diff --git a/doc/release-notes/7424-mailsession.md b/doc/release-notes/7424-mailsession.md
new file mode 100644
index 00000000000..67c876f7ad5
--- /dev/null
+++ b/doc/release-notes/7424-mailsession.md
@@ -0,0 +1,24 @@
+## Simplified SMTP configuration
+
+With this release, we deprecate the usage of `asadmin create-javamail-resource` to configure Dataverse to send mail using your SMTP server and provide a simplified, standard alternative using JVM options or MicroProfile Config.
+
+At this point, no action is required if you want to keep your current configuration.
+Warnings will show in your server logs to inform and remind you about the deprecation.
+A future major release of Dataverse may remove this way of configuration.
+
+Please do take the opportunity to update your SMTP configuration. Details can be found in section of the Installation Guide starting with the [SMTP/Email Configuration](https://guides.dataverse.org/en/6.2/installation/config.html#smtp-email-configuration) section of the Installation Guide.
+
+Once reconfiguration is complete, you should remove legacy, unused config. First, run `asadmin delete-javamail-resource mail/notifyMailSession` as described in the [6.1 guides](https://guides.dataverse.org/en/6.1/installation/installation-main.html#mail-host-configuration-authentication). Then run `curl -X DELETE http://localhost:8080/api/admin/settings/:SystemEmail` as this database setting has been replace with `dataverse.mail.system-email` as described below.
+
+Please note: as there have been problems with email delivered to SPAM folders when the "From" within mail envelope and the mail session configuration didn't match (#4210), as of this version the sole source for the "From" address is the setting `dataverse.mail.system-email` once you migrate to the new way of configuration.
+
+List of options added:
+- dataverse.mail.system-email
+- dataverse.mail.mta.host
+- dataverse.mail.mta.port
+- dataverse.mail.mta.ssl.enable
+- dataverse.mail.mta.auth
+- dataverse.mail.mta.user
+- dataverse.mail.mta.password
+- dataverse.mail.mta.allow-utf8-addresses
+- Plus many more for advanced usage and special provider requirements. See [configuration guide for a full list](https://guides.dataverse.org/en/6.2/installation/config.html#dataverse-mail-mta).
\ No newline at end of file
diff --git a/doc/sphinx-guides/source/container/app-image.rst b/doc/sphinx-guides/source/container/app-image.rst
index caf4aadbf7e..e1f5517629d 100644
--- a/doc/sphinx-guides/source/container/app-image.rst
+++ b/doc/sphinx-guides/source/container/app-image.rst
@@ -134,19 +134,6 @@ In addition, the application image provides the following tunables:
1. Simply pick a JVM option from the list and replace any ``.`` with ``_``.
2. Replace any ``-`` in the option name with ``__``.
- * - ``DATAVERSE_MAIL_HOST``
- - ``smtp``
- - String
- - A hostname (w/o port!) where to reach a Mail MTA on port 25.
- * - ``DATAVERSE_MAIL_USER``
- - ``dataversenotify``
- - String
- - A username to use with the Mail MTA
- * - ``DATAVERSE_MAIL_FROM``
- - ``dataverse@localhost``
- - Mail address
- - The "From" field for all outbound mail. Make sure to set :ref:`systemEmail` to the same value or no mail will
- be sent.
Note that the script ``init_2_configure.sh`` will apply a few very important defaults to enable quick usage
diff --git a/doc/sphinx-guides/source/installation/config.rst b/doc/sphinx-guides/source/installation/config.rst
index 41388f7aa33..207b6acb305 100644
--- a/doc/sphinx-guides/source/installation/config.rst
+++ b/doc/sphinx-guides/source/installation/config.rst
@@ -88,6 +88,51 @@ See the :ref:`payara` section of :doc:`prerequisites` for details and init scrip
Related to this is that you should remove ``/root/.payara/pass`` to ensure that Payara isn't ever accidentally started as root. Without the password, Payara won't be able to start as root, which is a good thing.
+.. _secure-password-storage:
+
+Secure Password Storage
+^^^^^^^^^^^^^^^^^^^^^^^
+
+In development or demo scenarios, we suggest not to store passwords in files permanently.
+We recommend the use of at least environment variables or production-grade mechanisms to supply passwords.
+
+In a production setup, permanently storing passwords as plaintext should be avoided at all cost.
+Environment variables are dangerous in shared environments and containers, as they may be easily exploited; we suggest not to use them.
