diff options
author | Martin Stockhammer <martin_s@apache.org> | 2017-03-18 18:33:14 +0100 |
---|---|---|
committer | Martin Stockhammer <martin_s@apache.org> | 2017-03-18 18:33:14 +0100 |
commit | 2cf09a7f51faf5310237d11bc354fe541f6e2e46 (patch) | |
tree | 502e74580ef79edb021e7ea758def89704f2ed54 | |
parent | f177ba8b7e5bbeed56ef4ace7e62de19a4011f52 (diff) | |
download | archiva-2cf09a7f51faf5310237d11bc354fe541f6e2e46.tar.gz archiva-2cf09a7f51faf5310237d11bc354fe541f6e2e46.zip |
Adding some information about redback configuration settings
-rw-r--r-- | archiva-docs/src/site/apt/adminguide/customising-security.apt | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/archiva-docs/src/site/apt/adminguide/customising-security.apt b/archiva-docs/src/site/apt/adminguide/customising-security.apt index b7a99dd9d..d42c2275c 100644 --- a/archiva-docs/src/site/apt/adminguide/customising-security.apt +++ b/archiva-docs/src/site/apt/adminguide/customising-security.apt @@ -48,6 +48,7 @@ Archiva Security Configuration +-----+ # Security Policies +# ----------------- #security.policy.password.encoder= security.policy.password.previous.count=6 security.policy.password.expiration.days=90 @@ -55,6 +56,7 @@ security.policy.password.expiration.enabled=true security.policy.allowed.login.attempt=3 # Password Rules +# -------------- security.policy.password.rule.alphanumeric.enabled=false security.policy.password.rule.alphacount.enabled=true security.policy.password.rule.alphacount.minimum=1 @@ -66,6 +68,23 @@ security.policy.password.rule.numericalcount.enabled=true security.policy.password.rule.numericalcount.minimum=1 security.policy.password.rule.reuse.enabled=true security.policy.password.rule.nowhitespace.enabled=true + +# Cross Site Request Forgery (CSRF) Prevention +# -------------------------------------------- +# Enable/Disable CSRF filtering. +# Possible values: true, false +rest.csrffilter.enabled=true +# Base URL used to verify the origin headers of the requests. If not set or empty +# it tries to determine the base url automatically +rest.baseUrl= +# What to do, if the request contains no Origin or Referer header. +# If true, requests without Origin or Referer Header are denied, otherwise accepted. +# Possible values: true, false +rest.csrffilter.absentorigin.deny=true +# Enable/Disable the token validation only. +# If true, the validation of the CSRF tokens will be disabled. +# Possible values: true, false +rest.csrffilter.disableTokenValidation=false +-----+ <<Note:>> If installed standalone, Archiva's list of configuration files is <itself> configurable, and |