You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@archiva.apache.org by ol...@apache.org on 2013/12/04 06:47:06 UTC
svn commit: r1547715 [1/3] - in /archiva/site-content/redback: ./
development/ errors/ images/ integration/ rbac/
Author: olamy
Date: Wed Dec 4 05:47:05 2013
New Revision: 1547715
URL: http://svn.apache.org/r1547715
Log:
Apache Redback Main site deployment
Added:
archiva/site-content/redback/images/redback.jpg (with props)
Modified:
archiva/site-content/redback/authentication.html
archiva/site-content/redback/authorization.html
archiva/site-content/redback/configuration.html
archiva/site-content/redback/development/extending-authn.html
archiva/site-content/redback/errors/404.html
archiva/site-content/redback/index.html
archiva/site-content/redback/integration.html
archiva/site-content/redback/integration/ldap.html
archiva/site-content/redback/integration/rest.html
archiva/site-content/redback/issue-tracking.html
archiva/site-content/redback/key-store.html
archiva/site-content/redback/license.html
archiva/site-content/redback/mail-lists.html
archiva/site-content/redback/privacy-policy.html
archiva/site-content/redback/project-info.html
archiva/site-content/redback/rbac/introduction.html
archiva/site-content/redback/rbac/role-management.html
archiva/site-content/redback/source-repository.html
archiva/site-content/redback/team-list.html
archiva/site-content/redback/user-management.html
Modified: archiva/site-content/redback/authentication.html
URL: http://svn.apache.org/viewvc/archiva/site-content/redback/authentication.html?rev=1547715&r1=1547714&r2=1547715&view=diff
==============================================================================
--- archiva/site-content/redback/authentication.html (original)
+++ archiva/site-content/redback/authentication.html Wed Dec 4 05:47:05 2013
@@ -1,13 +1,13 @@
<!DOCTYPE html>
<!--
- | Generated by Apache Maven Doxia at Apr 29, 2013
+ | Generated by Apache Maven Doxia at 2013-12-04
| Rendered using Apache Maven Fluido Skin 1.3.0
-->
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
- <meta name="Date-Revision-yyyymmdd" content="20130429" />
+ <meta name="Date-Revision-yyyymmdd" content="20131204" />
<meta http-equiv="Content-Language" content="en" />
<title>Apache Redback - Authentication</title>
<link rel="stylesheet" href="./css/apache-maven-fluido-1.3.0.min.css" />
@@ -166,7 +166,7 @@
<div id="banner">
<div class="pull-left">
<a href="../redback" id="bannerLeft">
- <h2>Redback</h2>
+ <img src="images/redback.jpg" alt="Redback"/>
</a>
</div>
<div class="pull-right"> <a href="http://www.apache.org/" id="bannerRight">
@@ -180,8 +180,8 @@
<ul class="breadcrumb">
- <li id="publishDate">Last Published: 2013-04-29</li>
- <li class="divider">|</li> <li id="projectVersion">Version: 2.1-SNAPSHOT</li>
+ <li id="publishDate">Last Published: 2013-12-04</li>
+ <li class="divider">|</li> <li id="projectVersion">Version: 2.2-SNAPSHOT</li>
<li class="divider">|</li> <li class="">
<a href="http://www.apache.org/" class="externalLink" title="Apache">
Apache</a>
@@ -204,7 +204,16 @@
<div id="bodyColumn" >
- <!-- Licensed to the Apache Software Foundation (ASF) under one --><!-- or more contributor license agreements. See the NOTICE file --><!-- distributed with this work for additional information --><!-- regarding copyright ownership. The ASF licenses this file --><!-- to you under the Apache License, Version 2.0 (the --><!-- "License"); you may not use this file except in compliance --><!-- with the License. You may obtain a copy of the License at --><!-- --><!-- http://www.apache.org/licenses/LICENSE-2.0 --><!-- --><!-- Unless required by applicable law or agreed to in writing, --><!-- software distributed under the License is distributed on an --><!-- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY --><!-- KIND, either express or implied. See the License for the --><!-- specific language governing permissions and limitations --><!-- under the License. --><!-- NOTE: For help with the syntax of this file, see: --><!-- http://maven.apache.org/guides/mini/guide
-apt-format.html --><div class="section"><h2>Redback Authentication<a name="Redback_Authentication"></a></h2><p>Redback currently supports the following authentication mechanisms:</p><ul><li>username/password for redback-users </li><li>keystore based for redback-keys</li><li>read only LDAP</li></ul><p>Support is being actively worked on or considered for:</p><ul><li>LDAP</li></ul></div>
+ <!-- Licensed to the Apache Software Foundation (ASF) under one --><!-- or more contributor license agreements. See the NOTICE file --><!-- distributed with this work for additional information --><!-- regarding copyright ownership. The ASF licenses this file --><!-- to you under the Apache License, Version 2.0 (the --><!-- "License"); you may not use this file except in compliance --><!-- with the License. You may obtain a copy of the License at --><!-- --><!-- http://www.apache.org/licenses/LICENSE-2.0 --><!-- --><!-- Unless required by applicable law or agreed to in writing, --><!-- software distributed under the License is distributed on an --><!-- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY --><!-- KIND, either express or implied. See the License for the --><!-- specific language governing permissions and limitations --><!-- under the License. --><!-- NOTE: For help with the syntax of this file, see: --><!-- http://maven.apache.org/guides/mini/guide
-apt-format.html --><div class="section">
+<h2>Redback Authentication<a name="Redback_Authentication"></a></h2>
+<p>Redback currently supports the following authentication mechanisms:</p>
+<ul>
+<li>username/password for redback-users </li>
+<li>keystore based for redback-keys</li>
+<li>read only LDAP</li></ul>
+<p>Support is being actively worked on or considered for:</p>
+<ul>
+<li>LDAP</li></ul></div>
</div>
</div>
Modified: archiva/site-content/redback/authorization.html
URL: http://svn.apache.org/viewvc/archiva/site-content/redback/authorization.html?rev=1547715&r1=1547714&r2=1547715&view=diff
==============================================================================
--- archiva/site-content/redback/authorization.html (original)
+++ archiva/site-content/redback/authorization.html Wed Dec 4 05:47:05 2013
@@ -1,13 +1,13 @@
<!DOCTYPE html>
<!--
- | Generated by Apache Maven Doxia at Apr 29, 2013
+ | Generated by Apache Maven Doxia at 2013-12-04
| Rendered using Apache Maven Fluido Skin 1.3.0
-->
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
- <meta name="Date-Revision-yyyymmdd" content="20130429" />
+ <meta name="Date-Revision-yyyymmdd" content="20131204" />
<meta http-equiv="Content-Language" content="en" />
<title>Apache Redback - Authorization</title>
<link rel="stylesheet" href="./css/apache-maven-fluido-1.3.0.min.css" />
@@ -166,7 +166,7 @@
<div id="banner">
<div class="pull-left">
<a href="../redback" id="bannerLeft">
- <h2>Redback</h2>
+ <img src="images/redback.jpg" alt="Redback"/>
</a>
</div>
<div class="pull-right"> <a href="http://www.apache.org/" id="bannerRight">
@@ -180,8 +180,8 @@
<ul class="breadcrumb">
- <li id="publishDate">Last Published: 2013-04-29</li>
- <li class="divider">|</li> <li id="projectVersion">Version: 2.1-SNAPSHOT</li>
+ <li id="publishDate">Last Published: 2013-12-04</li>
+ <li class="divider">|</li> <li id="projectVersion">Version: 2.2-SNAPSHOT</li>
<li class="divider">|</li> <li class="">
<a href="http://www.apache.org/" class="externalLink" title="Apache">
Apache</a>
@@ -204,7 +204,9 @@
<div id="bodyColumn" >
- <!-- Licensed to the Apache Software Foundation (ASF) under one --><!-- or more contributor license agreements. See the NOTICE file --><!-- distributed with this work for additional information --><!-- regarding copyright ownership. The ASF licenses this file --><!-- to you under the Apache License, Version 2.0 (the --><!-- "License"); you may not use this file except in compliance --><!-- with the License. You may obtain a copy of the License at --><!-- --><!-- http://www.apache.org/licenses/LICENSE-2.0 --><!-- --><!-- Unless required by applicable law or agreed to in writing, --><!-- software distributed under the License is distributed on an --><!-- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY --><!-- KIND, either express or implied. See the License for the --><!-- specific language governing permissions and limitations --><!-- under the License. --><!-- NOTE: For help with the syntax of this file, see: --><!-- http://maven.apache.org/guides/mini/guide
-apt-format.html --><div class="section"><h2>Redback Authorization<a name="Redback_Authorization"></a></h2><p>Redback comes with an implementation of role based access control. Please see the section below on rbac to learn more about that system.</p></div>
+ <!-- Licensed to the Apache Software Foundation (ASF) under one --><!-- or more contributor license agreements. See the NOTICE file --><!-- distributed with this work for additional information --><!-- regarding copyright ownership. The ASF licenses this file --><!-- to you under the Apache License, Version 2.0 (the --><!-- "License"); you may not use this file except in compliance --><!-- with the License. You may obtain a copy of the License at --><!-- --><!-- http://www.apache.org/licenses/LICENSE-2.0 --><!-- --><!-- Unless required by applicable law or agreed to in writing, --><!-- software distributed under the License is distributed on an --><!-- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY --><!-- KIND, either express or implied. See the License for the --><!-- specific language governing permissions and limitations --><!-- under the License. --><!-- NOTE: For help with the syntax of this file, see: --><!-- http://maven.apache.org/guides/mini/guide