+Depending on your deployment model and environment, you can make use of the following techniques to securely store and access passwords.
+
+**Password Aliases**
+
+A `password alias`_ allows you to have a plaintext reference to an encrypted password stored on the server, with the alias being used wherever the password is needed.
+This method is especially useful in a classic deployment, as it does not require any external secrets management.
+
+Password aliases are consumable as a MicroProfile Config source and can be referrenced by their name in a `property expression`_.
+You may also reference them within a `variable substitution`_, e.g. in your ``domain.xml``.
+
+Creation example for an alias named *my.alias.name*:
+
+.. code-block:: shell
+
+ echo "AS_ADMIN_ALIASPASSWORD=changeme" > /tmp/p.txt
+ asadmin create-password-alias --passwordfile "/tmp/p.txt" "my.alias.name"
+ rm /tmp/p.txt
+
+Note: omitting the ``--passwordfile`` parameter allows creating the alias in an interactive fashion with a prompt.
+
+**Secrets Files**
+
+Payara has a builtin MicroProfile Config source to consume values from files in a directory on your filesystem.
+This `directory config source`_ is most useful and secure with external secrets management in place, temporarily mounting cleartext passwords as files.
+Examples are Kubernetes / OpenShift `Secrets `_ or tools like `Vault Agent `_.
+
+Please follow the `directory config source`_ documentation to learn about its usage.
+
+**Cloud Providers**
+
+Running Dataverse on a cloud platform or running an external secret management system like `Vault `_ enables accessing secrets without any intermediate storage of cleartext.
+Obviously this is the most secure option for any deployment model, but it may require more resources to set up and maintain - your mileage may vary.
+
+Take a look at `cloud sources`_ shipped with Payara to learn about their usage.
+
Enforce Strong Passwords for User Accounts
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
@@ -673,6 +718,20 @@ To enable bearer tokens, you must install and configure Keycloak (for now, see :
You can test that bearer tokens are working by following the example under :ref:`bearer-tokens` in the API Guide.
+.. _smtp-config:
+
+SMTP/Email Configuration
+------------------------
+
+The installer prompts you for some basic options to configure Dataverse to send email using your SMTP server, but in many cases, extra configuration may be necessary.
+
+Make sure the :ref:`dataverse.mail.system-email` has been set. Email will not be sent without it. A hint will be logged about this fact.
+If you want to separate system email from your support team's email, take a look at :ref:`dataverse.mail.support-email`.
+
+Then check the list of commonly used settings at the top of :ref:`dataverse.mail.mta`.
+
+If you have trouble, consider turning on debugging with :ref:`dataverse.mail.debug`.
+
.. _database-persistence:
Database Persistence
@@ -688,16 +747,8 @@ Basic Database Settings
1. Any of these settings can be set via system properties (see :ref:`jvm-options` starting at :ref:`dataverse.db.name`), environment variables or other
MicroProfile Config mechanisms supported by the app server.
`See Payara docs for supported sources `_.
-2. Remember to protect your secrets. For passwords, use an environment variable (bare minimum), a password alias named the same
- as the key (OK) or use the "dir config source" of Payara (best).
-
- Alias creation example:
-
- .. code-block:: shell
-
- echo "AS_ADMIN_ALIASPASSWORD=changeme" > /tmp/p.txt
- asadmin create-password-alias --passwordfile /tmp/p.txt dataverse.db.password
- rm /tmp/p.txt
+2. Remember to protect your secrets.
+ See :ref:`secure-password-storage` for more information.
3. Environment variables follow the key, replacing any dot, colon, dash, etc. into an underscore "_" and all uppercase
letters. Example: ``dataverse.db.host`` -> ``DATAVERSE_DB_HOST``
@@ -926,6 +977,8 @@ Then create a password alias by running (without changes):
The second command will trigger an interactive prompt asking you to input your Swift password.
+Note: you may choose a different way to secure this password, depending on your use case. See :ref:`secure-password-storage` for more options.
+
Second, update the JVM option ``dataverse.files.storage-driver-id`` by running the delete command:
``./asadmin $ASADMIN_OPTS delete-jvm-options "\-Ddataverse.files.storage-driver-id=file"``
@@ -1195,9 +1248,8 @@ Optionally, you may provide static credentials for each S3 storage using MicroPr
You may provide the values for these via any `supported MicroProfile Config API source`_.
