docs/3.0.0-SNAPSHOT/adminguide/customising-security.html - archiva-web-content - Git at Google

 <!DOCTYPE html>


 <!--
  | Generated by Apache Maven Doxia Site Renderer 1.11.1 from src/site/apt/adminguide/customising-security.apt
  | Rendered using Apache Maven Fluido Skin 1.11.0
 -->
 <html xmlns="http://www.w3.org/1999/xhtml" lang="en">
   <head>
     <meta charset="UTF-8" />
     <meta name="viewport" content="width=device-width, initial-scale=1" />
     <meta name="generator" content="Apache Maven Doxia Site Renderer 1.11.1" />
     <meta name="date" content="2011-09-16" />
     <title>Archiva Documentation &#x2013; Archiva Security Configuration</title>
     <link rel="stylesheet" href="../css/apache-maven-fluido-1.11.0.min.css" />
     <link rel="stylesheet" href="../css/site.css" />
     <link rel="stylesheet" href="../css/print.css" media="print" />
     <script src="../js/apache-maven-fluido-1.11.0.min.js"></script>
     <!-- Google Analytics -->
     <script>
       (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
        (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
             m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
       })(window,document,'script','//www.google-analytics.com/analytics.js','ga');
       ga('create', 'UA-140879-5', 'auto');
       ga('send', 'pageview');
       ga('set', 'anonymizeIp', true);
       ga('set', 'forceSSL', true);
     </script>

     <!-- Matomo -->
     <script>
         var _paq = window._paq = window._paq || [];
                 _paq.push(['disableCookies']);
                     _paq.push(['trackPageView']);
                     _paq.push(['enableLinkTracking']);

         (function() {
             var u="https://analytics.apache.org";
             _paq.push(['setTrackerUrl', u+'/matomo.php']);
             _paq.push(['setSiteId', '10']);
             var d=document, g=d.createElement('script'), s=d.getElementsByTagName('script')[0];
             g.async=true; g.src=u+'/matomo.js'; s.parentNode.insertBefore(g,s);
         })();
     </script>
     <!-- End Matomo Code -->
   </head>
   <body class="topBarDisabled">
     <a href="https://github.com/apache/archiva">
       <img style="position: absolute; top: 0; right: 0; border: 0; z-index: 10000;"
         src="https://s3.amazonaws.com/github/ribbons/forkme_right_gray_6d6d6d.png"
         alt="Fork me on GitHub">
     </a>
     <div class="container-fluid">
       <header>
         <div id="banner">
           <div class="pull-left"><a href="http://archiva.apache.org/" id="bannerLeft"><img src="http://archiva.apache.org/images/archiva.png"  alt="Apache Archiva" style="" /></a></div>
           <div class="pull-right"><a href="https://www.apache.org/" id="bannerRight"><img src="https://www.apache.org/images/asf_logo_wide_2016.png"  alt="Apache Software Foundation" style="" /></a></div>
           <div class="clear"><hr/></div>
         </div>

