core</a> |
| </li> |
| </ul> |
| </li> |
| <li class="dropdown"> |
| <a href="#" class="dropdown-toggle" data-toggle="dropdown">ASF <b class="caret"></b></a> |
| <ul class="dropdown-menu"> |
| |
| <li> <a href="http://www.apache.org/foundation/how-it-works.html" title="How Apache Works">How Apache Works</a> |
| </li> |
| |
| <li> <a href="http://www.apache.org/foundation/" title="Foundation">Foundation</a> |
| </li> |
| |
| <li> <a href="http://www.apache.org/foundation/sponsorship.html" title="Sponsoring Apache">Sponsoring Apache</a> |
| </li> |
| |
| <li> <a href="http://www.apache.org/foundation/thanks.html" title="Thanks">Thanks</a> |
| </li> |
| </ul> |
| </li> |
| <li class="dropdown"> |
| <a href="#" class="dropdown-toggle" data-toggle="dropdown">Project Documentation <b class="caret"></b></a> |
| <ul class="dropdown-menu"> |
| |
| <li class="dropdown-submenu"> |
| <a href="project-info.html" title="Project Information">Project Information</a> |
| <ul class="dropdown-menu"> |
| <li> <a href="integration.html" title="Continuous Integration">Continuous Integration</a> |
| </li> |
| <li> <a href="issue-tracking.html" title="Issue Tracking">Issue Tracking</a> |
| </li> |
| <li> <a href="mail-lists.html" title="Mailing Lists">Mailing Lists</a> |
| </li> |
| <li> <a href="license.html" title="Project License">Project License</a> |
| </li> |
| <li> <a href="team-list.html" title="Project Team">Project Team</a> |
| </li> |
| <li> <a href="source-repository.html" title="Source Repository">Source Repository</a> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| |
| <form id="search-form" action="http://www.google.com/search" method="get" class="navbar-search pull-right" > |
| |
| <input value="http://archiva.apache.org/redback" name="sitesearch" type="hidden"/> |
| <input class="search-query" name="q" id="query" type="text" /> |
| </form> |
| <script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=search-form"></script> |
| |
| |
| |
| |
| <ul class="nav pull-right"><li> |
| |
| <a href="https://twitter.com/archiva" class="twitter-follow-button" data-show-count="false" data-align="right" data-size="large" data-show-screen-name="true" data-lang="en">Follow archiva</a> |
| <script type="text/javascript">!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0];if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src="//platform.twitter.com/widgets.js";fjs.parentNode.insertBefore(js,fjs);}}(document,"script","twitter-wjs");</script> |
| |
| </li></ul> |
| |
| |
| </div> |
| |
| </div> |
| </div> |
| </div> |
| |
| <div class="container"> |
| <div id="banner"> |
| <div class="pull-left"> |
| <a href="../redback" id="bannerLeft"> |
| <img src="images/redback.jpg" alt="Redback"/> |
| </a> |
| </div> |
| <div class="pull-right"> <a href="http://www.apache.org/" id="bannerRight"> |
| <img src="https://www.apache.org/images/asf_logo_wide_2016.png" alt="Apache Software Foundation"/> |
| </a> |
| </div> |
| <div class="clear"><hr/></div> |
| </div> |
| |
| <div id="breadcrumbs"> |
| <ul class="breadcrumb"> |
| |
| |
| <li id="publishDate">Last Published: 2017-05-17 |
| <span class="divider">|</span> |
| </li> |
| <li class=""> |
| <a href="http://www.apache.org/" class="externalLink" title="Apache"> |
| Apache</a> |
| <span class="divider">/</span> |
| </li> |
| <li class=""> |
| <a href="./" title="Apache Redback"> |
| Apache Redback</a> |
| <span class="divider">/</span> |
| </li> |
| <li class="active ">Configuration</li> |
| |
| |
| |
| |
| </ul> |
| </div> |
| |
| |
| |
| <div id="bodyColumn" > |
| |
