| <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| <html> |
| <head> |
| <title>Archiva Documentation - Archiva Security Configuration</title> |
| <style type="text/css" media="all"> |
| @import url("../css/maven-base.css"); |
| @import url("../css/maven-theme.css"); |
| @import url("../css/site.css"); |
| </style> |
| <link rel="stylesheet" href="../css/print.css" type="text/css" media="print" /> |
| <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" /> |
| <?xml version="1.0" encoding="UTF-8"?> |
| <script type="text/javascript">var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www."); |
| document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script> |
| <?xml version="1.0" encoding="UTF-8"?> |
| <script type="text/javascript">var pageTracker = _gat._getTracker("UA-140879-5"); |
| pageTracker._initData(); |
| pageTracker._trackPageview();</script> |
| </head> |
| <body class="composite"> |
| <div id="banner"> |
| <a href="../../" id="bannerLeft"> |
| |
| <img src="http://archiva.apache.org/images/archiva.png" alt="" /> |
| |
| </a> |
| <a href="http://www.apache.org/" id="bannerRight"> |
| |
| <img src="http://www.apache.org/images/asf_logo_wide.png" alt="" /> |
| |
| </a> |
| <div class="clear"> |
| <hr/> |
| </div> |
| </div> |
| <div id="breadcrumbs"> |
| |
| |
| |
| |
| |
| |
| |
| <div class="xleft"> |
| |
| <a href="http://www.apache.org/">Apache</a> |
| > |
| |
| <a href="../../../">Archiva</a> |
| > |
| |
| <a href="../index.html">1.3.9</a> |
| </div> |
| <div class="xright"> |
| |
| |
| |
| |
| |
| |
| | Last Published: 01 Jul 2014 |
| </div> |
| <div class="clear"> |
| <hr/> |
| </div> |
| </div> |
| <div id="leftColumn"> |
| <div id="navcolumn"> |
| |
| |
| |
| |
| |
| |
| |
| <h5>Introduction</h5> |
| <ul> |
| |
| <li class="none"> |
| <a href="../quick-start.html">Quick Start</a> |
| </li> |
| |
| <li class="none"> |
| <a href="../tour/index.html">Feature Tour</a> |
| </li> |
| |
| <li class="none"> |
| <a href="../release-notes.html">Release Notes</a> |
| </li> |
| |
| <li class="none"> |
| <a href="http://archiva.apache.org/download.html">Downloads</a> |
| </li> |
| </ul> |
| <h5>Users Guide</h5> |
| <ul> |
| |
| <li class="none"> |
| <a href="../userguide/browsing.html">Browsing</a> |
| </li> |
| |
| <li class="none"> |
| <a href="../userguide/searching.html">Searching</a> |
| </li> |
| |
| <li class="none"> |
| <a href="../userguide/find-artifact.html">Identifying an Artifact</a> |
| </li> |
| |
| <li class="none"> |
| <a href="../userguide/delete-artifact.html">Deleting an Artifact</a> |
| </li> |
| |
| <li class="none"> |
| <a href="../userguide/using-repository.html">Using as a repository</a> |
| </li> |
| |
| <li class="none"> |
| <a href="../userguide/deploy.html">Deploying to repository</a> |
| </li> |
| |
| <li class="none"> |
| <a href="../userguide/virtual-repositories.html">Configuring Virtual Repositories</a> |
| </li> |
| |
| <li class="none"> |
| <a href="../userguide/rss.html">Rss Feeds in Archiva</a> |
| </li> |
| |
| <li class="none"> |
| <a href="../userguide/auditlog-report.html">Audit Log Report</a> |
| </li> |
| </ul> |
| <h5>Administrators Guide</h5> |
| <ul> |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| <li class="collapsed"> |
| <a href="../adminguide/installing.html">Installing Archiva</a> |
| </li> |
| |
| <li class="none"> |
| <a href="../adminguide/databases.html">Databases</a> |
| </li> |
| |
| |
| |
| |
| |
| |
| |
| <li class="expanded"> |
| <a href="../adminguide/security.html">Security</a> |
| <ul> |
| |
| <li class="none"> |
| <a href="../adminguide/roles.html">Roles</a> |
| </li> |
| |
| <li class="none"> |
| <strong>Customising</strong> |
| </li> |
| </ul> |
| </li> |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| <li class="collapsed"> |
| <a href="../adminguide/configuration.html">Runtime Configuration</a> |
| </li> |
| |
| <li class="none"> |