-apt-format.html --><div class="section">
+<h2>Redback Authorization<a name="Redback_Authorization"></a></h2>
+<p>Redback comes with an implementation of role based access control. Please see the section below on rbac to learn more about that system.</p></div>
</div>
</div>
Modified: archiva/site-content/redback/configuration.html
URL: http://svn.apache.org/viewvc/archiva/site-content/redback/configuration.html?rev=1547715&r1=1547714&r2=1547715&view=diff
==============================================================================
--- archiva/site-content/redback/configuration.html (original)
+++ archiva/site-content/redback/configuration.html Wed Dec 4 05:47:05 2013
@@ -1,13 +1,13 @@
<!DOCTYPE html>
<!--
- | Generated by Apache Maven Doxia at Apr 29, 2013
+ | Generated by Apache Maven Doxia at 2013-12-04
| Rendered using Apache Maven Fluido Skin 1.3.0
-->
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
- <meta name="Date-Revision-yyyymmdd" content="20130429" />
+ <meta name="Date-Revision-yyyymmdd" content="20131204" />
<meta http-equiv="Content-Language" content="en" />
<title>Apache Redback - Configuration</title>
<link rel="stylesheet" href="./css/apache-maven-fluido-1.3.0.min.css" />
@@ -166,7 +166,7 @@
<div id="banner">
<div class="pull-left">
<a href="../redback" id="bannerLeft">
- <h2>Redback</h2>
+ <img src="images/redback.jpg" alt="Redback"/>
</a>
</div>
<div class="pull-right"> <a href="http://www.apache.org/" id="bannerRight">
@@ -180,8 +180,8 @@
<ul class="breadcrumb">
- <li id="publishDate">Last Published: 2013-04-29</li>
- <li class="divider">|</li> <li id="projectVersion">Version: 2.1-SNAPSHOT</li>
+ <li id="publishDate">Last Published: 2013-12-04</li>
+ <li class="divider">|</li> <li id="projectVersion">Version: 2.2-SNAPSHOT</li>
<li class="divider">|</li> <li class="">
<a href="http://www.apache.org/" class="externalLink" title="Apache">
Apache</a>
@@ -204,7 +204,32 @@
<div id="bodyColumn" >
- <!-- Licensed to the Apache Software Foundation (ASF) under one --><!-- or more contributor license agreements. See the NOTICE file --><!-- distributed with this work for additional information --><!-- regarding copyright ownership. The ASF licenses this file --><!-- to you under the Apache License, Version 2.0 (the --><!-- "License"); you may not use this file except in compliance --><!-- with the License. You may obtain a copy of the License at --><!-- --><!-- http://www.apache.org/licenses/LICENSE-2.0 --><!-- --><!-- Unless required by applicable law or agreed to in writing, --><!-- software distributed under the License is distributed on an --><!-- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY --><!-- KIND, either express or implied. See the License for the --><!-- specific language governing permissions and limitations --><!-- under the License. --><!-- NOTE: For help with the syntax of this file, see: --><!-- http://maven.apache.org/guides/mini/guide
-apt-format.html --><div class="section"><h2>Redback Configuration<a name="Redback_Configuration"></a></h2><p>Configuration in Redback is governed by a plexus configuration setup making use of properties files. Below is a listing of all of the available configuration options along with default values and notes on what they are where applicable.</p><ul><li><a href="#Redback_Configuration">Redback Configuration</a><ul><li><a href="#Configuration_File_Locations">Configuration File Locations</a></li><li><a href="#Configuration_Options">Configuration Options</a><ul><li><a href="#Application_Configuration">Application Configuration</a></li><li><a href="#JDBC_Setup">JDBC Setup</a></li><li><a href="#Email_Settings">Email Settings</a></li><li><a href="#Auto_Login_Settings">Auto Login Settings</a></li><li><a href="#Default_Username_Values">Default Username Values</a></li><li><a href="#Security_Policies">Security Policies</a></li><li><a href="#Password_Rules">Password Rules</a></li><li><a href
="#LDAP_settings">LDAP settings</a><ul><li><a href="#ldap_options_for_configuration_via_properties_file">ldap options for configuration via properties file</a></li></ul></li><li><a href="#User_Manager_Implementations_to_use">User Manager Implementation(s) to use</a></li><li><a href="#RBAC_Manager_Implementations_to_use">RBAC Manager Implementation(s) to use</a></li></ul></li></ul></li></ul><div class="section"><h3>Configuration File Locations<a name="Configuration_File_Locations"></a></h3><p>Configuration file location can depend on the application that is embedding Redback. Since Redback is currently built up off of Plexus, it would be ideal to check out the application.xml of the relevant application and look for an entry similar to the following.</p><div><pre>
+ <!-- Licensed to the Apache Software Foundation (ASF) under one --><!-- or more contributor license agreements. See the NOTICE file --><!-- distributed with this work for additional information --><!-- regarding copyright ownership. The ASF licenses this file --><!-- to you under the Apache License, Version 2.0 (the --><!-- "License"); you may not use this file except in compliance --><!-- with the License. You may obtain a copy of the License at --><!-- --><!-- http://www.apache.org/licenses/LICENSE-2.0 --><!-- --><!-- Unless required by applicable law or agreed to in writing, --><!-- software distributed under the License is distributed on an --><!-- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY --><!-- KIND, either express or implied. See the License for the --><!-- specific language governing permissions and limitations --><!-- under the License. --><!-- NOTE: For help with the syntax of this file, see: --><!-- http://maven.apache.org/guides/mini/guide
-apt-format.html --><div class="section">
+<h2>Redback Configuration<a name="Redback_Configuration"></a></h2>
+<p>Configuration in Redback is governed by a plexus configuration setup making use of properties files. Below is a listing of all of the available configuration options along with default values and notes on what they are where applicable.</p>
+<ul>
+<li><a href="#Redback_Configuration">Redback Configuration</a>
+<ul>
+<li><a href="#Configuration_File_Locations">Configuration File Locations</a></li>
+<li><a href="#Configuration_Options">Configuration Options</a>
+<ul>
+<li><a href="#Application_Configuration">Application Configuration</a></li>
+<li><a href="#JDBC_Setup">JDBC Setup</a></li>
+<li><a href="#Email_Settings">Email Settings</a></li>
+<li><a href="#Auto_Login_Settings">Auto Login Settings</a></li>
+<li><a href="#Default_Username_Values">Default Username Values</a></li>
+<li><a href="#Security_Policies">Security Policies</a></li>
+<li><a href="#Password_Rules">Password Rules</a></li>
+<li><a href="#LDAP_settings">LDAP settings</a>
+<ul>
+<li><a href="#ldap_options_for_configuration_via_properties_file">ldap options for configuration via properties file</a></li></ul></li>
+<li><a href="#User_Manager_Implementations_to_use">User Manager Implementation(s) to use</a></li>
+<li><a href="#RBAC_Manager_Implementations_to_use">RBAC Manager Implementation(s) to use</a></li></ul></li></ul></li></ul>
+<div class="section">
+<h3>Configuration File Locations<a name="Configuration_File_Locations"></a></h3>
+<p>Configuration file location can depend on the application that is embedding Redback. Since Redback is currently built up off of Plexus, it would be ideal to check out the application.xml of the relevant application and look for an entry similar to the following.</p>
+<div>
+<pre>
<bean name="userConfiguration" class="org.apache.archiva.redback.configuration.DefaultUserConfiguration"
init-method="initialize">
<property name="configs">
@@ -216,7 +241,136 @@
<property name="registry" ref="registry#commons-configuration"/>
</bean>
-</pre></div></div><div class="section"><h3>Configuration Options<a name="Configuration_Options"></a></h3><div class="section"><h4>Application Configuration<a name="Application_Configuration"></a></h4><ul><li>application.timestamp=EEE d MMM yyyy HH:mm:ss Z</li><li>application.url=http://myurl.mycompany.com<ul><li>Set the application base URL. The default is to derive it from the HTTP request</li></ul></li></ul></div><div class="section"><h4>JDBC Setup<a name="JDBC_Setup"></a></h4><p>By default Redback uses Apache Derby for persistence of user and role information. This can be configured with the following options.</p><ul><li>jdbc.driver.name=org.apache.derby.jdbc.EmbeddedDriver</li><li>jdbc.url=jdbc:derby:$<a name="plexus.home">plexus.home</a>/database;create=true</li><li>jdbc.username=sa</li><li>jdbc.password=</li></ul><p>By default Redback uses Apache Derby for persistence of user and role information. This can be configured with the following options.</p><p><b>Note:</b> If you are
