4

Seems like archiva 2.2 is completely ignoring Security properties
I am following this document: I have set up the security.properties file under 

D:\Apache\Archiva-2.2.0\conf

When I am setting a new password for a user in Archiva UI I am still getting:

     You must provide a password containing at least 1 numeric character(s).

security.properties content:

# Security Policies
#security.policy.password.encoder=
security.policy.password.previous.count=9999
security.policy.password.expiration.days=99999
security.policy.password.expiration.enabled=false
security.policy.allowed.login.attempt=3

# Password Rules
security.policy.password.rule.alphanumeric.enabled=false
security.policy.password.rule.alphacount.enabled=false
security.policy.password.rule.alphacount.minimum=0
security.policy.password.rule.characterlength.enabled=true
security.policy.password.rule.characterlength.minimum=3
security.policy.password.rule.characterlength.maximum=0
security.policy.password.rule.musthave.enabled=false
security.policy.password.rule.numericalcount.enabled=false
security.policy.password.rule.numericalcount.minimum=0
security.policy.password.rule.reuse.enabled=false
security.policy.password.rule.nowhitespace.enabled=true
JavaSheriff
  • 7,074
  • 20
  • 89
  • 159

2 Answers2

6

Stop her running and make a backup of your conf/archiva.xml file.

example:

service archiva stop
cp archiva.xml archiva.xml.orig

Edit the config values you want to modify within the main XML configuration file: conf/archiva.xml

Changing the numeric character count:

<numericalcount>
    <minimum>0</minimum>
    <enabled>false</enabled>
</numericalcount>

Changing the password expiration limit:

<expiration>
    <enabled>false</enabled>
    <days>999999</days>
</expiration>

These values should already be in your config file (they were in mine). Perhaps they were copied there after my unsuccessful attempts to configure them through the web UI.

Additionally, prevent any user caching behaviour while you're making changes:

<useUsersCache>false</useUsersCache>

Start her up again:

service archiva start
Amani Kilumanga
  • 324
  • 10
  • 23
fr1550n
  • 1,055
  • 12
  • 23
  • 1
    still ignoring it. – JavaSheriff Nov 09 '16 at 19:53
  • 1
    I'm still stuck on this issue because I have no idea how to format this configuration file. I would like to try your fix and change the password information in archiva.xml, but my archiva.xml is empty, so I'm not sure how I would format the password section. I tried to find a reference elsewhere online, and I am struggling to do so. The documentation links to a reference on this page: http://archiva.apache.org/ref/2.0.1/archiva-base/archiva-configuration/configuration.html, but the page that it links to doesn't appear to have any reference info. Does anyone have a working link to a reference? – Brandon S. Dec 02 '16 at 16:55
  • 1
    @BrandonS. the raw archiva.xml usually has a lot of blank space at the top of the file. Did you try scrolling down a bit? – Amani Kilumanga Feb 27 '17 at 07:40
2

I found a workaround...

  • stop Archiva
  • Open the Archiva DB using squirrel sql
  • Go to SA/JDOUSER table
  • Column LAST_PASSWORD_CHANGE
  • Right click to make editable
  • Modify the value to 10 years from now...
  • Restart Archiva
  • Get your 10 years of quiet....
JavaSheriff
  • 7,074
  • 20
  • 89
  • 159