         <div id="breadcrumbs">
           <ul class="breadcrumb">
       <li class=""><a href="https://www.apache.org" class="externalLink" title="Apache">Apache</a><span class="divider">/</span></li>
       <li class=""><a href="../../../index.html" title="Archiva">Archiva</a><span class="divider">/</span></li>
       <li class=""><a href="../index.html" title="Archiva Documentation">Archiva Documentation</a><span class="divider">/</span></li>
     <li class="active ">Archiva Security Configuration</li>
         <li id="publishDate" class="pull-right"><span class="divider">|</span> Last Published: 2022-07-25</li>
           <li id="projectVersion" class="pull-right">Version: 3.0.0-SNAPSHOT</li>
           </ul>
         </div>
       </header>
       <div class="row-fluid">
         <header id="leftColumn" class="span2">
           <nav class="well sidebar-nav">
   <ul class="nav nav-list">
    <li class="nav-header">Introduction</li>
     <li><a href="../quick-start.html" title="Quick Start"><span class="none"></span>Quick Start</a></li>
     <li><a href="../tour/index.html" title="Feature Tour"><span class="none"></span>Feature Tour</a></li>
     <li><a href="../release-notes.html" title="Release Notes"><span class="none"></span>Release Notes</a></li>
     <li><a href="../../../download.html" title="Downloads"><span class="none"></span>Downloads</a></li>
    <li class="nav-header">Users Guide</li>
     <li><a href="../userguide/browsing.html" title="Browsing"><span class="none"></span>Browsing</a></li>
     <li><a href="../userguide/searching.html" title="Searching"><span class="none"></span>Searching</a></li>
     <li><a href="../userguide/delete-artifact.html" title="Deleting an Artifact"><span class="none"></span>Deleting an Artifact</a></li>
     <li><a href="../userguide/using-repository.html" title="Using as a repository"><span class="none"></span>Using as a repository</a></li>
     <li><a href="../userguide/deploy.html" title="Deploying to repository"><span class="none"></span>Deploying to repository</a></li>
     <li><a href="../userguide/virtual-repositories.html" title="Configuring Virtual Repositories"><span class="none"></span>Configuring Virtual Repositories</a></li>
     <li><a href="../userguide/rss.html" title="Rss Feeds in Archiva"><span class="none"></span>Rss Feeds in Archiva</a></li>
     <li><a href="../userguide/querying-artifacts.html" title="Querying Artifacts"><span class="none"></span>Querying Artifacts</a></li>
    <li class="nav-header">Administrators Guide</li>
     <li><a href="../adminguide/installing.html" title="Installing Archiva"><span class="icon-chevron-right"></span>Installing Archiva</a></li>
     <li><a href="../adminguide/databases.html" title="Databases"><span class="none"></span>Databases</a></li>
     <li><a href="../adminguide/repositories-content-storage.html" title="Repositories Content Storage"><span class="none"></span>Repositories Content Storage</a></li>
     <li><a href="../adminguide/security.html" title="Security"><span class="icon-chevron-down"></span>Security</a>
      <ul class="nav nav-list">
       <li><a href="../adminguide/users.html" title="Users"><span class="none"></span>Users</a></li>
       <li><a href="../adminguide/roles.html" title="Roles"><span class="none"></span>Roles</a></li>
       <li class="active"><a><span class="none"></span>Customising</a></li>
      </ul></li>
     <li><a href="../adminguide/configuration.html" title="Archiva Configuration"><span class="icon-chevron-right"></span>Archiva Configuration</a></li>
     <li><a href="../adminguide/webservices/rest.html" title="REST Apis"><span class="none"></span>REST Apis</a></li>
     <li><a href="../adminguide/configuration-files.html" title="Configuration Files"><span class="none"></span>Configuration Files</a></li>
     <li><a href="../adminguide/system-status.html" title="System Status"><span class="none"></span>System Status</a></li>
     <li><a href="../adminguide/logging.html" title="Log Files"><span class="icon-chevron-right"></span>Log Files</a></li>
     <li><a href="../adminguide/reports.html" title="Reports"><span class="none"></span>Reports</a></li>
    <li class="nav-header">Customising Archiva</li>
     <li><a href="../customising/writing-consumer.html" title="Writing a Consumer Plugin"><span class="none"></span>Writing a Consumer Plugin</a></li>
    <li class="nav-header">More Information</li>
     <li><a href="https://cwiki.apache.org/confluence/display/ARCHIVA/Index" class="externalLink" title="Archiva Wiki"><span class="none"></span>Archiva Wiki</a></li>
    <li class="nav-header">ASF</li>
     <li><a href="https://www.apache.org/foundation/how-it-works.html" class="externalLink" title="How Apache Works"><span class="none"></span>How Apache Works</a></li>
     <li><a href="https://www.apache.org/foundation/" class="externalLink" title="Foundation"><span class="none"></span>Foundation</a></li>
     <li><a href="https://www.apache.org/foundation/sponsorship.html" class="externalLink" title="Sponsoring Apache"><span class="none"></span>Sponsoring Apache</a></li>
     <li><a href="https://www.apache.org/foundation/thanks.html" class="externalLink" title="Thanks"><span class="none"></span>Thanks</a></li>
    <li class="nav-header">Project Documentation</li>
     <li><a href="../project-info.html" title="Project Information"><span class="icon-chevron-right"></span>Project Information</a></li>
   </ul>
           </nav>
           <div class="well sidebar-nav">
 <form id="search-form" action="https://www.google.com/search" method="get" >
   <input value="https://archiva.apache.org/docs/3.0.0-SNAPSHOT/" name="sitesearch" type="hidden"/>
   <input class="search-query" name="q" id="query" type="text" />
 </form>
 <script>asyncJs( 'https://cse.google.com/brand?form=search-form' )</script>
             <div id="poweredBy">
               <div class="clear"></div>
     <div id="twitter" style="border:none; margin-top: 10px">
     <a href="https://twitter.com/archiva" class="twitter-follow-button" data-show-count="false" data-align="left" data-size="medium" data-show-screen-name="true" data-lang="en">Follow archiva</a>
     <script>!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0];if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src="//platform.twitter.com/widgets.js";fjs.parentNode.insertBefore(js,fjs);}}(document,"script","twitter-wjs");</script>
     </div>
               <div class="clear"></div>
               <div class="clear"></div>
 <a href="http://maven.apache.org/" title="Built by Maven" class="poweredBy"><img class="builtBy" alt="Built by Maven" src="../images/logos/maven-feather.png" /></a>
             </div>
           </div>
         </header>
         <main id="bodyColumn"  class="span10" >
 <section>
 <h2><a name="Archiva_Security_Configuration"></a>Archiva Security Configuration</h2>
 <p>Security properties and password rules are configured now in the Redback Runtime Configuration properties (see <a href="./redback-runtime-configuration.html#Runtime_properties">Redback Runtime Configuration</a>).</p>
 <p>The Redback Runtime Configuration properties are stored in <code>archiva.xml</code>. The former <code>security.properties</code> file, if it exists, is only used once for populating the Runtime Configuration settings. After that, this file will be ignored.</p>
 <p>These are the default properties. The file can be found in in Redback's svn repo: <a class="externalLink" href="http://svn.apache.org/repos/asf/archiva/redback/redback-core/trunk/redback-configuration/src/main/resources/org/apache/archiva/redback/config-defaults.properties"> config-defaults.properties</a></p>
 <div class="source"><pre class="prettyprint"># Licensed to the Apache Software Foundation (ASF) under one
 # or more contributor license agreements.  See the NOTICE file
 # distributed with this work for additional information
 # regarding copyright ownership.  The ASF licenses this file
 # to you under the Apache License, Version 2.0 (the
 # &quot;License&quot;); you may not use this file except in compliance
 # with the License.  You may obtain a copy of the License at
 #
 #   http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing,
 # software distributed under the License is distributed on an
 # &quot;AS IS&quot; BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 # KIND, either express or implied.  See the License for the
 # specific language governing permissions and limitations
 # under the License.