using MySQL as your database, the database will not be populated if the encoding is initially set to UTF-8. As a workaround, set the database to UTF-8 encoding after it has been populated. See <a class="externalLink" href="http://jira.codehaus.org/browse/REDBACK-267"> REDBACK-267</a> for more details.</p></div><div class="section"><h4>Email Settings<a name="Email_Settings"></a></h4><ul><li>email.jndiSessionName=java:comp/env/mail/Session</li><li>email.smtp.host=localhost</li><li>email.smtp.port=25</li><li>email.smtp.ssl.enabled=false</li><li>email.smtp.tls.enabled=false</li><li>email.smtp.username=</li><li>email.smtp.password=</li><li>email.from.address=$<a name="user.name">user.name</a>@localhost<ul><li>All emails sent by the system will be from the following address</li></ul></li><li>email.from.name=Unconfigured Username</li><li>email.validation.required=true<ul><li>If all email addresses (from new user registration) require an account validation email. </li></ul></li><li>email.v
alidation.timeout=2880<ul><li>Timeout (in minutes) for the key generated for an email validation to remain valid.</li><li>2880 minutes = 48 hours</li></ul></li><li>email.validation.subject=Welcome</li><li>email.feedback.path=/feedback.action<ul><li>Get the Feedback to use for any outgoing emails.</li><li>Feedback path starts with a "/" it is appended to the end of the value provided in application.url. This value can be in the format/syntax of "/feedback.action" or even "mailto:feedback@application.com"</li></ul></li></ul></div><div class="section"><h4>Auto Login Settings<a name="Auto_Login_Settings"></a></h4><ul><li>security.rememberme.enabled=true</li><li>security.rememberme.timeout=525600<ul><li>Timeout in minutes ( 525600 minutes = 1 year )</li></ul></li><li>security.signon.timeout=30<ul><li>Single Sign On</li><li>Timeout is in minutes</li></ul></li></ul></div><div class="section"><h4>Default Username Values<a name="Default_Username_Values"></a></h4
><ul><li>redback.default.admin=admin<ul><li>name for the admin user, by default this is 'admin' and can not easily be changed after the fact at this point. However any number of people may be assigned full administrator roles.</li></ul></li><li>redback.default.guest=guest (currently guest is an hardcoded value so not possible to configure it)<ul><li>name of the guest user</li></ul></li></ul></div><div class="section"><h4>Security Policies<a name="Security_Policies"></a></h4><ul><li>security.policy.password.encoder=</li><li>security.policy.password.previous.count=6</li><li>security.policy.password.expiration.enabled=true</li><li>security.policy.password.expiration.days=90</li><li>security.policy.password.expiration.notify.days=10</li><li>security.policy.allowed.login.attempt=10</li><li>security.policy.strict.enforcement.enabled=true<ul><li>turn off the perclick enforcement of various security policies, slightly more heavyweight since it will ensure that the User object on each click
is up to date</li></ul></li><li>security.policy.strict.force.password.change.enabled=true<ul><li>forces the user to change their password immediately should their account be flagged for a password change.</li></ul></li><li>security.policy.unlockable.accounts<ul><li>can be specified multiple times to ensure that password policies never lock the specified account(s) (eg. security.policy.unlockable.accounts=guest )</li></ul></li></ul></div><div class="section"><h4>Password Rules<a name="Password_Rules"></a></h4><ul><li>security.policy.password.rule.alphanumeric.enabled=false</li><li>security.policy.password.rule.alphacount.enabled=true</li><li>security.policy.password.rule.alphacount.minimum=1</li><li>security.policy.password.rule.characterlength.enabled=true</li><li>security.policy.password.rule.characterlength.minimum=1</li><li>security.policy.password.rule.characterlength.maximum=24</li><li>security.policy.password.rule.musthave.enabled=true</li><li>security.policy.password.rule.num
ericalcount.enabled=true</li><li>security.policy.password.rule.numericalcount.minimum=1</li><li>security.policy.password.rule.reuse.enabled=true</li><li>security.policy.password.rule.nowhitespace.enabled=true</li></ul></div><div class="section"><h4>LDAP settings<a name="LDAP_settings"></a></h4><p>Ldap can be used as a readonly user manager, however the role assignment is still managed entirely within the given database store. This should be fixed in the future sometime but likely not before ldap is switched over as the default user and role store entirely.</p><ul><li>ldap.user.store.enabled=false</li><li>ldap.bind.authenticator.enabled=false</li></ul><div class="section"><h5>ldap options for configuration via properties file<a name="ldap_options_for_configuration_via_properties_file"></a></h5><ul><li>ldap.config.hostname=</li><li>ldap.config.port=</li><li>ldap.config.base.dn=</li><li>ldap.config.context.factory=</li><li>ldap.config.bind.dn=</li><li>ldap.config.password=</li><li>ldap
.config.authentication.method=</li><li>ldap.config.groups.class= object class for groups (default: groupOfUniqueNames)</li><li>ldap.config.groups.base.dn= basedn for groups, dn with list of groups ( dc=archiva,dc=apache,dc=org ) (if empty default will be ldap.config.base.dn)</li><li>ldap.config.groups.role.*(ldap group)=*(roles) (mapping ldap group <i>-</i> redback roles comma separated) (example: ldap.config.groups.role.archiva-admin=Archiva System Administrator, Foo)</li><li>ldap.config.writable=true/false will write datas to ldap (default false)</li><li>ldap.config.groups.use.rolename=true/false will create/use groups in ldap with default role if no group<i>-</i>role mapping found (default false)</li><li>ldap.config.user.attribute= attribute name to use for user (default uid=)</li></ul></div></div><div class="section"><h4>User Manager Implementation(s) to use<a name="User_Manager_Implementations_to_use"></a></h4><ul><li>user.manager.impl=cached (since 1.4-M4: Archiva support more
than one value comma separated)<ul><li>valid values for realistic usage are 'cached' and then further configuring the cached instance to use another underlying user manager like ldap or the jdo one which is used by default. Placing 'ldap' here will check with the ldap system for a fair amount of checks and would likely be a performance issue</li></ul></li></ul></div><div class="section"><h4>RBAC Manager Implementation(s) to use<a name="RBAC_Manager_Implementations_to_use"></a></h4><ul><li>rbac.manager.impl=cached (since 1.4-M4: Archiva support more than one value comma separated)</li></ul></div></div></div>
+</pre></div></div>
+<div class="section">
+<h3>Configuration Options<a name="Configuration_Options"></a></h3>
+<div class="section">
+<h4>Application Configuration<a name="Application_Configuration"></a></h4>
+<ul>
+<li>application.timestamp=EEE d MMM yyyy HH:mm:ss Z</li>
+<li>application.url=http://myurl.mycompany.com
+<ul>
+<li>Set the application base URL. The default is to derive it from the HTTP request</li></ul></li></ul></div>
+<div class="section">
+<h4>JDBC Setup<a name="JDBC_Setup"></a></h4>
+<p>By default Redback uses Apache Derby for persistence of user and role information. This can be configured with the following options.</p>
+<ul>
+<li>jdbc.driver.name=org.apache.derby.jdbc.EmbeddedDriver</li>
+<li>jdbc.url=jdbc:derby:$<a name="plexus.home">plexus.home</a>/database;create=true</li>
+<li>jdbc.username=sa</li>
+<li>jdbc.password=</li></ul>
+<p>By default Redback uses Apache Derby for persistence of user and role information. This can be configured with the following options.</p>
+<p><b>Note:</b> If you are using MySQL as your database, the database will not be populated if the encoding is initially set to UTF-8. As a workaround, set the database to UTF-8 encoding after it has been populated. See <a class="externalLink" href="http://jira.codehaus.org/browse/REDBACK-267"> REDBACK-267</a> for more details.</p></div>
+<div class="section">
+<h4>Email Settings<a name="Email_Settings"></a></h4>
+<ul>
+<li>email.jndiSessionName=java:comp/env/mail/Session</li>
+<li>email.smtp.host=localhost</li>
+<li>email.smtp.port=25</li>
+<li>email.smtp.ssl.enabled=false</li>
+<li>email.smtp.tls.enabled=false</li>
+<li>email.smtp.username=</li>
+<li>email.smtp.password=</li>
+<li>email.from.address=$<a name="user.name">user.name</a>@localhost
+<ul>
+<li>All emails sent by the system will be from the following address</li></ul></li>
+<li>email.from.name=Unconfigured Username</li>
+<li>email.validation.required=true
+<ul>
+<li>If all email addresses (from new user registration) require an account validation email. </li></ul></li>
+<li>email.validation.timeout=2880
+<ul>
+<li>Timeout (in minutes) for the key generated for an email validation to remain valid.</li>
+<li>2880 minutes = 48 hours</li></ul></li>
+<li>email.validation.subject=Welcome</li>
+<li>email.feedback.path=/feedback.action
+<ul>
+<li>Get the Feedback to use for any outgoing emails.</li>
+<li>Feedback path starts with a "/" it is appended to the end of the value provided in application.url. This value can be in the format/syntax of "/feedback.action" or even "mailto:feedback@application.com"</li></ul></li></ul></div>
+<div class="section">
+<h4>Auto Login Settings<a name="Auto_Login_Settings"></a></h4>
+<ul>
+<li>security.rememberme.enabled=true</li>
+<li>security.rememberme.timeout=525600
+<ul>
+<li>Timeout in minutes ( 525600 minutes = 1 year )</li></ul></li>
