This repository has been archived by the owner on Apr 25, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 3
/
customising-security.html
324 lines (297 loc) · 18 KB
/
customising-security.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
<!DOCTYPE html>
<!--
| Generated by Apache Maven Doxia Site Renderer 1.7.4
| Rendered using Apache Maven Fluido Skin 1.6
-->
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<meta name="Date-Creation-yyyymmdd" content="20110916" />
<meta http-equiv="Content-Language" content="en" />
<title>Archiva Documentation – Archiva Security Configuration</title>
<link rel="stylesheet" href="../css/apache-maven-fluido-1.6.min.css" />
<link rel="stylesheet" href="../css/site.css" />
<link rel="stylesheet" href="../css/print.css" media="print" />
<script type="text/javascript" src="../js/apache-maven-fluido-1.6.min.js"></script>
<!-- Google Analytics -->
<script type="text/javascript">
var _gaq = _gaq || [];
_gaq.push(['_setAccount', 'UA-140879-5']);
_gaq.push(['_trackPageview']);
(function() {
var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
})();
</script>
</head>
<body class="topBarDisabled">
<div class="container-fluid">
<div id="banner">
<div class="pull-left"><a href="../../../" id="bannerLeft"><img src="../../../images/archiva.png" alt="Apache Archiva"/></a></div>
<div class="pull-right"><a href="http://www.apache.org/" id="bannerRight"><img src="https://www.apache.org/images/asf_logo_wide_2016.png" alt="Apache Software Foundation"/></a></div>
<div class="clear"><hr/></div>
</div>
<div id="breadcrumbs">
<ul class="breadcrumb">
<li class=""><a href="http://www.apache.org/" class="externalLink" title="Apache">Apache</a><span class="divider">/</span></li>
<li class=""><a href="../index.html" title="Apache Archiva">Apache Archiva</a><span class="divider">/</span></li>
<li class=""><a href="../../../index.html" title="Apache Archiva">Apache Archiva</a><span class="divider">/</span></li>
<li class="active ">Archiva Security Configuration</li>
<li id="publishDate" class="pull-right"><span class="divider">|</span> Last Published: 2018-11-03</li>
<li id="projectVersion" class="pull-right">Version: 3.0.0-SNAPSHOT</li>
</ul>
</div>
<div class="row-fluid">
<div id="leftColumn" class="span2">
<div class="well sidebar-nav">
<ul class="nav nav-list">
<li class="nav-header">Introduction</li>
<li><a href="../quick-start.html" title="Quick Start"><span class="none"></span>Quick Start</a> </li>
<li><a href="../tour/index.html" title="Feature Tour"><span class="none"></span>Feature Tour</a> </li>
<li><a href="../release-notes.html" title="Release Notes"><span class="none"></span>Release Notes</a> </li>
<li><a href="../../../download.html" title="Downloads"><span class="none"></span>Downloads</a> </li>
<li class="nav-header">Users Guide</li>
<li><a href="../userguide/browsing.html" title="Browsing"><span class="none"></span>Browsing</a> </li>
<li><a href="../userguide/searching.html" title="Searching"><span class="none"></span>Searching</a> </li>
<li><a href="../userguide/delete-artifact.html" title="Deleting an Artifact"><span class="none"></span>Deleting an Artifact</a> </li>
<li><a href="../userguide/using-repository.html" title="Using as a repository"><span class="none"></span>Using as a repository</a> </li>
<li><a href="../userguide/deploy.html" title="Deploying to repository"><span class="none"></span>Deploying to repository</a> </li>
<li><a href="../userguide/virtual-repositories.html" title="Configuring Virtual Repositories"><span class="none"></span>Configuring Virtual Repositories</a> </li>
<li><a href="../userguide/rss.html" title="Rss Feeds in Archiva"><span class="none"></span>Rss Feeds in Archiva</a> </li>
<li><a href="../userguide/querying-artifacts.html" title="Querying Artifacts"><span class="none"></span>Querying Artifacts</a> </li>
<li class="nav-header">Administrators Guide</li>
<li><a href="../adminguide/installing.html" title="Installing Archiva"><span class="icon-chevron-right"></span>Installing Archiva</a> </li>
<li><a href="../adminguide/databases.html" title="Databases"><span class="none"></span>Databases</a> </li>
<li><a href="../adminguide/repositories-content-storage.html" title="Repositories Content Storage"><span class="none"></span>Repositories Content Storage</a> </li>
<li><a href="../adminguide/security.html" title="Security"><span class="icon-chevron-down"></span>Security</a>
<ul class="nav nav-list">