**WARNING:**
-
*For security, do not use the sources "environment variable" or "system property" (JVM option) in a production context!*
-*Rely on password alias, secrets directory or cloud based sources instead!*
+*Rely on password alias, secrets directory or cloud based sources as described at* :ref:`secure-password-storage` *instead!*
**NOTE:**
@@ -2296,15 +2348,9 @@ dataverse.db.password
The PostgreSQL users password to connect with.
-Preferrably use a JVM alias, as passwords in environment variables aren't safe.
+See :ref:`secure-password-storage` to learn about options to securely store this password.
-.. code-block:: shell
-
- echo "AS_ADMIN_ALIASPASSWORD=change-me-super-secret" > /tmp/password.txt
- asadmin create-password-alias --passwordfile /tmp/password.txt dataverse.db.password
- rm /tmp/password.txt
-
-Can also be set via *MicroProfile Config API* sources, e.g. the environment variable ``DATAVERSE_DB_PASSWORD``.
+Can also be set via *MicroProfile Config API* sources, e.g. the environment variable ``DATAVERSE_DB_PASSWORD`` (although you shouldn't use environment variables for passwords).
dataverse.db.host
+++++++++++++++++
@@ -2551,14 +2597,7 @@ Once you have a username from DataCite, you can enter it like this:
Legacy Single PID Provider: dataverse.pid.datacite.password
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-Once you have a password from your provider, you should create a password alias.
-This avoids storing it in clear text, although you could use a JVM option `to reference
-a different place `__.
-
-``./asadmin create-password-alias dataverse.pid.datacite.password``
-
-It will allow you to enter the password while not echoing the characters.
-To manage these, read up on `Payara docs about password aliases `__.
+Once you have a password from your provider, you should create a password alias called *dataverse.pid.datacite.password* or use another method described at :ref:`secure-password-storage` to safeguard it.
**Notes:**
@@ -2569,7 +2608,7 @@ To manage these, read up on `Payara docs about password aliases `.
Provide a passphrase to decrypt the :ref:`private key file `.
+See :ref:`secure-password-storage` for ways to do this securely.
The key file may (and should) be encrypted with a passphrase (used for
encryption with AES-128). See also chapter 1.4 "Authentication" of the
@@ -2610,10 +2650,10 @@ encryption with AES-128). See also chapter 1.4 "Authentication" of the
Can also be set via *MicroProfile Config API* sources, e.g. the environment
variable ``DATAVERSE_PID_HANDLENET_KEY_PASSPHRASE`` (although you shouldn't use
-environment variables for passwords). This setting was formerly known as
-``dataverse.handlenet.admprivphrase`` and has been renamed. You should delete
-the old JVM option and the wrapped password alias, then recreate as shown for
-:ref:`dataverse.pid.datacite.password` but with this option as alias name.
+environment variables for passwords).
+
+This setting was formerly known as ``dataverse.handlenet.admprivphrase`` and has been renamed.
+You should delete the old JVM option and the wrapped password alias, then recreate as shown for :ref:`dataverse.pid.datacite.password` but with this option as alias name.
.. _dataverse.pid.handlenet.index:
@@ -2807,20 +2847,11 @@ The key used to sign a URL is created from the API token of the creating user pl
signature-secret makes it impossible for someone who knows an API token from forging signed URLs and provides extra security by
making the overall signing key longer.
-Since the signature-secret is sensitive, you should treat it like a password. Here is an example how to set your shared secret
-with the secure method "password alias":
-
-.. code-block:: shell
-
- echo "AS_ADMIN_ALIASPASSWORD=change-me-super-secret" > /tmp/password.txt
- asadmin create-password-alias --passwordfile /tmp/password.txt dataverse.api.signature-secret
- rm /tmp/password.txt
-
-Can also be set via any `supported MicroProfile Config API source`_, e.g. the environment variable
-``DATAVERSE_API_SIGNATURE_SECRET``.
+**WARNING**:
+*Since the signature-secret is sensitive, you should treat it like a password.*
+*See* :ref:`secure-password-storage` *to learn about ways to safeguard it.*
-**WARNING:** For security, do not use the sources "environment variable" or "system property" (JVM option) in a
-production context! Rely on password alias, secrets directory or cloud based sources instead!
+Can also be set via any `supported MicroProfile Config API source`_, e.g. the environment variable ``DATAVERSE_API_SIGNATURE_SECRET`` (although you shouldn't use environment variables for passwords) .