+<li>security.signon.timeout=30
+<ul>
+<li>Single Sign On</li>
+<li>Timeout is in minutes</li></ul></li></ul></div>
+<div class="section">
+<h4>Default Username Values<a name="Default_Username_Values"></a></h4>
+<ul>
+<li>redback.default.admin=admin
+<ul>
+<li>name for the admin user, by default this is 'admin' and can not easily be changed after the fact at this point. However any number of people may be assigned full administrator roles.</li></ul></li>
+<li>redback.default.guest=guest (currently guest is an hardcoded value so not possible to configure it)
+<ul>
+<li>name of the guest user</li></ul></li></ul></div>
+<div class="section">
+<h4>Security Policies<a name="Security_Policies"></a></h4>
+<ul>
+<li>security.policy.password.encoder=</li>
+<li>security.policy.password.previous.count=6</li>
+<li>security.policy.password.expiration.enabled=true</li>
+<li>security.policy.password.expiration.days=90</li>
+<li>security.policy.password.expiration.notify.days=10</li>
+<li>security.policy.allowed.login.attempt=10</li>
+<li>security.policy.strict.enforcement.enabled=true
+<ul>
+<li>turn off the perclick enforcement of various security policies, slightly more heavyweight since it will ensure that the User object on each click is up to date</li></ul></li>
+<li>security.policy.strict.force.password.change.enabled=true
+<ul>
+<li>forces the user to change their password immediately should their account be flagged for a password change.</li></ul></li>
+<li>security.policy.unlockable.accounts
+<ul>
+<li>can be specified multiple times to ensure that password policies never lock the specified account(s) (eg. security.policy.unlockable.accounts=guest )</li></ul></li></ul></div>
+<div class="section">
+<h4>Password Rules<a name="Password_Rules"></a></h4>
+<ul>
+<li>security.policy.password.rule.alphanumeric.enabled=false</li>
+<li>security.policy.password.rule.alphacount.enabled=true</li>
+<li>security.policy.password.rule.alphacount.minimum=1</li>
+<li>security.policy.password.rule.characterlength.enabled=true</li>
+<li>security.policy.password.rule.characterlength.minimum=1</li>
+<li>security.policy.password.rule.characterlength.maximum=24</li>
+<li>security.policy.password.rule.musthave.enabled=true</li>
+<li>security.policy.password.rule.numericalcount.enabled=true</li>
+<li>security.policy.password.rule.numericalcount.minimum=1</li>
+<li>security.policy.password.rule.reuse.enabled=true</li>
+<li>security.policy.password.rule.nowhitespace.enabled=true</li></ul></div>
+<div class="section">
+<h4>LDAP settings<a name="LDAP_settings"></a></h4>
+<p>Ldap can be used as a readonly user manager, however the role assignment is still managed entirely within the given database store. This should be fixed in the future sometime but likely not before ldap is switched over as the default user and role store entirely.</p>
+<ul>
+<li>ldap.user.store.enabled=false</li>
+<li>ldap.bind.authenticator.enabled=false</li></ul>
+<div class="section">
+<h5>ldap options for configuration via properties file<a name="ldap_options_for_configuration_via_properties_file"></a></h5>
+<ul>
+<li>ldap.config.hostname=</li>
+<li>ldap.config.port=</li>
+<li>ldap.config.base.dn=</li>
+<li>ldap.config.context.factory=</li>
+<li>ldap.config.bind.dn=</li>
+<li>ldap.config.password=</li>
+<li>ldap.config.authentication.method=</li>
+<li>ldap.config.groups.class= object class for groups (default: groupOfUniqueNames)</li>
+<li>ldap.config.groups.base.dn= basedn for groups, dn with list of groups ( dc=archiva,dc=apache,dc=org ) (if empty default will be ldap.config.base.dn)</li>
+<li>ldap.config.groups.role.*(ldap group)=*(roles) (mapping ldap group <i>-</i> redback roles comma separated) (example: ldap.config.groups.role.archiva-admin=Archiva System Administrator, Foo)</li>
+<li>ldap.config.writable=true/false will write datas to ldap (default false)</li>
+<li>ldap.config.groups.use.rolename=true/false will create/use groups in ldap with default role if no group<i>-</i>role mapping found (default false)</li>
+<li>ldap.config.user.attribute= attribute name to use for user (default uid=)</li></ul></div></div>
+<div class="section">
+<h4>User Manager Implementation(s) to use<a name="User_Manager_Implementations_to_use"></a></h4>
+<ul>
+<li>user.manager.impl=cached (since 1.4-M4: Archiva support more than one value comma separated)
+<ul>
+<li>valid values for realistic usage are 'cached' and then further configuring the cached instance to use another underlying user manager like ldap or the jdo one which is used by default. Placing 'ldap' here will check with the ldap system for a fair amount of checks and would likely be a performance issue</li></ul></li></ul></div>
+<div class="section">
+<h4>RBAC Manager Implementation(s) to use<a name="RBAC_Manager_Implementations_to_use"></a></h4>
+<ul>
+<li>rbac.manager.impl=cached (since 1.4-M4: Archiva support more than one value comma separated)</li></ul></div></div></div>
</div>
</div>
Modified: archiva/site-content/redback/development/extending-authn.html
URL: http://svn.apache.org/viewvc/archiva/site-content/redback/development/extending-authn.html?rev=1547715&r1=1547714&r2=1547715&view=diff
==============================================================================
--- archiva/site-content/redback/development/extending-authn.html (original)
+++ archiva/site-content/redback/development/extending-authn.html Wed Dec 4 05:47:05 2013
@@ -1,13 +1,13 @@
<!DOCTYPE html>
<!--
- | Generated by Apache Maven Doxia at Apr 29, 2013
+ | Generated by Apache Maven Doxia at 2013-12-04
| Rendered using Apache Maven Fluido Skin 1.3.0
-->
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
- <meta name="Date-Revision-yyyymmdd" content="20130429" />
+ <meta name="Date-Revision-yyyymmdd" content="20131204" />
<meta http-equiv="Content-Language" content="en" />
<title>Apache Redback - Development</title>
<link rel="stylesheet" href="../css/apache-maven-fluido-1.3.0.min.css" />
@@ -166,7 +166,7 @@
<div id="banner">
<div class="pull-left">
<a href="../../redback" id="bannerLeft">
- <h2>Redback</h2>
+ <img src="../images/redback.jpg" alt="Redback"/>
</a>
</div>
<div class="pull-right"> <a href="http://www.apache.org/" id="bannerRight">
@@ -180,8 +180,8 @@
<ul class="breadcrumb">
- <li id="publishDate">Last Published: 2013-04-29</li>
- <li class="divider">|</li> <li id="projectVersion">Version: 2.1-SNAPSHOT</li>
+ <li id="publishDate">Last Published: 2013-12-04</li>
+ <li class="divider">|</li> <li id="projectVersion">Version: 2.2-SNAPSHOT</li>
<li class="divider">|</li> <li class="">
<a href="http://www.apache.org/" class="externalLink" title="Apache">
Apache</a>
@@ -204,7 +204,52 @@
<div id="bodyColumn" >
- <!-- Licensed to the Apache Software Foundation (ASF) under one --><!-- or more contributor license agreements. See the NOTICE file --><!-- distributed with this work for additional information --><!-- regarding copyright ownership. The ASF licenses this file --><!-- to you under the Apache License, Version 2.0 (the --><!-- "License"); you may not use this file except in compliance --><!-- with the License. You may obtain a copy of the License at --><!-- --><!-- http://www.apache.org/licenses/LICENSE-2.0 --><!-- --><!-- Unless required by applicable law or agreed to in writing, --><!-- software distributed under the License is distributed on an --><!-- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY --><!-- KIND, either express or implied. See the License for the --><!-- specific language governing permissions and limitations --><!-- under the License. --><!-- NOTE: For help with the syntax of this file, see: --><!-- http://maven.apache.org/guides/mini/guide
-apt-format.html --><div class="section"><h2>Extending Redback Authentication<a name="Extending_Redback_Authentication"></a></h2><p>In order to accomodate the many authentication security services used in various applications, it is possible to to implement pluggable authentication providers in the Redback security system.</p><div class="section"><h3>Requirements<a name="Requirements"></a></h3><ul><li><tt>redback-authentication-api</tt> must be implemented<ul><li>create an authentication implementation project under <tt>redback-authentication-providers</tt></li><li><tt>org.apache.archiva.redback.authentication.Authenticator</tt> must be implemented</li></ul></li><li><tt>redback-users-api</tt> must be implemented<ul><li>create a user provider implementation project under <tt>redback-users-providers</tt></li><li><tt>org.apache.archiva.redback.users.User</tt> must be implemented</li><li><tt>org.apache.archiva.redback.users.UserManager</tt> must be implemented</li></ul></li><li>utility
and wrapper classes can be implemented under <tt>redback-common</tt><ul><li>e.g. <tt>$redback/redback-common/redback-common-ldap</tt> contains the utility class <tt>org.apache.archiva.redback.common.ldap.LdapUtils</tt>, and the wrapper class <tt>org.apache.archiva.redback.common.ldap.user.LdapUser</tt></li><li>other essential classes may be placed here as well, such as the <tt>org.apache.archiva.redback.common.ldap.connection.LdapConnectionFactory</tt></li></ul></li></ul></div><div class="section"><h3>Examples<a name="Examples"></a></h3><div class="section"><h4>Implementing OpenId (<a class="externalLink" href="http://wiki.openid.net/">OpenId Homepage</a>)<a name="Implementing_OpenId_OpenId_Homepage"></a></h4><p>While OpenId may be directly integrated to the authentication point of the web application, another option is to implement the redback api.</p><p>Here is something to get started:</p><ul><li>create the provider project <tt>redback-authentication-openid</tt><ul><li>create the
