-----
 Archiva Security Configuration
 -----
 -----
 2011-09-16
 -----

~~ Licensed to the Apache Software Foundation (ASF) under one                      
~~ or more contributor license agreements.  See the NOTICE file                    
~~ distributed with this work for additional information                           
~~ regarding copyright ownership.  The ASF licenses this file                      
~~ to you under the Apache License, Version 2.0 (the                               
~~ "License"); you may not use this file except in compliance                      
~~ with the License.  You may obtain a copy of the License at                      
~~                                                                                 
~~   http://www.apache.org/licenses/LICENSE-2.0                                    
~~                                                                                 
~~ Unless required by applicable law or agreed to in writing,                      
~~ software distributed under the License is distributed on an                     
~~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY                          
~~ KIND, either express or implied.  See the License for the                       
~~ specific language governing permissions and limitations                         
~~ under the License.

~~ NOTE: For help with the syntax of this file, see:
~~ http://maven.apache.org/guides/mini/guide-apt-format.html

Archiva Security Configuration

 Security properties and password rules can be configured in the
 <<<security.properties>>> file, which by default is searched for in:

   * <<<~/.m2/security.properties>>>
  
   * <<<conf/security.properties>>> in the Archiva installation

   []

 (In the above list, <<<~>>> is the home directory of the user who is running
 Archiva.)

~~TODO: Link to plexus-redback documentation when available

 Following are some of the properties you can modify.  For a complete list,
 consult the default properties file in Redback's svn repo:
 {{{http://svn.apache.org/repos/asf/archiva/redback/redback-core/trunk/redback-configuration/src/main/resources/org/apache/archiva/redback/config-defaults.properties}
 config-defaults.properties}}

+-----+
# Security Policies
#security.policy.password.encoder=
security.policy.password.previous.count=6
security.policy.password.expiration.days=90
security.policy.password.expiration.enabled=true
security.policy.allowed.login.attempt=3

# Password Rules
security.policy.password.rule.alphanumeric.enabled=false
security.policy.password.rule.alphacount.enabled=true
security.policy.password.rule.alphacount.minimum=1
security.policy.password.rule.characterlength.enabled=true
security.policy.password.rule.characterlength.minimum=1
security.policy.password.rule.characterlength.maximum=8
security.policy.password.rule.musthave.enabled=true
security.policy.password.rule.numericalcount.enabled=true
security.policy.password.rule.numericalcount.minimum=1
security.policy.password.rule.reuse.enabled=true
security.policy.password.rule.nowhitespace.enabled=true
+-----+
 
  <<Note:>> If installed standalone, Archiva's list of configuration files is <itself> configurable, and
  can be found in:
  <<<apps/archiva/WEB-INF/applicationContext.xml>>>

  Values from sources

%{snippet|id=configuration-files-list|ignoreDownloadError=true|url=http://svn.apache.org/repos/asf/archiva/trunk/archiva-modules/archiva-web/archiva-webapp/src/main/webapp/WEB-INF/applicationContext.xml}