.. _dataverse.api.allow-incomplete-metadata:
@@ -2853,27 +2884,174 @@ See :ref:`discovery-sign-posting` for details.
Can also be set via any `supported MicroProfile Config API source`_, e.g. the environment variable ``DATAVERSE_SIGNPOSTING_LEVEL1_ITEM_LIMIT``.
+.. _systemEmail:
+.. _dataverse.mail.system-email:
+
+dataverse.mail.system-email
++++++++++++++++++++++++++++
+
+This is the email address that "system" emails are sent from such as password reset links, notifications, etc.
+It replaces the database setting :ref:`legacySystemEmail` since Dataverse 6.2.
+
+**WARNING**: Your Dataverse installation will not send mail without this setting in place.
+
+Note that only the email address is required, which you can supply without the ``<`` and ``>`` signs, but if you include the text, it's the way to customize the name of your support team, which appears in the "from" address in emails as well as in help text in the UI.
+If you don't include the text, the installation name (see :ref:`Branding Your Installation`) will appear in the "from" address.
+In case you want your system email address to of no-reply style, have a look at :ref:`dataverse.mail.support-email` setting, too.
+
+Please note that if you're having any trouble sending email, you can refer to "Troubleshooting" under :doc:`installation-main`.
+
+Can also be set via any `supported MicroProfile Config API source`_, e.g. the environment variable ``DATAVERSE_MAIL_SYSTEM_EMAIL``.
+
+See also :ref:`smtp-config`.
+
+.. _dataverse.mail.support-email:
+
dataverse.mail.support-email
++++++++++++++++++++++++++++
-This provides an email address distinct from the :ref:`systemEmail` that will be used as the email address for Contact Forms and Feedback API. This address is used as the To address when the Contact form is launched from the Support entry in the top navigation bar and, if configured via :ref:`dataverse.mail.cc-support-on-contact-email`, as a CC address when the form is launched from a Dataverse/Dataset Contact button.
-This allows configuration of a no-reply email address for :ref:`systemEmail` while allowing feedback to go to/be cc'd to the support email address, which would normally accept replies. If not set, the :ref:`systemEmail` is used for the feedback API/contact form email.
+This provides an email address distinct from the :ref:`systemEmail` that will be used as the email address for Contact Forms and Feedback API.
+This address is used as the To address when the Contact form is launched from the Support entry in the top navigation bar and, if configured via :ref:`dataverse.mail.cc-support-on-contact-email`, as a CC address when the form is launched from a Dataverse/Dataset Contact button.
+This allows configuration of a no-reply email address for :ref:`systemEmail` while allowing feedback to go to/be cc'd to the support email address, which would normally accept replies.
+If not set, the :ref:`systemEmail` is used for the feedback API/contact form email.
-Note that only the email address is required, which you can supply without the ``<`` and ``>`` signs, but if you include the text, it's the way to customize the name of your support team, which appears in the "from" address in emails as well as in help text in the UI. If you don't include the text, the installation name (see :ref:`Branding Your Installation`) will appear in the "from" address.
+Note that only the email address is required, which you can supply without the ``<`` and ``>`` signs, but if you include the text, it's the way to customize the name of your support team, which appears in the "from" address in emails as well as in help text in the UI.
+If you don't include the text, the installation name (see :ref:`Branding Your Installation`) will appear in the "from" address.
Can also be set via any `supported MicroProfile Config API source`_, e.g. the environment variable ``DATAVERSE_MAIL_SUPPORT_EMAIL``.
+See also :ref:`smtp-config`.
+
.. _dataverse.mail.cc-support-on-contact-email:
dataverse.mail.cc-support-on-contact-email
++++++++++++++++++++++++++++++++++++++++++
-If this setting is true, the contact forms and feedback API will cc the system (:SupportEmail if set, :SystemEmail if not) when sending email to the collection, dataset, or datafile contacts.
+If this boolean setting is true, the contact forms and feedback API will cc the system (``dataverse.mail.support-mail`` if set, ``dataverse.mail.system-email`` if not) when sending email to the collection, dataset, or datafile contacts.
A CC line is added to the contact form when this setting is true so that users are aware that the cc will occur.
The default is false.
Can also be set via *MicroProfile Config API* sources, e.g. the environment variable ``DATAVERSE_MAIL_CC_SUPPORT_ON_CONTACT_EMAIL``.
+See also :ref:`smtp-config`.