| <!-- Licensed to the Apache Software Foundation (ASF) under one --><!-- or more contributor license agreements. See the NOTICE file --><!-- distributed with this work for additional information --><!-- regarding copyright ownership. The ASF licenses this file --><!-- to you under the Apache License, Version 2.0 (the --><!-- "License"); you may not use this file except in compliance --><!-- with the License. You may obtain a copy of the License at --><!-- --><!-- http://www.apache.org/licenses/LICENSE-2.0 --><!-- --><!-- Unless required by applicable law or agreed to in writing, --><!-- software distributed under the License is distributed on an --><!-- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY --><!-- KIND, either express or implied. See the License for the --><!-- specific language governing permissions and limitations --><!-- under the License. --><!-- NOTE: For help with the syntax of this file, see: --><!-- http://maven.apache.org/guides/mini/guide-apt-format.html --><div class="section"> |
| <h2><a name="Redback_Configuration"></a>Redback Configuration</h2> |
| <p>Configuration in Redback is governed by a plexus configuration setup making use of properties files. Below is a listing of all of the available configuration options along with default values and notes on what they are where applicable.</p> |
| <ul> |
| <li><a href="#Redback_Configuration">Redback Configuration</a> |
| <ul> |
| <li><a href="#Configuration_File_Locations">Configuration File Locations</a></li> |
| <li><a href="#Configuration_Options">Configuration Options</a> |
| <ul> |
| <li><a href="#Application_Configuration">Application Configuration</a></li> |
| <li><a href="#JDBC_Setup">JDBC Setup</a></li> |
| <li><a href="#Email_Settings">Email Settings</a></li> |
| <li><a href="#Auto_Login_Settings">Auto Login Settings</a></li> |
| <li><a href="#Default_Username_Values">Default Username Values</a></li> |
| <li><a href="#Security_Policies">Security Policies</a></li> |
| <li><a href="#Password_Rules">Password Rules</a></li> |
| <li><a href="#LDAP_settings">LDAP settings</a> |
| <ul> |
| <li><a href="#ldap_options_for_configuration_via_properties_file">ldap options for configuration via properties file</a></li></ul></li> |
| <li><a href="#User_Manager_Implementations_to_use">User Manager Implementation(s) to use</a></li> |
| <li><a href="#RBAC_Manager_Implementations_to_use">RBAC Manager Implementation(s) to use</a></li> |
| <li><a href="#REST_security_settings">REST security settings</a> |
| <ul> |
| <li><a href="#Cross_Site_Request_Forgery_CSRF_Prevention">Cross Site Request Forgery (CSRF) Prevention</a></li></ul></li></ul></li></ul></li></ul> |
| <div class="section"> |
| <h3><a name="Configuration_File_Locations"></a>Configuration File Locations</h3> |
| <p>Configuration file location can depend on the application that is embedding Redback. Since Redback is currently built up off of Plexus, it would be ideal to check out the application.xml of the relevant application and look for an entry similar to the following.</p> |
| <div> |
| <pre> |
| <bean name="userConfiguration" class="org.apache.archiva.redback.configuration.DefaultUserConfiguration" |
| init-method="initialize"> |
| <property name="configs"> |
| <list> |
| <value>src/test/resources/security.properties</value> |
| </list> |
| </property> |
| |
| <property name="registry" ref="registry#commons-configuration"/> |
| |
| </bean> |
| </pre></div></div> |
| <div class="section"> |
| <h3><a name="Configuration_Options"></a>Configuration Options</h3> |
| <div class="section"> |
| <h4><a name="Application_Configuration"></a>Application Configuration</h4> |
| <ul> |
| <li><tt>application.timestamp=EEE d MMM yyyy HH:mm:ss Z</tt></li> |
| <li><tt>application.url=http://myurl.mycompany.com</tt> |
