------ Archiva Security Configuration ------ The Maven Team ------ 17 February 2007 ------ ~~ Licensed to the Apache Software Foundation (ASF) under one ~~ or more contributor license agreements. See the NOTICE file ~~ distributed with this work for additional information ~~ regarding copyright ownership. The ASF licenses this file ~~ to you under the Apache License, Version 2.0 (the ~~ "License"); you may not use this file except in compliance ~~ with the License. You may obtain a copy of the License at ~~ ~~ http://www.apache.org/licenses/LICENSE-2.0 ~~ ~~ Unless required by applicable law or agreed to in writing, ~~ software distributed under the License is distributed on an ~~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY ~~ KIND, either express or implied. See the License for the ~~ specific language governing permissions and limitations ~~ under the License. ~~ NOTE: For help with the syntax of this file, see: ~~ http://maven.apache.org/guides/mini/guide-apt-format.html Archiva Security Configuration * Properties Archiva makes use of Plexus Redback to handle user ids, passwords and roles. Security properties and password rules can be configured in the <<>> file, which by default is searched for in: * <<<~/.m2/security.properties>>> * <<<$ARCHIVA_HOME/conf/security.properties>>> [] (In the above list, <<<~>>> is the home directory of the user who is running Archiva, and <<<$ARCHIVA_HOME>>> is the directory where Archiva is installed, such as <<>>.) ~~ TODO: Link to plexus-redback documentation when available Following are some of the properties you can modify. For a complete list, consult the default properties file in Plexus Redback's svn repo: {{{http://svn.codehaus.org/plexus/plexus-redback/trunk/redback-configuration/src/main/resources/org/codehaus/plexus/redback/config-defaults.properties} config-defaults.properties}} +-----+ # Security Policies #security.policy.password.encoder= security.policy.password.previous.count=6 security.policy.password.expiration.days=90 security.policy.allowed.login.attempt=3 # Password Rules security.policy.password.rule.alphanumeric.enabled=false security.policy.password.rule.alphacount.enabled=true security.policy.password.rule.alphacount.minimum=1 security.policy.password.rule.characterlength.enabled=true security.policy.password.rule.characterlength.minimum=1 security.policy.password.rule.characterlength.maximum=8 security.policy.password.rule.musthave.enabled=true security.policy.password.rule.numericalcount.enabled=true security.policy.password.rule.numericalcount.minimum=1 security.policy.password.rule.reuse.enabled=true security.policy.password.rule.nowhitespace.enabled=true +-----+ <> Archiva's list of configuration files is configurable, and can be found in: <<<$ARCHIVA_HOME/apps/archiva/webapp/WEB-INF/classes/META-INF/plexus/application.xml>>> * Database By default, Archiva uses embedded {{{http://db.apache.org/derby}Apache Derby}} to store the user information. It can be configured to use an external database by providing a JDBC driver and editing the <<>> file. [[1]] Place the jar containing the JDBC driver in <<<$ARCHIVA_HOME/core>>>. [[2]] Edit <<<$ARCHIVA_HOME/conf/plexus.xml>>>, providing the JDBC driver class name, and the database url, username, and password. [] For example: +------+ jdbc/users javax.sql.DataSource driverClassName org.apache.derby.jdbc.ClientDriver url jdbc:derby://localhost:1527/archiva-users;create=true username user1 password user1 +------+ More information about using Derby Network Server as an external user database for Archiva can be found on the wiki: {{{http://docs.codehaus.org/display/MAVENUSER/Archiva+User+DB+on+Derby+Network+Server} Archiva User DB on Derby Network Server}}