+
+.. _dataverse.mail.debug:
+
+dataverse.mail.debug
+++++++++++++++++++++
+
+When this boolean setting is true, sending an email will generate more verbose logging, enabling you to analyze mail delivery malfunctions.
+Defaults to ``false``.
+
+Can also be set via *MicroProfile Config API* sources, e.g. the environment variable ``DATAVERSE_MAIL_DEBUG``.
+
+See also :ref:`smtp-config`.
+
+.. _dataverse.mail.mta:
+
+dataverse.mail.mta.*
+++++++++++++++++++++
+
+The following options allow you to configure a target Mail Transfer Agent (MTA) to be used for sending emails to users.
+Be advised: as the mail server connection (session) is cached once created, you need to restart Payara when applying configuration changes.
+
+All can also be set via any `supported MicroProfile Config API source`_, e.g. the environment variable ``DATAVERSE_MAIL_MTA_HOST``.
+(For environment variables: simply replace "." and "-" with "_" and write as all caps.)
+
+The following table describes the most important settings commonly used.
+
+.. list-table::
+ :widths: 15 60 25
+ :header-rows: 1
+ :align: left
+
+ * - Setting Key
+ - Description
+ - Default Value
+ * - ``dataverse.mail.mta.host``
+ - The SMTP server to connect to.
+ - *No default*
+ * - ``dataverse.mail.mta.port``
+ - The SMTP server port to connect to. (Common are ``25`` for plain, ``587`` for SSL, ``465`` for legacy SSL)
+ - ``25``
+ * - ``dataverse.mail.mta.ssl.enable``
+ - Enable if your mail provider uses SSL.
+ - ``false``
+ * - ``dataverse.mail.mta.auth``
+ - If ``true``, attempt to authenticate the user using the AUTH command.
+ - ``false``
+ * - ``dataverse.mail.mta.user``
+ - The username to use in an AUTH command.
+ - *No default*
+ * - ``dataverse.mail.mta.password``
+ - The password to use in an AUTH command. (Might be a token when using XOAUTH2 mechanism)
+ - *No default*
+ * - ``dataverse.mail.mta.allow-utf8-addresses``
+ - If set to ``true``, UTF-8 strings are allowed in message headers, e.g., in addresses.
+ This should only be set if the mail server also supports UTF-8.
+ (Quoted from `Jakarta Mail Javadoc `_)
+ Setting to ``false`` will also make mail address validation in UI/API fail on UTF-8 chars.
+ - ``true``
+
+**WARNING**:
+*For security of your password use only safe ways to store and access it.*
+*See* :ref:`secure-password-storage` *to learn about your options.*
+
+Find below a list of even more options you can use to configure sending mails.
+Detailed description for every setting can be found in the table included within the `Jakarta Mail Documentation `_.
+(Simply replace ``dataverse.mail.mta.`` with ``mail.smtp.``.)
+
+* Timeouts:
+ ``dataverse.mail.mta.connectiontimeout``,
+ ``dataverse.mail.mta.timeout``,
+ ``dataverse.mail.mta.writetimeout``
+* SSL/TLS:
+ ``dataverse.mail.mta.starttls.enable``,
+ ``dataverse.mail.mta.starttls.required``,
+ ``dataverse.mail.mta.ssl.checkserveridentity``,
+ ``dataverse.mail.mta.ssl.trust``,
+ ``dataverse.mail.mta.ssl.protocols``,
+ ``dataverse.mail.mta.ssl.ciphersuites``
+* Proxy Connection:
+ ``dataverse.mail.mta.proxy.host``,
+ ``dataverse.mail.mta.proxy.port``,
+ ``dataverse.mail.mta.proxy.user``,
+ ``dataverse.mail.mta.proxy.password``,
+ ``dataverse.mail.mta.socks.host``,
+ ``dataverse.mail.mta.socks.port``
+* SMTP EHLO command details:
+ ``dataverse.mail.mta.ehlo``,
+ ``dataverse.mail.mta.localhost``,
+ ``dataverse.mail.mta.localaddress``,
+ ``dataverse.mail.mta.localport``
+* Authentication details:
+ ``dataverse.mail.mta.auth.mechanisms``,
+ ``dataverse.mail.mta.auth.login.disable``,
+ ``dataverse.mail.mta.auth.plain.disable``,
+ ``dataverse.mail.mta.auth.digest-md5.disable``,
+ ``dataverse.mail.mta.auth.ntlm.disable``,
+ ``dataverse.mail.mta.auth.xoauth2.disable``,
+ ``dataverse.mail.mta.auth.ntlm.domain``,
+ ``dataverse.mail.mta.auth.ntlm.flag``,
+ ``dataverse.mail.mta.sasl.enable``,
+ ``dataverse.mail.mta.sasl.usecanonicalhostname``,
+ ``dataverse.mail.mta.sasl.mechanisms``,
+ ``dataverse.mail.mta.sasl.authorizationid``,
+ ``dataverse.mail.mta.sasl.realm``
+* Miscellaneous:
+ ``dataverse.mail.mta.allow8bitmime``,
+ ``dataverse.mail.mta.submitter``,
+ ``dataverse.mail.mta.dsn.notify``,
+ ``dataverse.mail.mta.dsn.ret``,
+ ``dataverse.mail.mta.sendpartial``,
+ ``dataverse.mail.mta.quitwait``,
+ ``dataverse.mail.mta.quitonsessionreject``,
+ ``dataverse.mail.mta.userset``,
+ ``dataverse.mail.mta.noop.strict``,
+ ``dataverse.mail.mta.mailextension``
+
+See also :ref:`smtp-config`.