 # --------------------------------------------------------------------
 # Application Configuration

 application.timestamp=EEE d MMM yyyy HH:mm:ss Z

 # --------------------------------------------------------------------
 # JDBC Setup

 #jdbc.driver.name=org.apache.derby.jdbc.EmbeddedDriver
 #jdbc.url=jdbc:derby:memory:users-tests;create=true

 jdbc.driver.name=org.hsqldb.jdbcDriver
 jdbc.url=jdbc:hsqldb:mem:redback-test

 jdbc.username=sa
 jdbc.password=

 # --------------------------------------------------------------------
 # Email Settings

 email.jndiSessionName=java:comp/env/mail/Session
 email.smtp.host=localhost
 email.smtp.port=25
 email.smtp.ssl.enabled=false
 email.smtp.tls.enabled=false
 email.smtp.username=
 email.smtp.password=

 #TODO: move description elsewhere, remove bad default
 # All emails sent by the system will be from the following address
 #email.from.address=${user.name}@localhost
 # All emails sent by the system will be from the following user name (used in conjunction with address)
 #email.from.name=Unconfigured Username

 # If all email addresses (from new user registration) require an account validation email.
 email.validation.required=true
 # Timeout (in minutes) for the key generated for an email validation to remain valid.
 # 2880 minutes = 48 hours
 email.validation.timeout=2880
 # The subject line for the email message.
 email.validation.subject=Welcome

 #TODO: move description elsewhere, remove bad default
 # Get the Feedback to use for any outgoing emails.
 # NOTE: if feedback.path starts with a &quot;/&quot; it is appended to the end of the value provided in application.url
 # This value can be in the format/syntax of &quot;/feedback.action&quot; or even &quot;mailto:feedback@application.com&quot;
 #email.feedback.path=/feedback.action

 #Set the application base URL. The default is to derive it from the HTTP request
 #application.url=http://myurl.mycompany.com

 # --------------------------------------------------------------------
 # Auto Login Settings

 security.rememberme.enabled=true
 # Timeout in days ( 365 days = 1 year )
 security.rememberme.timeout=365
 security.rememberme.path=/
 security.rememberme.domain=
 security.rememberme.secure=false

 # Single Sign On
 # Timeout in minutes
 security.signon.timeout=30

 # --------------------------------------------------------------------
 # Default Username Values
 redback.default.admin=admin
 redback.default.guest=guest

 # --------------------------------------------------------------------
 # Security Policies

 #security.policy.password.encoder=
 security.policy.password.previous.count=6
 security.policy.password.expiration.enabled=true
 security.policy.password.expiration.days=90
 security.policy.password.expiration.notify.days=10
 security.policy.allowed.login.attempt=10

 # turn off the perclick enforcement of various security policies, slightly
 # more heavyweight since it will ensure that the User object on each click
 # is up to date
 security.policy.strict.enforcement.enabled=true
 security.policy.strict.force.password.change.enabled=true