<li><a href="../adminguide/users.html" title="Users"><span class="none"></span>Users</a> </li>
<li><a href="../adminguide/roles.html" title="Roles"><span class="none"></span>Roles</a> </li>
<li class="active"><a href="#"><span class="none"></span>Customising</a>
</li>
</ul>
</li>
<li><a href="../adminguide/configuration.html" title="Archiva Configuration"><span class="icon-chevron-right"></span>Archiva Configuration</a> </li>
<li><a href="../adminguide/webservices/rest.html" title="REST Apis"><span class="none"></span>REST Apis</a> </li>
<li><a href="../adminguide/configuration-files.html" title="Configuration Files"><span class="none"></span>Configuration Files</a> </li>
<li><a href="../adminguide/system-status.html" title="System Status"><span class="none"></span>System Status</a> </li>
<li><a href="../adminguide/logging.html" title="Log Files"><span class="icon-chevron-right"></span>Log Files</a> </li>
<li><a href="../adminguide/reports.html" title="Reports"><span class="none"></span>Reports</a> </li>
<li class="nav-header">Customising Archiva</li>
<li><a href="../customising/writing-consumer.html" title="Writing a Consumer Plugin"><span class="none"></span>Writing a Consumer Plugin</a> </li>
<li class="nav-header">More Information</li>
<li><a href="http://cwiki.apache.org/confluence/display/ARCHIVA/Index" class="externalLink" title="Archiva Wiki"><span class="none"></span>Archiva Wiki</a> </li>
<li class="nav-header">ASF</li>
<li><a href="http://www.apache.org/foundation/how-it-works.html" class="externalLink" title="How Apache Works"><span class="none"></span>How Apache Works</a> </li>
<li><a href="http://www.apache.org/foundation/" class="externalLink" title="Foundation"><span class="none"></span>Foundation</a> </li>
<li><a href="http://www.apache.org/foundation/sponsorship.html" class="externalLink" title="Sponsoring Apache"><span class="none"></span>Sponsoring Apache</a> </li>
<li><a href="http://www.apache.org/foundation/thanks.html" class="externalLink" title="Thanks"><span class="none"></span>Thanks</a> </li>
<li class="nav-header">Project Documentation</li>
<li><a href="../project-info.html" title="Project Information"><span class="icon-chevron-right"></span>Project Information</a> </li>
</ul>
<form id="search-form" action="https://www.google.com/search" method="get" >
<input value="http://archiva.apache.org/docs/3.0.0-SNAPSHOT/" name="sitesearch" type="hidden"/>
<input class="search-query" name="q" id="query" type="text" />
</form>
<script type="text/javascript">asyncJs( 'https://cse.google.com/brand?form=search-form' )</script>
<hr />
<div id="poweredBy">
<div class="clear"></div>
<div class="clear"></div>
<div id="twitter">
<a href="https://twitter.com/archiva" class="twitter-follow-button" data-show-count="false" data-align="left" data-size="medium" data-show-screen-name="true" data-lang="en">Follow archiva</a>
<script type="text/javascript">!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0];if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src="//platform.twitter.com/widgets.js";fjs.parentNode.insertBefore(js,fjs);}}(document,"script","twitter-wjs");</script>
</div>
<div class="clear"></div>
<div class="clear"></div>
<a href="http://maven.apache.org/" title="Built by Maven" class="poweredBy"><img class="builtBy" alt="Built by Maven" src="../images/logos/maven-feather.png" /></a>
</div>
</div>
</div>
<div id="bodyColumn" class="span10" >
<div class="section">
<h2><a name="Archiva_Security_Configuration"></a>Archiva Security Configuration</h2>
<p>Security properties and password rules are configured now in the Redback Runtime Configuration properties (see <a href="./redback-runtime-configuration.html#Runtime_properties">Redback Runtime Configuration</a>).</p>
<p>The Redback Runtime Configuration properties are stored in <tt>archiva.xml</tt>. The former <tt>security.properties</tt> file, if it exists, is only used once for populating the Runtime Configuration settings. After that, this file will be ignored.</p>
<p>These are the default properties. The file can be found in in Redback's svn repo: <a class="externalLink" href="http://svn.apache.org/repos/asf/archiva/redback/redback-core/trunk/redback-configuration/src/main/resources/org/apache/archiva/redback/config-defaults.properties"> config-defaults.properties</a></p>
<div class="source"><pre class="prettyprint"># Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