+
dataverse.ui.allow-review-for-incomplete
++++++++++++++++++++++++++++++++++++++++
@@ -3096,18 +3274,13 @@ In Dataverse Software 4.7 and lower, the :doc:`/api/search` required an API toke
``curl -X PUT -d true http://localhost:8080/api/admin/settings/:SearchApiRequiresToken``
-.. _systemEmail:
+.. _legacySystemEmail:
:SystemEmail
++++++++++++
-This is the email address that "system" emails are sent from such as password reset links. Your Dataverse installation will not send mail without this setting in place.
-
-``curl -X PUT -d 'LibraScholar SWAT Team ' http://localhost:8080/api/admin/settings/:SystemEmail``
-
-Note that only the email address is required, which you can supply without the ``<`` and ``>`` signs, but if you include the text, it's the way to customize the name of your support team, which appears in the "from" address in emails as well as in help text in the UI. If you don't include the text, the installation name (see :ref:`Branding Your Installation`) will appear in the "from" address.
-
-Please note that if you're having any trouble sending email, you can refer to "Troubleshooting" under :doc:`installation-main`.
+Please note that this setting is deprecated since Dataverse 6.2.
+It will be picked up for backward compatibility, but please migrate to usage of :ref:`dataverse.mail.system-email`.
:HomePageCustomizationFile
++++++++++++++++++++++++++
@@ -4505,9 +4678,6 @@ A true/false (default) option determining whether the dataset datafile table dis
``curl -X PUT -d true http://localhost:8080/api/admin/settings/:AllowUserManagementOfOrder``
-.. _supported MicroProfile Config API source: https://docs.payara.fish/community/docs/Technical%20Documentation/MicroProfile/Config/Overview.html
-
-
.. _:UseStorageQuotas:
:UseStorageQuotas
@@ -4543,3 +4713,13 @@ In the following example, calls made by a guest user (tier 0) for API GetLatestP
{"tier": 0, "limitPerHour": 10, "actions": ["GetLatestPublishedDatasetVersionCommand", "GetPrivateUrlCommand", "GetDatasetCommand", "GetLatestAccessibleDatasetVersionCommand"]},
{"tier": 0, "limitPerHour": 1, "actions": ["CreateGuestbookResponseCommand", "UpdateDatasetVersionCommand", "DestroyDatasetCommand", "DeleteDataFileCommand", "FinalizeDatasetPublicationCommand", "PublishDatasetCommand"]},
{"tier": 1, "limitPerHour": 30, "actions": ["CreateGuestbookResponseCommand", "GetLatestPublishedDatasetVersionCommand", "GetPrivateUrlCommand", "GetDatasetCommand", "GetLatestAccessibleDatasetVersionCommand", "UpdateDatasetVersionCommand", "DestroyDatasetCommand", "DeleteDataFileCommand", "FinalizeDatasetPublicationCommand", "PublishDatasetCommand"]}]}
+
+
+
+
+.. _supported MicroProfile Config API source: https://docs.payara.fish/community/docs/Technical%20Documentation/MicroProfile/Config/Overview.html
+.. _password alias: https://docs.payara.fish/community/docs/Technical%20Documentation/Payara%20Server%20Documentation/Server%20Configuration%20And%20Management/Configuration%20Options/Password%20Aliases.html
+.. _variable substitution: https://docs.payara.fish/community/docs/Technical%20Documentation/Payara%20Server%20Documentation/Server%20Configuration%20And%20Management/Configuration%20Options/Variable%20Substitution/Usage%20of%20Variables.html
+.. _property expression: https://download.eclipse.org/microprofile/microprofile-config-3.1/microprofile-config-spec-3.1.html#property-expressions
+.. _directory config source: https://docs.payara.fish/community/docs/Technical%20Documentation/MicroProfile/Config/Directory.html
+.. _cloud sources: https://docs.payara.fish/community/docs/Technical%20Documentation/MicroProfile/Config/Cloud/Overview.html
