From: Martin Stockhammer Date: Sat, 18 Mar 2017 17:33:14 +0000 (+0100) Subject: Adding some information about redback configuration settings X-Git-Tag: archiva-2.2.2~16 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=2cf09a7f51faf5310237d11bc354fe541f6e2e46;p=archiva.git Adding some information about redback configuration settings --- diff --git a/archiva-docs/src/site/apt/adminguide/customising-security.apt b/archiva-docs/src/site/apt/adminguide/customising-security.apt index b7a99dd9d..d42c2275c 100644 --- a/archiva-docs/src/site/apt/adminguide/customising-security.apt +++ b/archiva-docs/src/site/apt/adminguide/customising-security.apt @@ -48,6 +48,7 @@ Archiva Security Configuration +-----+ # Security Policies +# ----------------- #security.policy.password.encoder= security.policy.password.previous.count=6 security.policy.password.expiration.days=90 @@ -55,6 +56,7 @@ security.policy.password.expiration.enabled=true security.policy.allowed.login.attempt=3 # Password Rules +# -------------- security.policy.password.rule.alphanumeric.enabled=false security.policy.password.rule.alphacount.enabled=true security.policy.password.rule.alphacount.minimum=1 @@ -66,6 +68,23 @@ security.policy.password.rule.numericalcount.enabled=true security.policy.password.rule.numericalcount.minimum=1 security.policy.password.rule.reuse.enabled=true security.policy.password.rule.nowhitespace.enabled=true + +# Cross Site Request Forgery (CSRF) Prevention +# -------------------------------------------- +# Enable/Disable CSRF filtering. +# Possible values: true, false +rest.csrffilter.enabled=true +# Base URL used to verify the origin headers of the requests. If not set or empty +# it tries to determine the base url automatically +rest.baseUrl= +# What to do, if the request contains no Origin or Referer header. +# If true, requests without Origin or Referer Header are denied, otherwise accepted. +# Possible values: true, false +rest.csrffilter.absentorigin.deny=true +# Enable/Disable the token validation only. +# If true, the validation of the CSRF tokens will be disabled. +# Possible values: true, false +rest.csrffilter.disableTokenValidation=false +-----+ <> If installed standalone, Archiva's list of configuration files is configurable, and