# --------------------------------------------------------------------
# Application Configuration
application.timestamp=EEE d MMM yyyy HH:mm:ss Z
# --------------------------------------------------------------------
# JDBC Setup
#jdbc.driver.name=org.apache.derby.jdbc.EmbeddedDriver
#jdbc.url=jdbc:derby:memory:users-tests;create=true
jdbc.driver.name=org.hsqldb.jdbcDriver
jdbc.url=jdbc:hsqldb:mem:redback-test
jdbc.username=sa
jdbc.password=
# --------------------------------------------------------------------
# Email Settings
email.jndiSessionName=java:comp/env/mail/Session
email.smtp.host=localhost
email.smtp.port=25
email.smtp.ssl.enabled=false
email.smtp.tls.enabled=false
email.smtp.username=
email.smtp.password=
#TODO: move description elsewhere, remove bad default
# All emails sent by the system will be from the following address
#email.from.address=${user.name}@localhost
# All emails sent by the system will be from the following user name (used in conjunction with address)
#email.from.name=Unconfigured Username
# If all email addresses (from new user registration) require an account validation email.
email.validation.required=true
# Timeout (in minutes) for the key generated for an email validation to remain valid.
# 2880 minutes = 48 hours
email.validation.timeout=2880
# The subject line for the email message.
email.validation.subject=Welcome
#TODO: move description elsewhere, remove bad default
# Get the Feedback to use for any outgoing emails.
# NOTE: if feedback.path starts with a "/" it is appended to the end of the value provided in application.url
# This value can be in the format/syntax of "/feedback.action" or even "mailto:feedback@application.com"
#email.feedback.path=/feedback.action
#Set the application base URL. The default is to derive it from the HTTP request
#application.url=http://myurl.mycompany.com
# --------------------------------------------------------------------
# Auto Login Settings
security.rememberme.enabled=true
# Timeout in days ( 365 days = 1 year )
security.rememberme.timeout=365
security.rememberme.path=/
security.rememberme.domain=
security.rememberme.secure=false
# Single Sign On
# Timeout in minutes
security.signon.timeout=30
# --------------------------------------------------------------------
# Default Username Values
redback.default.admin=admin
redback.default.guest=guest
# --------------------------------------------------------------------
# Security Policies
#security.policy.password.encoder=
security.policy.password.previous.count=6
security.policy.password.expiration.enabled=true
security.policy.password.expiration.days=90
security.policy.password.expiration.notify.days=10
security.policy.allowed.login.attempt=10
# turn off the perclick enforcement of various security policies, slightly
# more heavyweight since it will ensure that the User object on each click
# is up to date
security.policy.strict.enforcement.enabled=true
security.policy.strict.force.password.change.enabled=true
# --------------------------------------------------------------------
# Password Rules
security.policy.password.rule.alphanumeric.enabled=false
security.policy.password.rule.alphacount.enabled=true
security.policy.password.rule.alphacount.minimum=1
security.policy.password.rule.characterlength.enabled=true
security.policy.password.rule.characterlength.minimum=1
security.policy.password.rule.characterlength.maximum=24
security.policy.password.rule.musthave.enabled=true
security.policy.password.rule.numericalcount.enabled=true
security.policy.password.rule.numericalcount.minimum=1
