Archiva ignoring Security.properties

问题

Seems like archiva 2.2 is completely ignoring Security properties
I am following this document: I have set up the security.properties file under

D:\Apache\Archiva-2.2.0\conf

When I am setting a new password for a user in Archiva UI I am still getting:

     You must provide a password containing at least 1 numeric character(s).   

security.properties content:

# Security Policies
#security.policy.password.encoder=
security.policy.password.previous.count=9999
security.policy.password.expiration.days=99999
security.policy.password.expiration.enabled=false
security.policy.allowed.login.attempt=3

# Password Rules
security.policy.password.rule.alphanumeric.enabled=false
security.policy.password.rule.alphacount.enabled=false
security.policy.password.rule.alphacount.minimum=0
security.policy.password.rule.characterlength.enabled=true
security.policy.password.rule.characterlength.minimum=3
security.policy.password.rule.characterlength.maximum=0
security.policy.password.rule.musthave.enabled=false
security.policy.password.rule.numericalcount.enabled=false
security.policy.password.rule.numericalcount.minimum=0
security.policy.password.rule.reuse.enabled=false
security.policy.password.rule.nowhitespace.enabled=true

回答1:

Stop her running and make a backup of your conf/archiva.xml file.

example:

service archiva stop
cp archiva.xml archiva.xml.orig

Edit the config values you want to modify within the main XML configuration file: conf/archiva.xml

Changing the numeric character count:

<numericalcount>
    <minimum>0</minimum>
    <enabled>false</enabled>
</numericalcount>

Changing the password expiration limit:

<expiration>
    <enabled>false</enabled>
    <days>999999</days>
</expiration>

These values should already be in your config file (they were in mine). Perhaps they were copied there after my unsuccessful attempts to configure them through the web UI.

Additionally, prevent any user caching behaviour while you're making changes:

<useUsersCache>false</useUsersCache>

Start her up again:

service archiva start

回答2:

I found a workaround...

• stop Archiva
• Open the Archiva DB using squirrel sql
• Go to SA/JDOUSER table
• Column LAST_PASSWORD_CHANGE
• Right click to make editable
• Modify the value to 10 years from now...
• Restart Archiva
• Get your 10 years of quiet....

来源：https://stackoverflow.com/questions/32790729/archiva-ignoring-security-properties