| <ul> |
| <li>Set the application base URL. The default is to derive it from the HTTP request</li></ul></li></ul></div> |
| <div class="section"> |
| <h4><a name="JDBC_Setup"></a>JDBC Setup</h4> |
| <p>By default Redback uses Apache Derby for persistence of user and role information. This can be configured with the following options.</p> |
| <ul> |
| <li><tt>jdbc.driver.name=org.apache.derby.jdbc.EmbeddedDriver</tt></li> |
| <li><tt>jdbc.url=jdbc:derby:$<a name="plexus.home">plexus.home</a>/database;create=true</tt></li> |
| <li><tt>jdbc.username=sa</tt></li> |
| <li><tt>jdbc.password=</tt></li></ul> |
| <p>By default Redback uses Apache Derby for persistence of user and role information. This can be configured with the following options.</p> |
| <p><b>Note:</b> If you are using MySQL as your database, the database will not be populated if the encoding is initially set to UTF-8. As a workaround, set the database to UTF-8 encoding after it has been populated. See <a class="externalLink" href="http://jira.codehaus.org/browse/REDBACK-267"> REDBACK-267</a> for more details.</p></div> |
| <div class="section"> |
| <h4><a name="Email_Settings"></a>Email Settings</h4> |
| <ul> |
| <li><tt>email.jndiSessionName=java:comp/env/mail/Session</tt></li> |
| <li><tt>email.smtp.host=localhost</tt></li> |
| <li><tt>email.smtp.port=25</tt></li> |
| <li><tt>email.smtp.ssl.enabled=false</tt></li> |
| <li><tt>email.smtp.tls.enabled=false</tt></li> |
| <li><tt>email.smtp.username=</tt></li> |
| <li><tt>email.smtp.password=</tt></li> |
| <li><tt>email.from.address=$<a name="user.name">user.name</a>@localhost</tt> |
| <ul> |
| <li>All emails sent by the system will be from the following address</li></ul></li> |
| <li><tt>email.from.name=Unconfigured Username</tt></li> |
| <li><tt>email.validation.required=true</tt> |
| <ul> |
| <li>If all email addresses (from new user registration) require an account validation email. </li></ul></li> |
| <li><tt>email.validation.timeout=2880</tt> |
| <ul> |
| <li>Timeout (in minutes) for the key generated for an email validation to remain valid.</li> |
| <li>2880 minutes = 48 hours</li></ul></li> |
| <li><tt>email.validation.subject=Welcome</tt></li> |
| <li><tt>email.feedback.path=/feedback.action</tt> |
| <ul> |
| <li>Get the Feedback to use for any outgoing emails.</li> |
| <li>Feedback path starts with a "/" it is appended to the end of the value provided in application.url. This value can be in the format/syntax of "/feedback.action" or even "mailto:feedback@application.com"</li></ul></li></ul></div> |
| <div class="section"> |
| <h4><a name="Auto_Login_Settings"></a>Auto Login Settings</h4> |
| <ul> |
| <li><tt>security.rememberme.enabled=true</tt></li> |
| <li><tt>security.rememberme.timeout=365</tt> |
| <ul> |
| <li>Timeout in days</li></ul></li> |
| <li><tt>security.signon.timeout=30</tt> |
| <ul> |
| <li>Single Sign On</li> |
| <li>Timeout is in minutes</li></ul></li></ul></div> |
| <div class="section"> |
| <h4><a name="Default_Username_Values"></a>Default Username Values</h4> |
| <ul> |
| <li><tt>redback.default.admin=admin</tt> |
| <ul> |
| <li>name for the admin user, by default this is 'admin' and can not easily be changed after the fact at this point. However any number of people may be assigned full administrator roles.</li></ul></li> |
| <li><tt>redback.default.guest=guest</tt> (currently guest is an hardcoded value so not possible to configure it) |
| <ul> |
| <li>name of the guest user</li></ul></li></ul></div> |
| <div class="section"> |
| <h4><a name="Security_Policies"></a>Security Policies</h4> |
| <ul> |
| <li><tt>security.policy.password.encoder=</tt></li> |