security.policy.password.rule.reuse.enabled=true
security.policy.password.rule.nowhitespace.enabled=true
# --------------------------------------------------------------------
# ldap settings
#
ldap.bind.authenticator.enabled=false
# ldap options for configuration via properties file
#ldap.config.hostname=
#ldap.config.port=
#ldap.config.base.dn=
#ldap.config.context.factory=
#ldap.config.bind.dn=
#ldap.config.password=
#ldap.config.authentication.method=
# config parameter for the ConfigurableUserManager
user.manager.impl=jpa
# REST security settings
# Cross Site Request Forgery (CSRF) Prevention
# --------------------------------------------
# Enable/Disable CSRF filtering.
# Possible values: true, false
rest.csrffilter.enabled=true
# Base URL used to verify the origin headers of the requests. If not set or empty
# it tries to determine the base url automatically
rest.baseUrl=
# What to do, if the request contains no Origin or Referer header.
# If true, requests without Origin or Referer Header are denied, otherwise accepted.
# Possible values: true, false
rest.csrffilter.absentorigin.deny=true
# Enable/Disable the token validation only.
# If true, the validation of the CSRF tokens will be disabled.
# Possible values: true, false
rest.csrffilter.disableTokenValidation=false
</pre></div>
<p><b>Note:</b> If installed standalone, Archiva's list of configuration files is <i>itself</i> configurable, and can be found in: <tt>apps/archiva/WEB-INF/applicationContext.xml</tt></p>
<p>Values from sources</p>
<div class="source"><pre class="prettyprint"><bean name="commons-configuration" class="org.apache.archiva.redback.components.registry.commons.CommonsConfigurationRegistry"
init-method="initialize">
<property name="properties">
<value>
<![CDATA[
<configuration>
<system/>
<jndi prefix="java:comp/env" config-optional="true"/>
<xml fileName="${appserver.base}/conf/archiva.xml" config-optional="true"
config-name="org.apache.archiva.base"
config-at="org.apache.archiva"/>
<xml fileName="${appserver.base}/conf/shared.xml" config-optional="true"
config-name="org.apache.maven.shared.app.base" config-at="org.apache.maven.shared.app"/>
<xml fileName="${appserver.base}/conf/common.xml" config-optional="true"/>
<properties fileName="${appserver.base}/conf/security.properties" config-optional="true"
config-at="org.apache.archiva.redback"/>
<xml fileName="${appserver.home}/conf/archiva.xml" config-optional="true"
config-at="org.apache.archiva"/>
<xml fileName="${appserver.home}/conf/shared.xml" config-optional="true"
config-at="org.apache.maven.shared.app"/>
<xml fileName="${appserver.home}/conf/common.xml" config-optional="true"/>
<properties fileName="${appserver.home}/conf/security.properties" config-optional="true"
config-at="org.apache.archiva.redback"/>
<properties fileName="org/apache/archiva/redback-security.properties" config-at="org.apache.archiva.redback"/>
</configuration>
]]>
</value>
</property>
</bean>
</pre></div></div>
</div>
</div>
</div>
<hr/>
<footer>
<div class="container-fluid">
<div class="row-fluid">
<div class="row span12">Apache Archiva :: Documentation, Archiva :: Documentation, Apache, the Apache feather logo, and the Apache Archiva :: Documentation project logos are trademarks of The Apache Software Foundation.</div>
<div class="row span12">
<a href="http://archiva.apache.org/docs/3.0.0-SNAPSHOT/privacy-policy.html">Privacy Policy</a>
</div>
</div>
<div id="ohloh" class="pull-right">
<script type="text/javascript" src="https://www.ohloh.net/p/6670/widgets/project_basic_stats.js"></script>
</div>
</div>
</footer>
</body>
</html>