Hi all;
after having our jenkins server locked out of archiva because the
password expired, I tried a bit to set up the password policies and so
far mostly failed:
- I stumbled across security.properties[1] and thought this was the way
to go - but failed. Placed security.properties in ~ or conf doesn't seem
to matter, archiva seems to ignore both.
- Browsing through conf/archiva.xml, I found most of the configuration
entries outlined in security.properties in there and changed them
according to my needs (allow for reuse of old passwords, disable expiry,
...). Outcome: I can't verify whether passwords still expire but now I
am unable to change any user password. Whenever I try doing so, the
"change password" dialog will neither display any error nor disappear on
clicking "Ok" and the password will not be changed.
- When trying to change the password, I see stack traces in archiva.log
like this:
2015-02-19 21:53:04,014 [qtp1925400554-27] ERROR
org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver [] -
Error occurred during error handling, give up!
org.apache.cxf.interceptor.Fault: fromIndex(0) > toIndex(-1)
at
[...]
Caused by: java.lang.IllegalArgumentException: fromIndex(0) > toIndex(-1)
at java.util.ArrayList.subListRangeCheck(ArrayList.java:964)
~[?:1.7.0_60]
at java.util.ArrayList.subList(ArrayList.java:954) ~[?:1.7.0_60]
at
org.apache.archiva.redback.policy.DefaultUserSecurityPolicy.extensionChangePassword(DefaultUserSecurityPolicy.java:317)
~[redback-policy-2.2.jar:2.2]
at
org.apache.archiva.redback.users.jdo.JdoUserManager.updateUser(JdoUserManager.java:343)
~[redback-users-jdo-2.2.jar:2.2]
at
org.apache.archiva.redback.users.jdo.JdoUserManager.updateUser(JdoUserManager.java:327)
~[redback-users-jdo-2.2.jar:2.2]
Does that make any sense to anyone? By now, user credentials in our
archiva seem to be pretty much fragile...
TIA and all the best,
Kristian
[1]https://archiva.apache.org/docs/2.0.1/adminguide/customising-security.html
