| ----- |
| Archiva Security Configuration |
| ----- |
| ----- |
| 2011-09-16 |
| ----- |
| |
| ~~ Licensed to the Apache Software Foundation (ASF) under one |
| ~~ or more contributor license agreements. See the NOTICE file |
| ~~ distributed with this work for additional information |
| ~~ regarding copyright ownership. The ASF licenses this file |
| ~~ to you under the Apache License, Version 2.0 (the |
| ~~ "License"); you may not use this file except in compliance |
| ~~ with the License. You may obtain a copy of the License at |
| ~~ |
| ~~ http://www.apache.org/licenses/LICENSE-2.0 |
| ~~ |
| ~~ Unless required by applicable law or agreed to in writing, |
| ~~ software distributed under the License is distributed on an |
| ~~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| ~~ KIND, either express or implied. See the License for the |
| ~~ specific language governing permissions and limitations |
| ~~ under the License. |
| |
| ~~ NOTE: For help with the syntax of this file, see: |
| ~~ http://maven.apache.org/guides/mini/guide-apt-format.html |
| |
| Archiva Security Configuration |
| |
| Security properties and password rules can be configured in the |
| <<<security.properties>>> file, which by default is searched for in: |
| |
| * <<<~/.m2/security.properties>>> |
| |
| * <<<conf/security.properties>>> in the Archiva installation |
| |
| [] |
| |
| (In the above list, <<<~>>> is the home directory of the user who is running |
| Archiva.) |
| |
| ~~TODO: Link to plexus-redback documentation when available |
| |
| Following are some of the properties you can modify. For a complete list, |
| consult the default properties file in Redback's svn repo: |
| {{{http://svn.apache.org/repos/asf/archiva/redback/redback-core/trunk/redback-configuration/src/main/resources/org/apache/archiva/redback/config-defaults.properties} |
| config-defaults.properties}} |
| |
| +-----+ |
| # Security Policies |
| # ----------------- |
| #security.policy.password.encoder= |
| security.policy.password.previous.count=6 |
| security.policy.password.expiration.days=90 |
| security.policy.password.expiration.enabled=true |
| security.policy.allowed.login.attempt=3 |
| |
| # Password Rules |
| # -------------- |
| security.policy.password.rule.alphanumeric.enabled=false |
| security.policy.password.rule.alphacount.enabled=true |
| security.policy.password.rule.alphacount.minimum=1 |
| security.policy.password.rule.characterlength.enabled=true |
| security.policy.password.rule.characterlength.minimum=1 |
| security.policy.password.rule.characterlength.maximum=8 |
| security.policy.password.rule.musthave.enabled=true |
| security.policy.password.rule.numericalcount.enabled=true |
| security.policy.password.rule.numericalcount.minimum=1 |
| security.policy.password.rule.reuse.enabled=true |
| security.policy.password.rule.nowhitespace.enabled=true |
| |
| # Cross Site Request Forgery (CSRF) Prevention |
| # -------------------------------------------- |
| # Enable/Disable CSRF filtering. |
| # Possible values: true, false |
| rest.csrffilter.enabled=true |
| # Base URL used to verify the origin headers of the requests. If not set or empty |
| # it tries to determine the base url automatically |
| rest.baseUrl= |
| # What to do, if the request contains no Origin or Referer header. |
| # If true, requests without Origin or Referer Header are denied, otherwise accepted. |
| # Possible values: true, false |
| rest.csrffilter.absentorigin.deny=true |
| # Enable/Disable the token validation only. |
| # If true, the validation of the CSRF tokens will be disabled. |
| # Possible values: true, false |
| rest.csrffilter.disableTokenValidation=false |
| +-----+ |
| |
| <<Note:>> If installed standalone, Archiva's list of configuration files is <itself> configurable, and |
| can be found in: |
| <<<apps/archiva/WEB-INF/applicationContext.xml>>> |
| |
| Values from sources |
| |
| %{snippet|id=configuration-files-list|ignoreDownloadError=true|url=https://raw.githubusercontent.com/apache/archiva/master/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/applicationContext.xml} |
| |
| |
| |