 # --------------------------------------------------------------------
 # Password Rules
 security.policy.password.rule.alphanumeric.enabled=false
 security.policy.password.rule.alphacount.enabled=true
 security.policy.password.rule.alphacount.minimum=1
 security.policy.password.rule.characterlength.enabled=true
 security.policy.password.rule.characterlength.minimum=1
 security.policy.password.rule.characterlength.maximum=24
 security.policy.password.rule.musthave.enabled=true
 security.policy.password.rule.numericalcount.enabled=true
 security.policy.password.rule.numericalcount.minimum=1
 security.policy.password.rule.reuse.enabled=true
 security.policy.password.rule.nowhitespace.enabled=true

 # --------------------------------------------------------------------
 # ldap settings
 #
 ldap.bind.authenticator.enabled=false

 # ldap options for configuration via properties file
 #ldap.config.hostname=
 #ldap.config.port=
 #ldap.config.base.dn=
 #ldap.config.context.factory=
 #ldap.config.bind.dn=
 #ldap.config.password=
 #ldap.config.authentication.method=

 # config parameter for the ConfigurableUserManager
 user.manager.impl=jpa


 # REST security settings

 # Cross Site Request Forgery (CSRF) Prevention
 # --------------------------------------------
 # Enable/Disable CSRF filtering.
 # Possible values: true, false
 rest.csrffilter.enabled=true
 # Base URL used to verify the origin headers of the requests. If not set or empty
 # it tries to determine the base url automatically
 rest.baseUrl=
 # What to do, if the request contains no Origin or Referer header.
 # If true, requests without Origin or Referer Header are denied, otherwise accepted.
 # Possible values: true, false
 rest.csrffilter.absentorigin.deny=true
 # Enable/Disable the token validation only.
 # If true, the validation of the CSRF tokens will be disabled.
 # Possible values: true, false
 rest.csrffilter.disableTokenValidation=false


 # Configuration for JWT authentication
 authentication.jwt.keystoreType=memory
 authentication.jwt.signatureAlgorithm=HS384
 authentication.jwt.keyfile=jwt-key.xml
 authentication.jwt.maxInMemoryKeys=5
 </pre></div>
 <p><b>Note:</b> If installed standalone, Archiva's list of configuration files is <i>itself</i> configurable, and can be found in: <code>apps/archiva/WEB-INF/applicationContext.xml</code></p>
 <p>Values from sources</p>
 <div class="source"><pre class="prettyprint">&lt;bean name=&quot;commons-configuration&quot; class=&quot;org.apache.archiva.components.registry.commons.CommonsConfigurationRegistry&quot;
   init-method=&quot;initialize&quot;&gt;
   &lt;property name=&quot;initialConfiguration&quot;&gt;
     &lt;value&gt;
       &lt;![CDATA[
       &lt;configuration&gt;
         &lt;system/&gt;
         &lt;jndi prefix=&quot;java:comp/env&quot; config-optional=&quot;true&quot;/&gt;
         &lt;xml fileName=&quot;${appserver.base}/conf/archiva.xml&quot; config-optional=&quot;true&quot;
              config-name=&quot;org.apache.archiva.base&quot;
              config-at=&quot;org.apache.archiva&quot;/&gt;
         &lt;xml fileName=&quot;${appserver.base}/conf/shared.xml&quot; config-optional=&quot;true&quot;
              config-name=&quot;org.apache.maven.shared.app.base&quot; config-at=&quot;org.apache.maven.shared.app&quot;/&gt;
         &lt;xml fileName=&quot;${appserver.base}/conf/common.xml&quot; config-optional=&quot;true&quot;/&gt;
         &lt;properties fileName=&quot;${appserver.base}/conf/security.properties&quot; config-optional=&quot;true&quot;
                     config-at=&quot;org.apache.archiva.redback&quot;/&gt;
         &lt;xml fileName=&quot;${appserver.home}/conf/archiva.xml&quot; config-optional=&quot;true&quot;
              config-at=&quot;org.apache.archiva&quot;/&gt;
         &lt;xml fileName=&quot;${appserver.home}/conf/shared.xml&quot; config-optional=&quot;true&quot;
              config-at=&quot;org.apache.maven.shared.app&quot;/&gt;
         &lt;xml fileName=&quot;${appserver.home}/conf/common.xml&quot; config-optional=&quot;true&quot;/&gt;
         &lt;properties fileName=&quot;${appserver.home}/conf/security.properties&quot; config-optional=&quot;true&quot;
                     config-at=&quot;org.apache.archiva.redback&quot;/&gt;
         &lt;properties fileName=&quot;org/apache/archiva/redback-security.properties&quot; config-at=&quot;org.apache.archiva.redback&quot;/&gt;
       &lt;/configuration&gt;
       ]]&gt;
     &lt;/value&gt;
   &lt;/property&gt;
 &lt;/bean&gt;
 </pre></div></section>
         </main>
       </div>
     </div>
     <hr/>
     <footer>
       <div class="container-fluid">
         <div class="row-fluid">
 <div class="row">
       <div class="span6 offset1">Apache Archiva, Archiva, Apache, the Apache feather logo, and the Apache Archiva project logos are trademarks of The Apache Software Foundation.</div>
       </div>
       <div class="row">
         &nbsp;
       </div>
       <div class="row">
       <div class="span6 offset2">
       <p>
         <a href="https://archiva.apache.org/docs/3.0.0-SNAPSHOT/privacy-policy.html">Privacy Policy</a>
         </p>
       </div>
       </div>
         </div>
       </div>
     </footer>
 <script>
 	if(anchors) {
 	  anchors.add();
 	}
 </script>
   </body>
 </html>
	<!DOCTYPE html>