| <li><tt>security.policy.password.previous.count=6</tt></li> |
| <li><tt>security.policy.password.expiration.enabled=true</tt></li> |
| <li><tt>security.policy.password.expiration.days=90</tt></li> |
| <li><tt>security.policy.password.expiration.notify.days=10</tt></li> |
| <li><tt>security.policy.allowed.login.attempt=10</tt></li> |
| <li><tt>security.policy.strict.enforcement.enabled=true</tt> |
| <ul> |
| <li>turn off the perclick enforcement of various security policies, slightly more heavyweight since it will ensure that the User object on each click is up to date</li></ul></li> |
| <li><tt>security.policy.strict.force.password.change.enabled=true</tt> |
| <ul> |
| <li>forces the user to change their password immediately should their account be flagged for a password change.</li></ul></li> |
| <li>security.policy.unlockable.accounts |
| <ul> |
| <li>can be specified multiple times to ensure that password policies never lock the specified account(s) (eg. security.policy.unlockable.accounts=guest )</li></ul></li></ul></div> |
| <div class="section"> |
| <h4><a name="Password_Rules"></a>Password Rules</h4> |
| <ul> |
| <li><tt>security.policy.password.rule.alphanumeric.enabled=false</tt></li> |
| <li><tt>security.policy.password.rule.alphacount.enabled=true</tt></li> |
| <li><tt>security.policy.password.rule.alphacount.minimum=1</tt></li> |
| <li><tt>security.policy.password.rule.characterlength.enabled=true</tt></li> |
| <li><tt>security.policy.password.rule.characterlength.minimum=1</tt></li> |
| <li><tt>security.policy.password.rule.characterlength.maximum=24</tt></li> |
| <li><tt>security.policy.password.rule.musthave.enabled=true</tt></li> |
| <li><tt>security.policy.password.rule.numericalcount.enabled=true</tt></li> |
| <li><tt>security.policy.password.rule.numericalcount.minimum=1</tt></li> |
| <li><tt>security.policy.password.rule.reuse.enabled=true</tt></li> |
| <li><tt>security.policy.password.rule.nowhitespace.enabled=true</tt></li></ul></div> |
| <div class="section"> |
| <h4><a name="LDAP_settings"></a>LDAP settings</h4> |
| <p>Ldap can be used as a readonly user manager, however the role assignment is still managed entirely within the given database store. This should be fixed in the future sometime but likely not before ldap is switched over as the default user and role store entirely.</p> |
| <ul> |
| <li><tt>ldap.user.store.enabled=false</tt></li> |
| <li><tt>ldap.bind.authenticator.enabled=false</tt></li></ul> |
| <div class="section"> |
| <h5><a name="ldap_options_for_configuration_via_properties_file"></a>ldap options for configuration via properties file</h5> |
| <ul> |
| <li><tt>ldap.config.hostname=</tt></li> |
| <li><tt>ldap.config.port=</tt></li> |
| <li><tt>ldap.config.base.dn=</tt></li> |
| <li><tt>ldap.config.context.factory=</tt></li> |
| <li><tt>ldap.config.bind.dn=</tt></li> |
| <li><tt>ldap.config.password=</tt></li> |
| <li><tt>ldap.config.authentication.method=</tt></li> |
| <li><tt>ldap.config.groups.class=</tt> object class for groups (default: groupOfUniqueNames)</li> |
| <li><tt>ldap.config.groups.base.dn= basedn</tt> for groups, dn with list of groups ( dc=archiva,dc=apache,dc=org ) (if empty default will be ldap.config.base.dn)</li> |
| <li><tt>ldap.config.groups.role.*(ldap group)=*(roles)</tt> (mapping ldap group <i>-</i> redback roles comma separated) (example: ldap.config.groups.role.archiva-admin=Archiva System Administrator, Foo)</li> |
| <li><tt>ldap.config.writable=true/false</tt> will write datas to ldap (default false)</li> |
| <li><tt>ldap.config.groups.use.rolename=true/false</tt> will create/use groups in ldap with default role if no group<i>-</i>role mapping found (default false)</li> |
