Adding some information about redback configuration settings

2017-03-18 18:33:14 +01:00 · 2017-03-18 18:33:14 +01:00 · 2cf09a7f51
parent f177ba8b7e
commit 2cf09a7f51
1 changed files with 19 additions and 0 deletions
--- a/archiva-docs/src/site/apt/adminguide/customising-security.apt
+++ b/archiva-docs/src/site/apt/adminguide/customising-security.apt
@ -48,6 +48,7 @@ Archiva Security Configuration

 +-----+
 # Security Policies
+# -----------------
 #security.policy.password.encoder=
 security.policy.password.previous.count=6
 security.policy.password.expiration.days=90
@ -55,6 +56,7 @@ security.policy.password.expiration.enabled=true
 security.policy.allowed.login.attempt=3

 # Password Rules
+# --------------
 security.policy.password.rule.alphanumeric.enabled=false
 security.policy.password.rule.alphacount.enabled=true
 security.policy.password.rule.alphacount.minimum=1
@ -66,6 +68,23 @@ security.policy.password.rule.numericalcount.enabled=true
 security.policy.password.rule.numericalcount.minimum=1
 security.policy.password.rule.reuse.enabled=true
 security.policy.password.rule.nowhitespace.enabled=true
+
+# Cross Site Request Forgery (CSRF) Prevention
+# --------------------------------------------
+# Enable/Disable CSRF filtering.
+# Possible values: true, false
+rest.csrffilter.enabled=true
+# Base URL used to verify the origin headers of the requests. If not set or empty
+# it tries to determine the base url automatically
+rest.baseUrl=
+# What to do, if the request contains no Origin or Referer header.
+# If true, requests without Origin or Referer Header are denied, otherwise accepted.
+# Possible values: true, false
+rest.csrffilter.absentorigin.deny=true
+# Enable/Disable the token validation only.
+# If true, the validation of the CSRF tokens will be disabled.
+# Possible values: true, false
+rest.csrffilter.disableTokenValidation=false
 +-----+
 
  <<Note:>> If installed standalone, Archiva's list of configuration files is <itself> configurable, and