Archiva Security Configuration
Security properties and password rules can be configured in the security.properties file, which by default is searched for in:
- ~/.m2/security.properties
- conf/security.properties in the Archiva installation
(In the above list, ~ is the home directory of the user who is running Archiva.)
Following are some of the properties you can modify. For a complete list, consult the default properties file in Redback's svn repo: config-defaults.properties
# Security Policies #security.policy.password.encoder= security.policy.password.previous.count=6 security.policy.password.expiration.days=90 security.policy.password.expiration.enabled=true security.policy.allowed.login.attempt=3 # Password Rules security.policy.password.rule.alphanumeric.enabled=false security.policy.password.rule.alphacount.enabled=true security.policy.password.rule.alphacount.minimum=1 security.policy.password.rule.characterlength.enabled=true security.policy.password.rule.characterlength.minimum=1 security.policy.password.rule.characterlength.maximum=8 security.policy.password.rule.musthave.enabled=true security.policy.password.rule.numericalcount.enabled=true security.policy.password.rule.numericalcount.minimum=1 security.policy.password.rule.reuse.enabled=true security.policy.password.rule.nowhitespace.enabled=true
Note: If installed standalone, Archiva's list of configuration files is itself configurable, and can be found in: apps/archiva/WEB-INF/applicationContext.xml
Values from sources
<bean name="commons-configuration" class="org.apache.archiva.redback.components.registry.commons.CommonsConfigurationRegistry"
init-method="initialize">
<property name="properties">
<value>
<![CDATA[
<configuration>
<system/>
<jndi prefix="java:comp/env" config-optional="true"/>
<xml fileName="${user.home}/.m2/archiva.xml" config-optional="true"
config-name="org.apache.archiva.user"
config-at="org.apache.archiva"/>
<xml fileName="${user.home}/.m2/shared.xml" config-optional="true"
config-name="org.apache.maven.shared.app.user" config-at="org.apache.maven.shared.app"
config-forceCreate="true"/>
<properties fileName="${user.home}/.m2/security.properties" config-optional="true"
config-at="org.apache.archiva.redback"/>
<properties fileName="${user.home}/.m2/archiva.properties" config-optional="true"
config-at="org.apache.archiva.redback"/>
<xml fileName="${appserver.base}/conf/archiva.xml" config-optional="true"
config-name="org.apache.archiva.base"
config-at="org.apache.archiva"/>
<xml fileName="${appserver.base}/conf/shared.xml" config-optional="true"
config-name="org.apache.maven.shared.app.base" config-at="org.apache.maven.shared.app"/>
<xml fileName="${appserver.base}/conf/common.xml" config-optional="true"/>
<properties fileName="${appserver.base}/conf/security.properties" config-optional="true"
config-at="org.apache.archiva.redback"/>
<xml fileName="${appserver.home}/conf/archiva.xml" config-optional="true"
config-at="org.apache.archiva"/>
<xml fileName="${appserver.home}/conf/shared.xml" config-optional="true"
config-at="org.apache.maven.shared.app"/>
<xml fileName="${appserver.home}/conf/common.xml" config-optional="true"/>
<properties fileName="${appserver.home}/conf/security.properties" config-optional="true"
config-at="org.apache.archiva.redback"/>
<properties fileName="org/apache/archiva/redback-security.properties" config-at="org.apache.archiva.redback"/>
</configuration>
]]>
</value>
</property>
</bean>