| <a href="../adminguide/configuration-files.html">Configuration Files</a> |
| </li> |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| <li class="collapsed"> |
| <a href="../adminguide/logging.html">Log Files</a> |
| </li> |
| |
| <li class="none"> |
| <a href="../adminguide/reports.html">Reports</a> |
| </li> |
| |
| <li class="none"> |
| <a href="../adminguide/web-services.html">Web Services</a> |
| </li> |
| </ul> |
| <h5>Customising Archiva</h5> |
| <ul> |
| |
| <li class="none"> |
| <a href="../customising/writing-consumer.html">Writing a Consumer Plugin</a> |
| </li> |
| </ul> |
| <h5>More Information</h5> |
| <ul> |
| |
| <li class="none"> |
| <a href="http://cwiki.apache.org/confluence/display/ARCHIVA/Index">Archiva Wiki</a> |
| </li> |
| </ul> |
| <a href="http://maven.apache.org/" title="Built by Maven" id="poweredBy"> |
| <img alt="Built by Maven" src="../images/logos/maven-feather.png"></img> |
| </a> |
| |
| |
| |
| |
| |
| |
| |
| </div> |
| </div> |
| <div id="bodyColumn"> |
| <div id="contentBox"> |
| <div class="section"><h2>Archiva Security Configuration</h2><p>Security properties and password rules can be configured in the <tt>security.properties</tt> file, which by default is searched for in:</p><ul><li><tt>~/.m2/security.properties</tt></li><li><tt>conf/security.properties</tt> in the Archiva installation</li></ul><p>(In the above list, <tt>~</tt> is the home directory of the user who is running Archiva.)</p><p>Following are some of the properties you can modify. For a complete list, consult the default properties file in Redback's svn repo: <a href="http://svn.codehaus.org/redback/redback/trunk/redback-configuration/src/main/resources/org/codehaus/plexus/redback/config-defaults.properties"> config-defaults.properties</a></p><div class="source"><pre># Security Policies |
| #security.policy.password.encoder= |
| security.policy.password.previous.count=6 |
| security.policy.password.expiration.days=90 |
| security.policy.allowed.login.attempt=3 |
| |
| # Password Rules |
| security.policy.password.rule.alphanumeric.enabled=false |
| security.policy.password.rule.alphacount.enabled=true |
| security.policy.password.rule.alphacount.minimum=1 |
| security.policy.password.rule.characterlength.enabled=true |
| security.policy.password.rule.characterlength.minimum=1 |
| security.policy.password.rule.characterlength.maximum=8 |
| security.policy.password.rule.musthave.enabled=true |
| security.policy.password.rule.numericalcount.enabled=true |
| security.policy.password.rule.numericalcount.minimum=1 |
| security.policy.password.rule.reuse.enabled=true |
| security.policy.password.rule.nowhitespace.enabled=true</pre></div><p><b>Note:</b> If installed standalone, Archiva's list of configuration files is <i>itself</i> configurable, and can be found in: <tt>apps/archiva/WEB-INF/classes/META-INF/plexus/application.xml</tt></p><div class="section"><h3>Additional CSRF Prevention</h3><p>To help prevent cross-site request forgery, it is possible to enable a basic check that the referrer is the current site.</p><p><i>Note:</i> This is only a generic solution that may prevent some types of attacks but not others. It may cause problems with certain user agents. By default, the check is off.</p><p>To enable the check, change the following configuration value in the <tt>struts.xml</tt> file in the <tt>WEB-INF/classes</tt> directory of the web application (2 locations):</p><div class="source"><pre><interceptor-ref name="redbackSecureActions"> |
| <param name="enableReferrerCheck">false</param> |
| </interceptor-ref></pre></div></div></div> |
| </div> |
| </div> |
| <div class="clear"> |
| <hr/> |
| </div> |
| <div id="footer"> |
| <div class="xright">© |
| 2006-2014 |
| |
| The Apache Software Foundation |
| |
| |
| |
| |
| |
| |
| |
| </div> |
| <div class="clear"> |
| <hr/> |
| </div> |
| </div> |
| </body> |
| </html> |