	<!--
	\| Generated by Apache Maven Doxia Site Renderer 1.11.1 from src/site/apt/adminguide/customising-security.apt
	\| Rendered using Apache Maven Fluido Skin 1.11.0
	-->
	<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
	<head>
	<meta charset="UTF-8" />
	<meta name="viewport" content="width=device-width, initial-scale=1" />
	<meta name="generator" content="Apache Maven Doxia Site Renderer 1.11.1" />
	<meta name="date" content="2011-09-16" />
	<title>Archiva Documentation – Archiva Security Configuration</title>
	<link rel="stylesheet" href="../css/apache-maven-fluido-1.11.0.min.css" />
	<link rel="stylesheet" href="../css/site.css" />
	<link rel="stylesheet" href="../css/print.css" media="print" />
	<script src="../js/apache-maven-fluido-1.11.0.min.js"></script>
	<!-- Google Analytics -->
	<script>
	(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]\|\|function(){
	(i[r].q=i[r].q\|\|[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
	m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
	})(window,document,'script','//www.google-analytics.com/analytics.js','ga');
	ga('create', 'UA-140879-5', 'auto');
	ga('send', 'pageview');
	ga('set', 'anonymizeIp', true);
	ga('set', 'forceSSL', true);
	</script>

	<!-- Matomo -->
	<script>
	var _paq = window._paq = window._paq \|\| [];
	_paq.push(['disableCookies']);
	_paq.push(['trackPageView']);
	_paq.push(['enableLinkTracking']);

	(function() {
	var u="https://analytics.apache.org";
	_paq.push(['setTrackerUrl', u+'/matomo.php']);
	_paq.push(['setSiteId', '10']);
	var d=document, g=d.createElement('script'), s=d.getElementsByTagName('script')[0];
	g.async=true; g.src=u+'/matomo.js'; s.parentNode.insertBefore(g,s);
	})();
	</script>
	<!-- End Matomo Code -->
	</head>
	<body class="topBarDisabled">
	<a href="https://github.com/apache/archiva">
	<img style="position: absolute; top: 0; right: 0; border: 0; z-index: 10000;"
	src="https://s3.amazonaws.com/github/ribbons/forkme_right_gray_6d6d6d.png"
	alt="Fork me on GitHub">
	</a>
	<div class="container-fluid">
	<header>
	<div id="banner">
	<div class="pull-left"><a href="http://archiva.apache.org/" id="bannerLeft"><img src="http://archiva.apache.org/images/archiva.png" alt="Apache Archiva" style="" /></a></div>
	<div class="pull-right"><a href="https://www.apache.org/" id="bannerRight"><img src="https://www.apache.org/images/asf_logo_wide_2016.png" alt="Apache Software Foundation" style="" /></a></div>
	<div class="clear"><hr/></div>
	</div>