| <li><tt>ldap.config.user.attribute=</tt> attribute name to use for user (default uid=)</li></ul></div></div> |
| <div class="section"> |
| <h4><a name="User_Manager_Implementations_to_use"></a>User Manager Implementation(s) to use</h4> |
| <ul> |
| <li><tt>user.manager.impl=cached</tt> (since 1.4-M4: Archiva support more than one value comma separated) |
| <ul> |
| <li>valid values for realistic usage are 'cached' and then further configuring the cached instance to use another underlying user manager like ldap or the jdo one which is used by default. Placing 'ldap' here will check with the ldap system for a fair amount of checks and would likely be a performance issue</li></ul></li></ul></div> |
| <div class="section"> |
| <h4><a name="RBAC_Manager_Implementations_to_use"></a>RBAC Manager Implementation(s) to use</h4> |
| <ul> |
| <li><tt>rbac.manager.impl=cached</tt> (since 1.4-M4: Archiva support more than one value comma separated)</li></ul></div> |
| <div class="section"> |
| <h4><a name="REST_security_settings"></a>REST security settings</h4> |
| <div class="section"> |
| <h5><a name="Cross_Site_Request_Forgery_CSRF_Prevention"></a>Cross Site Request Forgery (CSRF) Prevention</h5> |
| <p>There are multiple checks implemented to prevent CSRF attacks from other sides that are opened in the same browser. If you use the REST services from non-Browser clients or very old Browser versions you may need to deactivate some of these checks. If you deactivate these checks your archiva site will be more vulnerable to these attacks.</p> |
| <ul> |
| <li><tt>rest.csrffilter.enabled=true</tt> |
| <ul> |
| <li>Enable/disable the filter for CSRF prevention. Possible values: true, false</li></ul></li> |
| <li><tt>rest.baseUrl=</tt> |
| <ul> |
| <li>Set the base URL to which the Origin/Referer header are matched against. If it's empty, the URL is determined dynamically.</li></ul></li> |
| <li><tt>rest.csrffilter.absentorigin.deny=true</tt> |
| <ul> |
| <li>Defines what happens, if the client request does not contain a Origin or Referer header. This may happen with native REST clients. Browsers normally add these headers to the request, if it is initiated from another site. Possible values: true, false</li></ul></li> |
| <li><tt>rest.csrffilter.disableTokenValidation=false</tt> |
| <ul> |
| <li>Token validation means, that each REST request must send a validation token that is returned during the first login. If you have REST clients that cannot send this token you may have to disable this feature. Possible values: true, false</li></ul></li></ul></div></div></div></div> |
| </div> |
| </div> |
| |
| <hr/> |
| |
| <footer> |
| <div class="container"> |
| <div class="row"> |
| <p >Copyright © 2006–2017 |
| <a href="http://www.apache.org/">The Apache Software Foundation</a>. |
| All rights reserved. |
| |
| </p> |
| </div> |
| |
| |
| <div class="row span12">Apache Redback, Redback, Apache, the Apache feather logo, and the Apache Archiva project logos are trademarks of The Apache Software Foundation.</div> |
| |
| <div class="row span12"> |
| <a href="http://archiva.apache.org/redback-site/privacy-policy.html">Privacy Policy</a> |
| </div> |
| |
| <p id="poweredBy" class="pull-right"> |
| <a href="http://maven.apache.org/" title="Built by Maven" class="poweredBy"> |
| <img class="builtBy" alt="Built by Maven" src="./images/logos/maven-feather.png" /> |
| </a> |
| </p> |
| |
| |
| |
| |
| |
| <div id="ohloh" class="pull-right"> |
| <script type="text/javascript" src="http://www.ohloh.net/p/8659/widgets/project_basic_stats.js"></script> |
| </div> |
| </div> |
| </footer> |
| </body> |
| </html> |