summaryrefslogtreecommitdiffstats
path: root/archiva-docs/src/site/apt/guides/security-configuration.apt
blob: 2263cb409b35fbb726a06059854effb76c1b20fb (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
 ------
 Archiva Security Configuration
 ------
 The Maven Team
 ------
 17 February 2007
 ------

~~ Licensed to the Apache Software Foundation (ASF) under one
~~ or more contributor license agreements.  See the NOTICE file
~~ distributed with this work for additional information
~~ regarding copyright ownership.  The ASF licenses this file
~~ to you under the Apache License, Version 2.0 (the
~~ "License"); you may not use this file except in compliance
~~ with the License.  You may obtain a copy of the License at
~~
~~   http://www.apache.org/licenses/LICENSE-2.0
~~
~~ Unless required by applicable law or agreed to in writing,
~~ software distributed under the License is distributed on an
~~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
~~ KIND, either express or implied.  See the License for the
~~ specific language governing permissions and limitations
~~ under the License.

~~ NOTE: For help with the syntax of this file, see:
~~ http://maven.apache.org/guides/mini/guide-apt-format.html

Archiva Security Configuration

* Properties

 Archiva makes use of Redback to handle user ids, passwords and roles.
 
 Security properties and password rules can be configured in the
 <<<security.properties>>> file, which by default is searched for in:

 * <<<~/.m2/security.properties>>>
 
 * <<<$ARCHIVA_HOME/conf/security.properties>>>
 
 []
 
 (In the above list, <<<~>>> is the home directory of the user who is running
 Archiva, and <<<$ARCHIVA_HOME>>> is the directory where Archiva is installed,
 such as <<</opt/archiva-1.0-SNAPSHOT>>>.)
 
~~ TODO: Link to plexus-redback documentation when available

 Following are some of the properties you can modify.  For a complete list,
 consult the default properties file in Redback's svn repo:
 {{{http://svn.codehaus.org/redback/redback/trunk/redback-configuration/src/main/resources/org/codehaus/plexus/redback/config-defaults.properties}
 config-defaults.properties}}

+-----+
# Security Policies
#security.policy.password.encoder=
security.policy.password.previous.count=6
security.policy.password.expiration.days=90
security.policy.allowed.login.attempt=3

# Password Rules
security.policy.password.rule.alphanumeric.enabled=false
security.policy.password.rule.alphacount.enabled=true
security.policy.password.rule.alphacount.minimum=1
security.policy.password.rule.characterlength.enabled=true
security.policy.password.rule.characterlength.minimum=1
security.policy.password.rule.characterlength.maximum=8
security.policy.password.rule.musthave.enabled=true
security.policy.password.rule.numericalcount.enabled=true
security.policy.password.rule.numericalcount.minimum=1
security.policy.password.rule.reuse.enabled=true
security.policy.password.rule.nowhitespace.enabled=true
+-----+

 <<Note:>> Archiva's list of configuration files is <itself> configurable, and
 can be found in:
 <<<$ARCHIVA_HOME/apps/archiva/webapp/WEB-INF/classes/META-INF/plexus/application.xml>>>
 
* Database

 By default, Archiva uses embedded {{{http://db.apache.org/derby}Apache Derby}}
 to store the user information. It can be configured to use an external database
 by providing a JDBC driver and editing the <<<plexus.xml>>> file.
 
 [[1]] Place the jar containing the JDBC driver in <<<$ARCHIVA_HOME/core>>>.
 
 [[2]] Edit <<<$ARCHIVA_HOME/conf/plexus.xml>>>, providing the JDBC driver class
 name, and the database url, username, and password.
    
 []
 
 For example:

+------+
<!--
     Datasources
-->
<resource>
  <name>jdbc/users</name>
  <type>javax.sql.DataSource</type>
  <properties>
    <property>
      <name>driverClassName</name>
      <value>org.apache.derby.jdbc.ClientDriver</value>
    </property>
    <property>
      <name>url</name>
      <value>jdbc:derby://localhost:1527/archiva-users;create=true</value>
    </property>
    <property>
      <name>username</name>
      <value>user1</value>
    </property>
    <property>
      <name>password</name>
      <value>user1</value>
    </property>
  </properties>
</resource>
+------+

 More information about using Derby Network Server as an external user database
 for Archiva can be found on the wiki:
 {{{http://docs.codehaus.org/display/MAVENUSER/Archiva+User+DB+on+Derby+Network+Server}
 Archiva User DB on Derby Network Server}}