	<div id="breadcrumbs">
	<ul class="breadcrumb">
	<li class=""><a href="https://www.apache.org" class="externalLink" title="Apache">Apache</a><span class="divider">/</span></li>
	<li class=""><a href="../../../index.html" title="Archiva">Archiva</a><span class="divider">/</span></li>
	<li class=""><a href="../index.html" title="Archiva Documentation">Archiva Documentation</a><span class="divider">/</span></li>
	<li class="active ">Archiva Security Configuration</li>
	<li id="publishDate" class="pull-right"><span class="divider">\|</span> Last Published: 2022-07-25</li>
	<li id="projectVersion" class="pull-right">Version: 3.0.0-SNAPSHOT</li>
	</ul>
	</div>
	</header>
	<div class="row-fluid">
	<header id="leftColumn" class="span2">
	<nav class="well sidebar-nav">
	<ul class="nav nav-list">
	<li class="nav-header">Introduction</li>
	<li><a href="../quick-start.html" title="Quick Start"><span class="none"></span>Quick Start</a></li>
	<li><a href="../tour/index.html" title="Feature Tour"><span class="none"></span>Feature Tour</a></li>
	<li><a href="../release-notes.html" title="Release Notes"><span class="none"></span>Release Notes</a></li>
	<li><a href="../../../download.html" title="Downloads"><span class="none"></span>Downloads</a></li>
	<li class="nav-header">Users Guide</li>
	<li><a href="../userguide/browsing.html" title="Browsing"><span class="none"></span>Browsing</a></li>
	<li><a href="../userguide/searching.html" title="Searching"><span class="none"></span>Searching</a></li>
	<li><a href="../userguide/delete-artifact.html" title="Deleting an Artifact"><span class="none"></span>Deleting an Artifact</a></li>
	<li><a href="../userguide/using-repository.html" title="Using as a repository"><span class="none"></span>Using as a repository</a></li>
	<li><a href="../userguide/deploy.html" title="Deploying to repository"><span class="none"></span>Deploying to repository</a></li>
	<li><a href="../userguide/virtual-repositories.html" title="Configuring Virtual Repositories"><span class="none"></span>Configuring Virtual Repositories</a></li>
	<li><a href="../userguide/rss.html" title="Rss Feeds in Archiva"><span class="none"></span>Rss Feeds in Archiva</a></li>
	<li><a href="../userguide/querying-artifacts.html" title="Querying Artifacts"><span class="none"></span>Querying Artifacts</a></li>
	<li class="nav-header">Administrators Guide</li>
	<li><a href="../adminguide/installing.html" title="Installing Archiva"><span class="icon-chevron-right"></span>Installing Archiva</a></li>
	<li><a href="../adminguide/databases.html" title="Databases"><span class="none"></span>Databases</a></li>
	<li><a href="../adminguide/repositories-content-storage.html" title="Repositories Content Storage"><span class="none"></span>Repositories Content Storage</a></li>
	<li><a href="../adminguide/security.html" title="Security"><span class="icon-chevron-down"></span>Security</a>
	<ul class="nav nav-list">
	<li><a href="../adminguide/users.html" title="Users"><span class="none"></span>Users</a></li>
	<li><a href="../adminguide/roles.html" title="Roles"><span class="none"></span>Roles</a></li>
	<li class="active"><a><span class="none"></span>Customising</a></li>
	</ul></li>
	<li><a href="../adminguide/configuration.html" title="Archiva Configuration"><span class="icon-chevron-right"></span>Archiva Configuration</a></li>
	<li><a href="../adminguide/webservices/rest.html" title="REST Apis"><span class="none"></span>REST Apis</a></li>
	<li><a href="../adminguide/configuration-files.html" title="Configuration Files"><span class="none"></span>Configuration Files</a></li>
	<li><a href="../adminguide/system-status.html" title="System Status"><span class="none"></span>System Status</a></li>
	<li><a href="../adminguide/logging.html" title="Log Files"><span class="icon-chevron-right"></span>Log Files</a></li>
	<li><a href="../adminguide/reports.html" title="Reports"><span class="none"></span>Reports</a></li>
	<li class="nav-header">Customising Archiva</li>
	<li><a href="../customising/writing-consumer.html" title="Writing a Consumer Plugin"><span class="none"></span>Writing a Consumer Plugin</a></li>
	<li class="nav-header">More Information</li>
	<li><a href="https://cwiki.apache.org/confluence/display/ARCHIVA/Index" class="externalLink" title="Archiva Wiki"><span class="none"></span>Archiva Wiki</a></li>
	<li class="nav-header">ASF</li>
	<li><a href="https://www.apache.org/foundation/how-it-works.html" class="externalLink" title="How Apache Works"><span class="none"></span>How Apache Works</a></li>
	<li><a href="https://www.apache.org/foundation/" class="externalLink" title="Foundation"><span class="none"></span>Foundation</a></li>
	<li><a href="https://www.apache.org/foundation/sponsorship.html" class="externalLink" title="Sponsoring Apache"><span class="none"></span>Sponsoring Apache</a></li>
	<li><a href="https://www.apache.org/foundation/thanks.html" class="externalLink" title="Thanks"><span class="none"></span>Thanks</a></li>
	<li class="nav-header">Project Documentation</li>
	<li><a href="../project-info.html" title="Project Information"><span class="icon-chevron-right"></span>Project Information</a></li>
	</ul>
	</nav>
	<div class="well sidebar-nav">
	<form id="search-form" action="https://www.google.com/search" method="get" >
	<input value="https://archiva.apache.org/docs/3.0.0-SNAPSHOT/" name="sitesearch" type="hidden"/>
	<input class="search-query" name="q" id="query" type="text" />
	</form>
	<script>asyncJs( 'https://cse.google.com/brand?form=search-form' )</script>
	<div id="poweredBy">
	<div class="clear"></div>
	<div id="twitter" style="border:none; margin-top: 10px">
	<a href="https://twitter.com/archiva" class="twitter-follow-button" data-show-count="false" data-align="left" data-size="medium" data-show-screen-name="true" data-lang="en">Follow archiva</a>
	<script>!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0];if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src="//platform.twitter.com/widgets.js";fjs.parentNode.insertBefore(js,fjs);}}(document,"script","twitter-wjs");</script>
	</div>
	<div class="clear"></div>
	<div class="clear"></div>
	<a href="http://maven.apache.org/" title="Built by Maven" class="poweredBy"><img class="builtBy" alt="Built by Maven" src="../images/logos/maven-feather.png" /></a>
	</div>
	</div>
	</header>
	<main id="bodyColumn" class="span10" >
	<section>
	<h2><a name="Archiva_Security_Configuration"></a>Archiva Security Configuration</h2>
	<p>Security properties and password rules are configured now in the Redback Runtime Configuration properties (see <a href="./redback-runtime-configuration.html#Runtime_properties">Redback Runtime Configuration</a>).</p>
	<p>The Redback Runtime Configuration properties are stored in <code>archiva.xml</code>. The former <code>security.properties</code> file, if it exists, is only used once for populating the Runtime Configuration settings. After that, this file will be ignored.</p>
	<p>These are the default properties. The file can be found in in Redback's svn repo: <a class="externalLink" href="http://svn.apache.org/repos/asf/archiva/redback/redback-core/trunk/redback-configuration/src/main/resources/org/apache/archiva/redback/config-defaults.properties"> config-defaults.properties</a></p>
	<div class="source"><pre class="prettyprint"># Licensed to the Apache Software Foundation (ASF) under one
	# or more contributor license agreements. See the NOTICE file
	# distributed with this work for additional information
	# regarding copyright ownership. The ASF licenses this file
	# to you under the Apache License, Version 2.0 (the
	# "License"); you may not use this file except in compliance
	# with the License. You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing,
	# software distributed under the License is distributed on an
	# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	# KIND, either express or implied. See the License for the
	# specific language governing permissions and limitations
	# under the License.