authenticator class, something like <tt>OpenIdAuthenticator</tt> that implements <tt>org.apache.archiva.redback.authentication.Authenticator</tt></li></ul></li><li>create the provider project <tt>redback-users-openid</tt><ul><li>implement <tt>org.apache.archiva.redback.users.User</tt>, something like <tt>OpenIdUser</tt><ul><li>OpenId supports only the principal/username and password fields, so use dummy/default values for the unsupported fields (email, fullname) in this case.</li></ul></li><li>implement <tt>org.apache.archiva.redback.users.UserManager</tt>, something like <tt>OpenIdUserManager</tt><ul><li>OpenId is a read-only authentication service, <tt>createUser()</tt>, <tt>updateUser()</tt>, <tt>deleteUser()</tt> may not be used</li></ul></li><li>various utility classes may be implemented in <tt>redback-common-openid</tt><ul><li><tt>OpenIdConfiguration</tt> may be used to encapsulate the following configuration properties (properties that may be specified in the <tt>security.pr
operties</tt> file):<ul><li><tt>openid.config.provider.url</tt>, where this is a url to one openid provider (support to many providers may come later, specified or via discovery, depending on the organization's security policy)</li></ul></li><li><tt>OpenIdUtils</tt> class, may be implemented to normalize the User-Supplied Identifier to an Identifier that the OpenId Provider understands, e.g. redback username ('<tt>johndoe</tt>') to OpenId url-like identifier ('<tt>http://johndoe.openidprovider.com</tt>')</li><li><tt>OpenIdAuthenticationException</tt> that implements <tt>org.apache.archiva.redback.authentication.AuthenticationException</tt></li><li><tt>OpenIdProviderFactory</tt> that takes the configuration from <tt>OpenIdConfiguration</tt></li><li><tt>OpenIdProvider</tt> is where the <tt>OpenIdUserManager</tt> can verify a user</li></ul></li></ul></li></ul></div></div></div>
+ <!-- Licensed to the Apache Software Foundation (ASF) under one --><!-- or more contributor license agreements. See the NOTICE file --><!-- distributed with this work for additional information --><!-- regarding copyright ownership. The ASF licenses this file --><!-- to you under the Apache License, Version 2.0 (the --><!-- "License"); you may not use this file except in compliance --><!-- with the License. You may obtain a copy of the License at --><!-- --><!-- http://www.apache.org/licenses/LICENSE-2.0 --><!-- --><!-- Unless required by applicable law or agreed to in writing, --><!-- software distributed under the License is distributed on an --><!-- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY --><!-- KIND, either express or implied. See the License for the --><!-- specific language governing permissions and limitations --><!-- under the License. --><!-- NOTE: For help with the syntax of this file, see: --><!-- http://maven.apache.org/guides/mini/guide
-apt-format.html --><div class="section">
+<h2>Extending Redback Authentication<a name="Extending_Redback_Authentication"></a></h2>
+<p>In order to accomodate the many authentication security services used in various applications, it is possible to to implement pluggable authentication providers in the Redback security system.</p>
+<div class="section">
+<h3>Requirements<a name="Requirements"></a></h3>
+<ul>
+<li><tt>redback-authentication-api</tt> must be implemented
+<ul>
+<li>create an authentication implementation project under <tt>redback-authentication-providers</tt></li>
+<li><tt>org.apache.archiva.redback.authentication.Authenticator</tt> must be implemented</li></ul></li>
+<li><tt>redback-users-api</tt> must be implemented
+<ul>
+<li>create a user provider implementation project under <tt>redback-users-providers</tt></li>
+<li><tt>org.apache.archiva.redback.users.User</tt> must be implemented</li>
+<li><tt>org.apache.archiva.redback.users.UserManager</tt> must be implemented</li></ul></li>
+<li>utility and wrapper classes can be implemented under <tt>redback-common</tt>
+<ul>
+<li>e.g. <tt>$redback/redback-common/redback-common-ldap</tt> contains the utility class <tt>org.apache.archiva.redback.common.ldap.LdapUtils</tt>, and the wrapper class <tt>org.apache.archiva.redback.common.ldap.user.LdapUser</tt></li>
+<li>other essential classes may be placed here as well, such as the <tt>org.apache.archiva.redback.common.ldap.connection.LdapConnectionFactory</tt></li></ul></li></ul></div>
+<div class="section">
+<h3>Examples<a name="Examples"></a></h3>
+<div class="section">
+<h4>Implementing OpenId (<a class="externalLink" href="http://wiki.openid.net/">OpenId Homepage</a>)<a name="Implementing_OpenId_OpenId_Homepage"></a></h4>
+<p>While OpenId may be directly integrated to the authentication point of the web application, another option is to implement the redback api.</p>
+<p>Here is something to get started:</p>
+<ul>
+<li>create the provider project <tt>redback-authentication-openid</tt>
+<ul>
+<li>create the authenticator class, something like <tt>OpenIdAuthenticator</tt> that implements <tt>org.apache.archiva.redback.authentication.Authenticator</tt></li></ul></li>
+<li>create the provider project <tt>redback-users-openid</tt>
+<ul>
+<li>implement <tt>org.apache.archiva.redback.users.User</tt>, something like <tt>OpenIdUser</tt>
+<ul>
+<li>OpenId supports only the principal/username and password fields, so use dummy/default values for the unsupported fields (email, fullname) in this case.</li></ul></li>
+<li>implement <tt>org.apache.archiva.redback.users.UserManager</tt>, something like <tt>OpenIdUserManager</tt>
+<ul>
+<li>OpenId is a read-only authentication service, <tt>createUser()</tt>, <tt>updateUser()</tt>, <tt>deleteUser()</tt> may not be used</li></ul></li>
+<li>various utility classes may be implemented in <tt>redback-common-openid</tt>
+<ul>
+<li><tt>OpenIdConfiguration</tt> may be used to encapsulate the following configuration properties (properties that may be specified in the <tt>security.properties</tt> file):
+<ul>
+<li><tt>openid.config.provider.url</tt>, where this is a url to one openid provider (support to many providers may come later, specified or via discovery, depending on the organization's security policy)</li></ul></li>
+<li><tt>OpenIdUtils</tt> class, may be implemented to normalize the User-Supplied Identifier to an Identifier that the OpenId Provider understands, e.g. redback username ('<tt>johndoe</tt>') to OpenId url-like identifier ('<tt>http://johndoe.openidprovider.com</tt>')</li>
+<li><tt>OpenIdAuthenticationException</tt> that implements <tt>org.apache.archiva.redback.authentication.AuthenticationException</tt></li>
+<li><tt>OpenIdProviderFactory</tt> that takes the configuration from <tt>OpenIdConfiguration</tt></li>
+<li><tt>OpenIdProvider</tt> is where the <tt>OpenIdUserManager</tt> can verify a user</li></ul></li></ul></li></ul></div></div></div>
</div>
</div>
Modified: archiva/site-content/redback/errors/404.html
URL: http://svn.apache.org/viewvc/archiva/site-content/redback/errors/404.html?rev=1547715&r1=1547714&r2=1547715&view=diff
==============================================================================
--- archiva/site-content/redback/errors/404.html (original)
+++ archiva/site-content/redback/errors/404.html Wed Dec 4 05:47:05 2013
@@ -1,13 +1,13 @@
<!DOCTYPE html>
<!--
- | Generated by Apache Maven Doxia at Apr 29, 2013
+ | Generated by Apache Maven Doxia at 2013-12-04
| Rendered using Apache Maven Fluido Skin 1.3.0
-->
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
- <meta name="Date-Revision-yyyymmdd" content="20130429" />
+ <meta name="Date-Revision-yyyymmdd" content="20131204" />
<meta http-equiv="Content-Language" content="en" />
<title>Apache Redback - Page Not found</title>
<link rel="stylesheet" href="../css/apache-maven-fluido-1.3.0.min.css" />
@@ -166,7 +166,7 @@
<div id="banner">
<div class="pull-left">
<a href="../../redback" id="bannerLeft">
- <h2>Redback</h2>
+ <img src="../images/redback.jpg" alt="Redback"/>
</a>
</div>
<div class="pull-right"> <a href="http://www.apache.org/" id="bannerRight">
@@ -180,8 +180,8 @@
<ul class="breadcrumb">
- <li id="publishDate">Last Published: 2013-04-29</li>
- <li class="divider">|</li> <li id="projectVersion">Version: 2.1-SNAPSHOT</li>
+ <li id="publishDate">Last Published: 2013-12-04</li>
+ <li class="divider">|</li> <li id="projectVersion">Version: 2.2-SNAPSHOT</li>
<li class="divider">|</li> <li class="">
<a href="http://www.apache.org/" class="externalLink" title="Apache">
Apache</a>
@@ -204,7 +204,14 @@
<div id="bodyColumn" >