diff --git a/doc/sphinx-guides/source/installation/installation-main.rst b/doc/sphinx-guides/source/installation/installation-main.rst
index bc51a8e19f5..3c3376e3c85 100755
--- a/doc/sphinx-guides/source/installation/installation-main.rst
+++ b/doc/sphinx-guides/source/installation/installation-main.rst
@@ -141,66 +141,6 @@ Got ERR_ADDRESS_UNREACHABLE While Navigating on Interface or API Calls
If you are receiving an ``ERR_ADDRESS_UNREACHABLE`` while navigating the GUI or making an API call, make sure the ``siteUrl`` JVM option is defined. For details on how to set ``siteUrl``, please refer to :ref:`dataverse.siteUrl` from the :doc:`config` section. For context on why setting this option is necessary, refer to :ref:`dataverse.fqdn` from the :doc:`config` section.
-Problems Sending Email
-^^^^^^^^^^^^^^^^^^^^^^
-
-If your Dataverse installation is not sending system emails, you may need to provide authentication for your mail host. First, double check the SMTP server being used with this Payara asadmin command:
-
-``./asadmin get server.resources.mail-resource.mail/notifyMailSession.host``
-
-This should return the DNS of the mail host you configured during or after installation. mail/notifyMailSession is the JavaMail Session that's used to send emails to users.
-
-If the command returns a host you don't want to use, you can modify your notifyMailSession with the Payara ``asadmin set`` command with necessary options (`click here for the manual page `_), or via the admin console at http://localhost:4848 with your domain running.
-
-If your mail host requires a username/password for access, continue to the next section.
-
-Mail Host Configuration & Authentication
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-
-If you need to alter your mail host address, user, or provide a password to connect with, these settings are easily changed in the Payara admin console or via command line.
-
-For the Payara console, load a browser with your domain online, navigate to http://localhost:4848 and on the side panel find JavaMail Sessions. By default, the Dataverse Software uses a session named mail/notifyMailSession for routing outgoing emails. Click this mail session in the window to modify it.
-
-When fine tuning your JavaMail Session, there are a number of fields you can edit. The most important are:
-
-+ **Mail Host:** Desired mail host’s DNS address (e.g. smtp.gmail.com)
-+ **Default User:** Username mail host will recognize (e.g. user\@gmail.com)
-+ **Default Sender Address:** Email address that your Dataverse installation will send mail from
-
-Depending on the SMTP server you're using, you may need to add additional properties at the bottom of the page (below "Advanced").
-
-From the "Add Properties" utility at the bottom, use the “Add Property” button for each entry you need, and include the name / corresponding value as needed. Descriptions are optional, but can be used for your own organizational needs.
-
-**Note:** These properties are just an example. You may need different/more/fewer properties all depending on the SMTP server you’re using.
-
-============================== ==============================
- Name Value
-============================== ==============================
-mail.smtp.auth true
-mail.smtp.password [Default User password*]
-mail.smtp.port [Port number to route through]
-============================== ==============================
-
-**\*WARNING**: Entering a password here will *not* conceal it on-screen. It’s recommended to use an *app password* (for smtp.gmail.com users) or utilize a dedicated/non-personal user account with SMTP server auths so that you do not risk compromising your password.