	# --------------------------------------------------------------------
	# Application Configuration

	application.timestamp=EEE d MMM yyyy HH:mm:ss Z

	# --------------------------------------------------------------------
	# JDBC Setup

	#jdbc.driver.name=org.apache.derby.jdbc.EmbeddedDriver
	#jdbc.url=jdbc:derby:memory:users-tests;create=true

	jdbc.driver.name=org.hsqldb.jdbcDriver
	jdbc.url=jdbc:hsqldb:mem:redback-test

	jdbc.username=sa
	jdbc.password=

	# --------------------------------------------------------------------
	# Email Settings

	email.jndiSessionName=java:comp/env/mail/Session
	email.smtp.host=localhost
	email.smtp.port=25
	email.smtp.ssl.enabled=false
	email.smtp.tls.enabled=false
	email.smtp.username=
	email.smtp.password=

	#TODO: move description elsewhere, remove bad default
	# All emails sent by the system will be from the following address
	#email.from.address=${user.name}@localhost
	# All emails sent by the system will be from the following user name (used in conjunction with address)
	#email.from.name=Unconfigured Username

	# If all email addresses (from new user registration) require an account validation email.
	email.validation.required=true
	# Timeout (in minutes) for the key generated for an email validation to remain valid.
	# 2880 minutes = 48 hours
	email.validation.timeout=2880
	# The subject line for the email message.
	email.validation.subject=Welcome

	#TODO: move description elsewhere, remove bad default
	# Get the Feedback to use for any outgoing emails.
	# NOTE: if feedback.path starts with a "/" it is appended to the end of the value provided in application.url
	# This value can be in the format/syntax of "/feedback.action" or even "mailto:feedback@application.com"
	#email.feedback.path=/feedback.action

	#Set the application base URL. The default is to derive it from the HTTP request
	#application.url=http://myurl.mycompany.com

	# --------------------------------------------------------------------
	# Auto Login Settings

	security.rememberme.enabled=true
	# Timeout in days ( 365 days = 1 year )
	security.rememberme.timeout=365
	security.rememberme.path=/
	security.rememberme.domain=
	security.rememberme.secure=false

	# Single Sign On
	# Timeout in minutes
	security.signon.timeout=30

	# --------------------------------------------------------------------
	# Default Username Values
	redback.default.admin=admin
	redback.default.guest=guest

	# --------------------------------------------------------------------
	# Security Policies

	#security.policy.password.encoder=
	security.policy.password.previous.count=6
	security.policy.password.expiration.enabled=true
	security.policy.password.expiration.days=90
	security.policy.password.expiration.notify.days=10
	security.policy.allowed.login.attempt=10

	# turn off the perclick enforcement of various security policies, slightly
	# more heavyweight since it will ensure that the User object on each click
	# is up to date
	security.policy.strict.enforcement.enabled=true
	security.policy.strict.force.password.change.enabled=true