- <!-- Licensed to the Apache Software Foundation (ASF) under one --><!-- or more contributor license agreements. See the NOTICE file --><!-- distributed with this work for additional information --><!-- regarding copyright ownership. The ASF licenses this file --><!-- to you under the Apache License, Version 2.0 (the --><!-- "License"); you may not use this file except in compliance --><!-- with the License. You may obtain a copy of the License at --><!-- --><!-- http://www.apache.org/licenses/LICENSE-2.0 --><!-- --><!-- Unless required by applicable law or agreed to in writing, --><!-- software distributed under the License is distributed on an --><!-- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY --><!-- KIND, either express or implied. See the License for the --><!-- specific language governing permissions and limitations --><!-- under the License. --><!-- NOTE: For help with the syntax of this file, see: --><!-- http://maven.apache.org/guides/mini/guide
-apt-format.html --><div class="section"><h2>Page Not Found<a name="Page_Not_Found"></a></h2><p>We're sorry, but the page you requested cannot be found. This may be because:</p><ul><li>The page has moved, was outdated, or has not been created yet</li><li>You typed the address incorrectly</li><li>You followed a link from another site that pointed to this page</li></ul><p>If you came to this page by following a broken link on our site, you can report the <a class="externalLink" href="http://jira.codehaus.org/browse/MRM"> problem</a>.</p></div>
+ <!-- Licensed to the Apache Software Foundation (ASF) under one --><!-- or more contributor license agreements. See the NOTICE file --><!-- distributed with this work for additional information --><!-- regarding copyright ownership. The ASF licenses this file --><!-- to you under the Apache License, Version 2.0 (the --><!-- "License"); you may not use this file except in compliance --><!-- with the License. You may obtain a copy of the License at --><!-- --><!-- http://www.apache.org/licenses/LICENSE-2.0 --><!-- --><!-- Unless required by applicable law or agreed to in writing, --><!-- software distributed under the License is distributed on an --><!-- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY --><!-- KIND, either express or implied. See the License for the --><!-- specific language governing permissions and limitations --><!-- under the License. --><!-- NOTE: For help with the syntax of this file, see: --><!-- http://maven.apache.org/guides/mini/guide
-apt-format.html --><div class="section">
+<h2>Page Not Found<a name="Page_Not_Found"></a></h2>
+<p>We're sorry, but the page you requested cannot be found. This may be because:</p>
+<ul>
+<li>The page has moved, was outdated, or has not been created yet</li>
+<li>You typed the address incorrectly</li>
+<li>You followed a link from another site that pointed to this page</li></ul>
+<p>If you came to this page by following a broken link on our site, you can report the <a class="externalLink" href="http://jira.codehaus.org/browse/MRM"> problem</a>.</p></div>
</div>
</div>
Added: archiva/site-content/redback/images/redback.jpg
URL: http://svn.apache.org/viewvc/archiva/site-content/redback/images/redback.jpg?rev=1547715&view=auto
==============================================================================
Binary file - no diff available.
Propchange: archiva/site-content/redback/images/redback.jpg
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Modified: archiva/site-content/redback/index.html
URL: http://svn.apache.org/viewvc/archiva/site-content/redback/index.html?rev=1547715&r1=1547714&r2=1547715&view=diff
==============================================================================
--- archiva/site-content/redback/index.html (original)
+++ archiva/site-content/redback/index.html Wed Dec 4 05:47:05 2013
@@ -1,6 +1,6 @@
<!DOCTYPE html>
<!--
- | Generated by Apache Maven Doxia at Apr 29, 2013
+ | Generated by Apache Maven Doxia at 2013-12-04
| Rendered using Apache Maven Fluido Skin 1.3.0
-->
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
@@ -8,7 +8,7 @@
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<meta name="Date-Creation-yyyymmdd" content="20121123" />
- <meta name="Date-Revision-yyyymmdd" content="20130429" />
+ <meta name="Date-Revision-yyyymmdd" content="20131204" />
<meta http-equiv="Content-Language" content="en" />
<title>Apache Redback - Introduction</title>
<link rel="stylesheet" href="./css/apache-maven-fluido-1.3.0.min.css" />
@@ -167,7 +167,7 @@
<div id="banner">
<div class="pull-left">
<a href="../redback" id="bannerLeft">
- <h2>Redback</h2>
+ <img src="images/redback.jpg" alt="Redback"/>
</a>
</div>
<div class="pull-right"> <a href="http://www.apache.org/" id="bannerRight">
@@ -181,8 +181,8 @@
<ul class="breadcrumb">
- <li id="publishDate">Last Published: 2013-04-29</li>
- <li class="divider">|</li> <li id="projectVersion">Version: 2.1-SNAPSHOT</li>
+ <li id="publishDate">Last Published: 2013-12-04</li>
+ <li class="divider">|</li> <li id="projectVersion">Version: 2.2-SNAPSHOT</li>
<li class="divider">|</li> <li class="">
<a href="http://www.apache.org/" class="externalLink" title="Apache">
Apache</a>
@@ -205,7 +205,11 @@
<div id="bodyColumn" >
- <!-- Licensed to the Apache Software Foundation (ASF) under one --><!-- or more contributor license agreements. See the NOTICE file --><!-- distributed with this work for additional information --><!-- regarding copyright ownership. The ASF licenses this file --><!-- to you under the Apache License, Version 2.0 (the --><!-- "License"); you may not use this file except in compliance --><!-- with the License. You may obtain a copy of the License at --><!-- --><!-- http://www.apache.org/licenses/LICENSE-2.0 --><!-- --><!-- Unless required by applicable law or agreed to in writing, --><!-- software distributed under the License is distributed on an --><!-- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY --><!-- KIND, either express or implied. See the License for the --><!-- specific language governing permissions and limitations --><!-- under the License. --><!-- NOTE: For help with the syntax of this file, see: --><!-- http://maven.apache.org/guides/mini/guide
-apt-format.html --><div class="section"><h2>Introduction<a name="Introduction"></a></h2><p>Apache Redback started as an attempt to clean away some of the more annoying security related components of web applications and centralize them into a simple to use framework. Some of the basic beliefs we started with where that authentication, authorization and user management were all basically seperate concerns, sure there are points where they rub up against each other but those are pretty clear points and not worth mashing up whole discrete concepts together.</p><p>Redback supports a number of authentication mechanisms, and a couple of authorization schemes including an implementation of role based access control. Redback has been built on top of the plexus container so it is simple to have the core security system object into your code for making authentication, authorization or user management tasks through its api.</p><p>Apache Redback is currently being used for providing a consiste
nt security related user experience to Apache Continuum and Archiva.</p></div>
+ <!-- Licensed to the Apache Software Foundation (ASF) under one --><!-- or more contributor license agreements. See the NOTICE file --><!-- distributed with this work for additional information --><!-- regarding copyright ownership. The ASF licenses this file --><!-- to you under the Apache License, Version 2.0 (the --><!-- "License"); you may not use this file except in compliance --><!-- with the License. You may obtain a copy of the License at --><!-- --><!-- http://www.apache.org/licenses/LICENSE-2.0 --><!-- --><!-- Unless required by applicable law or agreed to in writing, --><!-- software distributed under the License is distributed on an --><!-- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY --><!-- KIND, either express or implied. See the License for the --><!-- specific language governing permissions and limitations --><!-- under the License. --><!-- NOTE: For help with the syntax of this file, see: --><!-- http://maven.apache.org/guides/mini/guide
-apt-format.html --><div class="section">
+<h2>Introduction<a name="Introduction"></a></h2>
+<p>Apache Redback started as an attempt to clean away some of the more annoying security related components of web applications and centralize them into a simple to use framework. Some of the basic beliefs we started with where that authentication, authorization and user management were all basically seperate concerns, sure there are points where they rub up against each other but those are pretty clear points and not worth mashing up whole discrete concepts together.</p>
+<p>Redback supports a number of authentication mechanisms, and a couple of authorization schemes including an implementation of role based access control. Redback has been built on top of the plexus container so it is simple to have the core security system object into your code for making authentication, authorization or user management tasks through its api.</p>
+<p>Apache Redback is currently being used for providing a consistent security related user experience to Apache Continuum and Archiva.</p></div>
</div>
</div>
Modified: archiva/site-content/redback/integration.html
URL: http://svn.apache.org/viewvc/archiva/site-content/redback/integration.html?rev=1547715&r1=1547714&r2=1547715&view=diff
==============================================================================
--- archiva/site-content/redback/integration.html (original)
+++ archiva/site-content/redback/integration.html Wed Dec 4 05:47:05 2013
@@ -1,13 +1,13 @@
