| ############################################################################### |
| # Licensed to the Apache Software Foundation (ASF) under one |
| # or more contributor license agreements. See the NOTICE file |
| # distributed with this work for additional information |
| # regarding copyright ownership. The ASF licenses this file |
| # to you under the Apache License, Version 2.0 (the |
| # "License"); you may not use this file except in compliance |
| # with the License. You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, |
| # software distributed under the License is distributed on an |
| # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| # KIND, either express or implied. See the License for the |
| # specific language governing permissions and limitations |
| # under the License. |
| ############################################################################### |
| #### |
| # OFBiz Security Settings |
| #### |
| |
| # -- define the default security context to be user |
| security.context=default |
| |
| # -- define the password restrictions -- |
| password.length.min=5 |
| |
| # -- disable the account after this many logins -- |
| max.failed.logins=3 |
| |
| # -- number of password change to be saved in UserLoginPasswordHistory. |
| # -- passwords saved in history of userLoginId will not be allowed to be reused. |
| # -- 0 to not save history at all |
| password.change.history.limit=0 |
| |
| # -- disable the account for this many minutes (if 0, then indefinate) -- |
| login.disable.minutes=5 |
| |
| # -- disable global logout -- |
| login.disable.global.logout=false |
| |
| # -- store a record for each login attempt? -- |
| store.login.history=true |
| store.login.history.on.service.auth=false |
| store.login.history.incorrect.password=true |
| |
| # -- should we encrypt (SHA Hash) the password? -- |
| password.encrypt=true |
| |
| # -- set requirePasswordChange to true, after emailPassword -- |
| password.email_password.require_password_change=true |
| |
| # -- specify the type of hash to use for one-way encryption, will be passed to java.security.MessageDigest.getInstance() -- |
| # -- options may include: SHA, MD5, etc |
| password.encrypt.hash.type=SHA |
| |
| # -- this is helpful to recover old accounts or to be able to login at all sometimes -- |
| # -- SHOULD GENERALLY NOT BE TRUE FOR PRODUCTION SITES, but is useful for interim periods when going to password encryption -- |
| password.accept.encrypted.and.plain=false |
| |
| # -- should we convert usernames and passwords to lowercase? (useful for case insensitive usernames and passwords) -- |
| username.lowercase=false |
| password.lowercase=false |
| |
| # -- Use LDAP for user authentication? -- |
| security.ldap.enable=false |
| |
| # -- Fail login if LDAP authentication fails? -- |
| security.ldap.fail.login=false |
| |
| # -- should we allow x509 certificate login |
| security.login.cert.allow=true |
| |
| # -- HTTP header based ID (for integrations; uncomment to enable) |
| #security.login.http.header=REMOTE_USER |
| |
| # -- HttpServletRequest.getRemoteUser() based ID (for integration; uncomment to enable) |
| # Use for external authentication solutions like CAS which overload the getRemoteUser method. |
| #security.login.http.servlet.remoteuserlogin.allow=true |
| |
| # -- pattern for the userlogin id in CN section of certificate |
| security.login.cert.pattern=^(\\w*\\s?\\w*)\\W*.*$ |
| |
| # -- Hours after which EmailAdressVerification should expire |
| email_verification.expire.hours=48 |
| |
| # -- Name of the protect-view preprocessor method (this should not change, but in case...) |
| protect-view.preprocessor=java.org.ofbiz.webapp.control.ProtectViewWorker.checkProtectedView |
| |
| # -- Name of the default error response view for protected views ("none:" will be rendered as a blank page, see RequestHandler.java) |
| #default.error.response.view=none: |
| default.error.response.view=view:viewBlocked |