	# --------------------------------------------------------------------
	# Password Rules
	security.policy.password.rule.alphanumeric.enabled=false
	security.policy.password.rule.alphacount.enabled=true
	security.policy.password.rule.alphacount.minimum=1
	security.policy.password.rule.characterlength.enabled=true
	security.policy.password.rule.characterlength.minimum=1
	security.policy.password.rule.characterlength.maximum=24
	security.policy.password.rule.musthave.enabled=true
	security.policy.password.rule.numericalcount.enabled=true
	security.policy.password.rule.numericalcount.minimum=1
	security.policy.password.rule.reuse.enabled=true
	security.policy.password.rule.nowhitespace.enabled=true

	# --------------------------------------------------------------------
	# ldap settings
	#
	ldap.bind.authenticator.enabled=false

	# ldap options for configuration via properties file
	#ldap.config.hostname=
	#ldap.config.port=
	#ldap.config.base.dn=
	#ldap.config.context.factory=
	#ldap.config.bind.dn=
	#ldap.config.password=
	#ldap.config.authentication.method=

	# config parameter for the ConfigurableUserManager
	user.manager.impl=jpa


	# REST security settings

	# Cross Site Request Forgery (CSRF) Prevention
	# --------------------------------------------
	# Enable/Disable CSRF filtering.
	# Possible values: true, false
	rest.csrffilter.enabled=true
	# Base URL used to verify the origin headers of the requests. If not set or empty
	# it tries to determine the base url automatically
	rest.baseUrl=
	# What to do, if the request contains no Origin or Referer header.
	# If true, requests without Origin or Referer Header are denied, otherwise accepted.
	# Possible values: true, false
	rest.csrffilter.absentorigin.deny=true
	# Enable/Disable the token validation only.
	# If true, the validation of the CSRF tokens will be disabled.
	# Possible values: true, false
	rest.csrffilter.disableTokenValidation=false


	# Configuration for JWT authentication
	authentication.jwt.keystoreType=memory
	authentication.jwt.signatureAlgorithm=HS384
	authentication.jwt.keyfile=jwt-key.xml
	authentication.jwt.maxInMemoryKeys=5
	</pre></div>
	<p><b>Note:</b> If installed standalone, Archiva's list of configuration files is <i>itself</i> configurable, and can be found in: <code>apps/archiva/WEB-INF/applicationContext.xml</code></p>
	<p>Values from sources</p>
	<div class="source"><pre class="prettyprint"><bean name="commons-configuration" class="org.apache.archiva.components.registry.commons.CommonsConfigurationRegistry"
	init-method="initialize">
	<property name="initialConfiguration">
	<value>
	<![CDATA[
	<configuration>
	<system/>
	<jndi prefix="java:comp/env" config-optional="true"/>
	<xml fileName="${appserver.base}/conf/archiva.xml" config-optional="true"
	config-name="org.apache.archiva.base"
	config-at="org.apache.archiva"/>
	<xml fileName="${appserver.base}/conf/shared.xml" config-optional="true"
	config-name="org.apache.maven.shared.app.base" config-at="org.apache.maven.shared.app"/>
	<xml fileName="${appserver.base}/conf/common.xml" config-optional="true"/>
	<properties fileName="${appserver.base}/conf/security.properties" config-optional="true"
	config-at="org.apache.archiva.redback"/>
	<xml fileName="${appserver.home}/conf/archiva.xml" config-optional="true"
	config-at="org.apache.archiva"/>
	<xml fileName="${appserver.home}/conf/shared.xml" config-optional="true"
	config-at="org.apache.maven.shared.app"/>
	<xml fileName="${appserver.home}/conf/common.xml" config-optional="true"/>
	<properties fileName="${appserver.home}/conf/security.properties" config-optional="true"
	config-at="org.apache.archiva.redback"/>
	<properties fileName="org/apache/archiva/redback-security.properties" config-at="org.apache.archiva.redback"/>
	</configuration>
	]]>
	</value>
	</property>
	</bean>
	</pre></div></section>
	</main>
	</div>
	</div>
	<hr/>
	<footer>
	<div class="container-fluid">
	<div class="row-fluid">
	<div class="row">
	<div class="span6 offset1">Apache Archiva, Archiva, Apache, the Apache feather logo, and the Apache Archiva project logos are trademarks of The Apache Software Foundation.</div>
	</div>
	<div class="row">

	</div>
	<div class="row">
	<div class="span6 offset2">
	<p>
	<a href="https://archiva.apache.org/docs/3.0.0-SNAPSHOT/privacy-policy.html">Privacy Policy</a>
	</p>
	</div>
	</div>
	</div>
	</div>
	</footer>
	<script>
	if(anchors) {
	anchors.add();
	}
	</script>
	</body>
	</html>