<!DOCTYPE html>
<!--
- | Generated by Apache Maven Doxia at Apr 29, 2013
+ | Generated by Apache Maven Doxia at 2013-12-04
| Rendered using Apache Maven Fluido Skin 1.3.0
-->
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
- <meta name="Date-Revision-yyyymmdd" content="20130429" />
+ <meta name="Date-Revision-yyyymmdd" content="20131204" />
<meta http-equiv="Content-Language" content="en" />
<title>Apache Redback - Continuous Integration</title>
<link rel="stylesheet" href="./css/apache-maven-fluido-1.3.0.min.css" />
@@ -166,7 +166,7 @@
<div id="banner">
<div class="pull-left">
<a href="../redback" id="bannerLeft">
- <h2>Redback</h2>
+ <img src="images/redback.jpg" alt="Redback"/>
</a>
</div>
<div class="pull-right"> <a href="http://www.apache.org/" id="bannerRight">
@@ -180,8 +180,8 @@
<ul class="breadcrumb">
- <li id="publishDate">Last Published: 2013-04-29</li>
- <li class="divider">|</li> <li id="projectVersion">Version: 2.1-SNAPSHOT</li>
+ <li id="publishDate">Last Published: 2013-12-04</li>
+ <li class="divider">|</li> <li id="projectVersion">Version: 2.2-SNAPSHOT</li>
<li class="divider">|</li> <li class="">
<a href="http://www.apache.org/" class="externalLink" title="Apache">
Apache</a>
@@ -204,7 +204,17 @@
<div id="bodyColumn" >
- <div class="section"><h2>Overview<a name="Overview"></a></h2><a name="Overview"></a><p>This project uses <a class="externalLink" href="http://jenkins-ci.org/">Jenkins</a>.</p></div><div class="section"><h2>Access<a name="Access"></a></h2><a name="Access"></a><p>The following is a link to the continuous integration system used by the project.</p><div class="source"><pre class="prettyprint"><a class="externalLink" href="https://builds.apache.org/view/A-F/view/Archiva/">https://builds.apache.org/view/A-F/view/Archiva/</a></pre></div></div><div class="section"><h2>Notifiers<a name="Notifiers"></a></h2><a name="Notifiers"></a><p>No notifiers are defined. Please check back at a later date.</p></div>
+ <div class="section">
+<h2>Overview<a name="Overview"></a></h2><a name="Overview"></a>
+<p>This project uses <a class="externalLink" href="http://jenkins-ci.org/">Jenkins</a>.</p></div>
+<div class="section">
+<h2>Access<a name="Access"></a></h2><a name="Access"></a>
+<p>The following is a link to the continuous integration system used by the project.</p>
+<div class="source">
+<pre><a class="externalLink" href="https://builds.apache.org/view/A-F/view/Archiva/">https://builds.apache.org/view/A-F/view/Archiva/</a></pre></div></div>
+<div class="section">
+<h2>Notifiers<a name="Notifiers"></a></h2><a name="Notifiers"></a>
+<p>No notifiers are defined. Please check back at a later date.</p></div>
</div>
</div>
Modified: archiva/site-content/redback/integration/ldap.html
URL: http://svn.apache.org/viewvc/archiva/site-content/redback/integration/ldap.html?rev=1547715&r1=1547714&r2=1547715&view=diff
==============================================================================
--- archiva/site-content/redback/integration/ldap.html (original)
+++ archiva/site-content/redback/integration/ldap.html Wed Dec 4 05:47:05 2013
@@ -1,6 +1,6 @@
<!DOCTYPE html>
<!--
- | Generated by Apache Maven Doxia at Apr 29, 2013
+ | Generated by Apache Maven Doxia at 2013-12-04
| Rendered using Apache Maven Fluido Skin 1.3.0
-->
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
@@ -8,7 +8,7 @@
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<meta name="Date-Creation-yyyymmdd" content="20121123" />
- <meta name="Date-Revision-yyyymmdd" content="20130429" />
+ <meta name="Date-Revision-yyyymmdd" content="20131204" />
<meta http-equiv="Content-Language" content="en" />
<title>Apache Redback - Ldap Integration</title>
<link rel="stylesheet" href="../css/apache-maven-fluido-1.3.0.min.css" />
@@ -167,7 +167,7 @@
<div id="banner">
<div class="pull-left">
<a href="../../redback" id="bannerLeft">
- <h2>Redback</h2>
+ <img src="../images/redback.jpg" alt="Redback"/>
</a>
</div>
<div class="pull-right"> <a href="http://www.apache.org/" id="bannerRight">
@@ -181,8 +181,8 @@
<ul class="breadcrumb">
- <li id="publishDate">Last Published: 2013-04-29</li>
- <li class="divider">|</li> <li id="projectVersion">Version: 2.1-SNAPSHOT</li>
+ <li id="publishDate">Last Published: 2013-12-04</li>
+ <li class="divider">|</li> <li id="projectVersion">Version: 2.2-SNAPSHOT</li>
<li class="divider">|</li> <li class="">
<a href="http://www.apache.org/" class="externalLink" title="Apache">
Apache</a>
@@ -205,11 +205,39 @@
<div id="bodyColumn" >
- <!-- Licensed to the Apache Software Foundation (ASF) under one --><!-- or more contributor license agreements. See the NOTICE file --><!-- distributed with this work for additional information --><!-- regarding copyright ownership. The ASF licenses this file --><!-- to you under the Apache License, Version 2.0 (the --><!-- "License"); you may not use this file except in compliance --><!-- with the License. You may obtain a copy of the License at --><!-- --><!-- http://www.apache.org/licenses/LICENSE-2.0 --><!-- --><!-- Unless required by applicable law or agreed to in writing, --><!-- software distributed under the License is distributed on an --><!-- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY --><!-- KIND, either express or implied. See the License for the --><!-- specific language governing permissions and limitations --><!-- under the License. --><!-- NOTE: For help with the syntax of this file, see: --><!-- http://maven.apache.org/guides/mini/guide
-apt-format.html --><div class="section"><h2>Redback Ldap Integration<a name="Redback_Ldap_Integration"></a></h2><p>Redback has limited support for ldap has been added as an authentication source. Limited support for ldap means:</p><ul><li>Read-Only User Management</li><li>xml and properties based configuration</li><li>tested against open ldap on linux and <a class="externalLink" href="http://directory.apache.org">apacheds</a> 1.5.0/2.0.0 and <a class="externalLink" href="http://opendj.forgerock.org">OpenDj</a></li></ul><div class="section"><h3>Setting up Ldap<a name="Setting_up_Ldap"></a></h3><p>Configuration for ldap is actually a relatively simple procedure, a few components definitions need to be declared in an appropriate application.xml and then some configuration options must be set in the security.properties file.</p><div class="section"><h4>The applicationContext.xml Additions<a name="The_applicationContext.xml_Additions"></a></h4><p>These components should be defined in th
e applicable spring configuration files</p><div class="section"><h5>ldap connection factory <a name="ldap_connection_factory"></a></h5><div class="source"><pre class="prettyprint">
+ <!-- Licensed to the Apache Software Foundation (ASF) under one --><!-- or more contributor license agreements. See the NOTICE file --><!-- distributed with this work for additional information --><!-- regarding copyright ownership. The ASF licenses this file --><!-- to you under the Apache License, Version 2.0 (the --><!-- "License"); you may not use this file except in compliance --><!-- with the License. You may obtain a copy of the License at --><!-- --><!-- http://www.apache.org/licenses/LICENSE-2.0 --><!-- --><!-- Unless required by applicable law or agreed to in writing, --><!-- software distributed under the License is distributed on an --><!-- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY --><!-- KIND, either express or implied. See the License for the --><!-- specific language governing permissions and limitations --><!-- under the License. --><!-- NOTE: For help with the syntax of this file, see: --><!-- http://maven.apache.org/guides/mini/guide
-apt-format.html --><div class="section">
+<h2>Redback Ldap Integration<a name="Redback_Ldap_Integration"></a></h2>
+<p>Redback has limited support for ldap has been added as an authentication source. Limited support for ldap means:</p>
+<ul>
+<li>Read-Only User Management</li>
+<li>xml and properties based configuration</li>
+<li>tested against open ldap on linux and <a class="externalLink" href="http://directory.apache.org">apacheds</a> 1.5.0/2.0.0 and <a class="externalLink" href="http://opendj.forgerock.org">OpenDj</a></li></ul>
+<div class="section">
+<h3>Setting up Ldap<a name="Setting_up_Ldap"></a></h3>
+<p>Configuration for ldap is actually a relatively simple procedure, a few components definitions need to be declared in an appropriate application.xml and then some configuration options must be set in the security.properties file.</p>
+<div class="section">
+<h4>The applicationContext.xml Additions<a name="The_applicationContext.xml_Additions"></a></h4>
+<p>These components should be defined in the applicable spring configuration files</p>
+<div class="section">
+<h5>ldap connection factory <a name="ldap_connection_factory"></a></h5>
+<div class="source">
+<pre>
<bean name="ldapConnectionFactory" class="org.apache.archiva.redback.common.ldap.connection.ConfigurableLdapConnectionFactory">
<property name="userConf" ref="userConfiguration"/>
</bean>
- </pre></div><p>In security.properties files</p><ul><li>ldap.config.hostname - The hostname of the ldap server</li><li>ldap.config.port - The port of the ldap server</li><li>ldap.config.base.dn - The baseDn of the ldap system</li><li>ldap.config.context.factory - context factory for ldap connections (com.sun.jndi.ldap.LdapCtxFactory)</li><li>ldap.config.password - password for the bindDn for the root ldap connection</li><li>ldap.config.bind.dn - the core user used for authentication the ldap server, must be able to perform the necessary searches, etc.</li></ul></div><div class="section"><h5>user mapper<a name="user_mapper"></a></h5><div class="source"><pre class="prettyprint">
+ </pre></div>
+<p>In security.properties files</p>
+<ul>
+<li>ldap.config.hostname - The hostname of the ldap server</li>
+<li>ldap.config.port - The port of the ldap server</li>
+<li>ldap.config.base.dn - The baseDn of the ldap system</li>
+<li>ldap.config.context.factory - context factory for ldap connections (com.sun.jndi.ldap.LdapCtxFactory)</li>
+<li>ldap.config.password - password for the bindDn for the root ldap connection</li>
+<li>ldap.config.bind.dn - the core user used for authentication the ldap server, must be able to perform the necessary searches, etc.</li></ul></div>
+<div class="section">
+<h5>user mapper<a name="user_mapper"></a></h5>
+<div class="source">
+<pre>
<bean name="ldapUserMapper" class="org.apache.archiva.redback.common.ldap.user.LdapUserMapper">
<property name="emailAttribute" value="email"/>
<property name="fullNameAttribute" value="givenName"/>
@@ -219,7 +247,20 @@
<property name="userObjectClass" value="inetOrgPerson"/>
<property name="userConf" ref="userConfiguration"/>
</bean>
- </pre></div><p>In security.properties</p><ul><li>ldap.config.mapper.attribute.email - The name of the attribute on a user that contains the email address</li><li>ldap.config.mapper.attribute.fullname - The name of the attribute on a user that contains the users fullName</li><li>ldap.config.mapper.attribute.password - The name of the attribute containing the users password, used for the authentiction using the user manager and not the ldap bind authenticator</li><li>ldap.config.mapper.attribute.user.id - The name of the attribute containing the users userId, most commonly cn or sn.</li><li>ldap.config.mapper.attribute.user.base.dn - The base dn that will be subtree searched for users.</li><li>ldap.config.mapper.attribute.user.object.class - the objectClass used in the ldap server for indentifying users, most commonly inetOrgPerson.</li><li>ldap.config.mapper.attribute.user.filter - the user filter is used to reduce the number of results during a LDAP request. It is optional.</li>
</ul></div><div class="section"><h5>security policy (for the password encoder) <a name="security_policy_for_the_password_encoder"></a></h5><div class="source"><pre class="prettyprint">
+ </pre></div>
+<p>In security.properties</p>
+<ul>
+<li>ldap.config.mapper.attribute.email - The name of the attribute on a user that contains the email address</li>
+<li>ldap.config.mapper.attribute.fullname - The name of the attribute on a user that contains the users fullName</li>
+<li>ldap.config.mapper.attribute.password - The name of the attribute containing the users password, used for the authentiction using the user manager and not the ldap bind authenticator</li>
+<li>ldap.config.mapper.attribute.user.id - The name of the attribute containing the users userId, most commonly cn or sn.</li>
+<li>ldap.config.mapper.attribute.user.base.dn - The base dn that will be subtree searched for users.</li>
+<li>ldap.config.mapper.attribute.user.object.class - the objectClass used in the ldap server for indentifying users, most commonly inetOrgPerson.</li>
+<li>ldap.config.mapper.attribute.user.filter - the user filter is used to reduce the number of results during a LDAP request. It is optional.</li></ul></div>
+<div class="section">
+<h5>security policy (for the password encoder) <a name="security_policy_for_the_password_encoder"></a></h5>
+<div class="source">
+<pre>
<bean name="userSecurityPolicy" class="org.apache.archiva.redback.policy.DefaultUserSecurityPolicy">
<property name="config" ref="userConfiguration"/>
<property name="passwordEncoder" ref="passwordEncoder#sha1"/>
@@ -238,13 +279,30 @@
</list>
</property>
</bean>
-</pre></div></div></div></div><div class="section"><h3>security.properties<a name="security.properties"></a></h3><p>These properties should be set as shown:</p><div class="source"><pre class="prettyprint">
+</pre></div></div></div></div>
+<div class="section">
+<h3>security.properties<a name="security.properties"></a></h3>
+<p>These properties should be set as shown:</p>
+<div class="source">
+<pre>
user.manager.impl=ldap
ldap.bind.authenticator.enabled=true
redback.default.admin=admin
redback.default.guest=guest
security.policy.password.expiration.enabled=false
-</pre></div><p>The user.manager.impl is the role hint that is used to determine which user manaher to use while running. The default is 'cached' and if this is desired to be used with ldap then you must include the component declartion below in the caching section for the cached UserManager that sets the underlying userImpl to ldap. </p><p>The ldap.bind.authenitcator.enabled boolean value will toggle the use of authenticator that will authenticate using the bind operation. There are two different mechanisms used to authenticate with ldap, either the bind authenticator which is a standard way to authentication, and then the user manager password validation approach. If this is desired then you must ensure that the security policy is configured to use the correct password encoding. Normally the bind authenticator is simply enabled since this bypasses concerns of password encoding.</p><p>It is also now possible to redefine the basic admin user and guest user names. Since its unlikely t
hat ldap oriented authentication systems will have a specific admin or guest user these can be redefined simply in the security.properties. Care must be taken that they exist in the ldap system since they are looked up. Guest users can be simple utilitie or application users.</p><p>The final setting of security.policy.password.expiration.enabled is a boolean that should be set to false for ldap based authentication. This is because redback will want to attempt to manage and enforce password expiration and that is no longer under the direction of redback but is an artifact of the ldap system in place. Setting this to false prevents issues from cropping up related to redback trying to obtain this type of information.</p></div><div class="section"><h3>Caching<a name="Caching"></a></h3><p>A cache named 'ldapUser' is used to reduce access to the LDAP server.</p><p>Pooled connection are enabled per default using the properties <a class="externalLink" href="http://docs.oracle.com/javase/jn
di/tutorial/ldap/connect/pool.html">ldap pooling</a>:</p><ul><li>com.sun.jndi.ldap.connect.pool = true</li><li>com.sun.jndi.ldap.connect.pool.timeout = 3600</li></ul><p>For advanced options see <a class="externalLink" href="http://docs.oracle.com/javase/jndi/tutorial/ldap/connect/config.html">advanced configuration</a>.</p></div></div>
+</pre></div>
+<p>The user.manager.impl is the role hint that is used to determine which user manaher to use while running. The default is 'cached' and if this is desired to be used with ldap then you must include the component declartion below in the caching section for the cached UserManager that sets the underlying userImpl to ldap. </p>
+<p>The ldap.bind.authenitcator.enabled boolean value will toggle the use of authenticator that will authenticate using the bind operation. There are two different mechanisms used to authenticate with ldap, either the bind authenticator which is a standard way to authentication, and then the user manager password validation approach. If this is desired then you must ensure that the security policy is configured to use the correct password encoding. Normally the bind authenticator is simply enabled since this bypasses concerns of password encoding.</p>
+<p>It is also now possible to redefine the basic admin user and guest user names. Since its unlikely that ldap oriented authentication systems will have a specific admin or guest user these can be redefined simply in the security.properties. Care must be taken that they exist in the ldap system since they are looked up. Guest users can be simple utilitie or application users.</p>
+<p>The final setting of security.policy.password.expiration.enabled is a boolean that should be set to false for ldap based authentication. This is because redback will want to attempt to manage and enforce password expiration and that is no longer under the direction of redback but is an artifact of the ldap system in place. Setting this to false prevents issues from cropping up related to redback trying to obtain this type of information.</p></div>
+<div class="section">
+<h3>Caching<a name="Caching"></a></h3>
+<p>A cache named 'ldapUser' is used to reduce access to the LDAP server.</p>
+<p>Pooled connection are enabled per default using the properties <a class="externalLink" href="http://docs.oracle.com/javase/jndi/tutorial/ldap/connect/pool.html">ldap pooling</a>:</p>
+<ul>
+<li>com.sun.jndi.ldap.connect.pool = true</li>
+<li>com.sun.jndi.ldap.connect.pool.timeout = 3600</li></ul>
+<p>For advanced options see <a class="externalLink" href="http://docs.oracle.com/javase/jndi/tutorial/ldap/connect/config.html">advanced configuration</a>.</p></div></div>
</div>
</div>