-
-If your installation’s mail host uses SSL (like smtp.gmail.com) you’ll need these name/value pair properties in place:
-
-====================================== ==============================
- Name Value
-====================================== ==============================
-mail.smtp.socketFactory.port 465
-mail.smtp.port 465
-mail.smtp.socketFactory.fallback false
-mail.smtp.socketFactory.class javax.net.ssl.SSLSocketFactory
-====================================== ==============================
-
-The mail session can also be set from command line. To use this method, you will need to delete your notifyMailSession and create a new one. See the below example:
-
-- Delete: ``./asadmin delete-javamail-resource mail/notifyMailSession``
-- Create (remove brackets and replace the variables inside): ``./asadmin create-javamail-resource --mailhost [smtp.gmail.com] --mailuser [test\@test\.com] --fromaddress [test\@test\.com] --property mail.smtp.auth=[true]:mail.smtp.password=[password]:mail.smtp.port=[465]:mail.smtp.socketFactory.port=[465]:mail.smtp.socketFactory.fallback=[false]:mail.smtp.socketFactory.class=[javax.net.ssl.SSLSocketFactory] mail/notifyMailSession``
-
-Be sure you save the changes made here and then restart your Payara server to test it out.
-
UnknownHostException While Deploying
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
diff --git a/docker-compose-dev.yml b/docker-compose-dev.yml
index 6c56b5a3d6e..402a95c0e16 100644
--- a/docker-compose-dev.yml
+++ b/docker-compose-dev.yml
@@ -17,6 +17,8 @@ services:
SKIP_DEPLOY: "${SKIP_DEPLOY}"
DATAVERSE_JSF_REFRESH_PERIOD: "1"
DATAVERSE_FEATURE_API_BEARER_AUTH: "1"
+ DATAVERSE_MAIL_SYSTEM_EMAIL: "dataverse@localhost"
+ DATAVERSE_MAIL_MTA_HOST: "smtp"
DATAVERSE_AUTH_OIDC_ENABLED: "1"
DATAVERSE_AUTH_OIDC_CLIENT_ID: test
DATAVERSE_AUTH_OIDC_CLIENT_SECRET: 94XHrfNRwXsjqTqApRrwWmhDLDHpIYV8
diff --git a/docker/compose/demo/compose.yml b/docker/compose/demo/compose.yml
index 8f1af3e396b..6c2bdcf79a4 100644
--- a/docker/compose/demo/compose.yml
+++ b/docker/compose/demo/compose.yml
@@ -14,6 +14,8 @@ services:
DATAVERSE_DB_PASSWORD: secret
DATAVERSE_DB_USER: dataverse
DATAVERSE_FEATURE_API_BEARER_AUTH: "1"
+ DATAVERSE_MAIL_SYSTEM_EMAIL: "Demo Dataverse "
+ DATAVERSE_MAIL_MTA_HOST: "smtp"
JVM_ARGS: -Ddataverse.files.storage-driver-id=file1
-Ddataverse.files.file1.type=file
-Ddataverse.files.file1.label=Filesystem
diff --git a/modules/container-configbaker/scripts/bootstrap/dev/init.sh b/modules/container-configbaker/scripts/bootstrap/dev/init.sh
index efdaee3d0c3..f8770436652 100644
--- a/modules/container-configbaker/scripts/bootstrap/dev/init.sh
+++ b/modules/container-configbaker/scripts/bootstrap/dev/init.sh
@@ -9,9 +9,6 @@ export DATAVERSE_URL
echo "Running base setup-all.sh (INSECURE MODE)..."
"${BOOTSTRAP_DIR}"/base/setup-all.sh --insecure -p=admin1 | tee /tmp/setup-all.sh.out
-echo "Setting system mail address..."
-curl -X PUT -d "dataverse@localhost" "${DATAVERSE_URL}/api/admin/settings/:SystemEmail"
-
echo "Setting DOI provider to \"FAKE\"..."
curl "${DATAVERSE_URL}/api/admin/settings/:DoiProvider" -X PUT -d FAKE
diff --git a/modules/dataverse-parent/pom.xml b/modules/dataverse-parent/pom.xml
index fd176c2fd80..1a538905a8d 100644
--- a/modules/dataverse-parent/pom.xml
+++ b/modules/dataverse-parent/pom.xml
@@ -168,11 +168,11 @@
5.2.0
- 1.19.0
- 2.10.1
- 5.10.0
- 5.4.0
- 0.8.10
+ 1.19.7
+ 3.7.1
+ 5.10.2
+ 5.11.0
+ 0.8.11
9.3
@@ -182,8 +182,8 @@
3.3.2
3.5.0
3.1.1
- 3.1.0
- 3.1.0
+ 3.2.5
+ 3.2.5
3.6.0
3.3.1
3.0.0-M7
diff --git a/pom.xml b/pom.xml
index f736f04cf32..4b660e23ef5 100644
--- a/pom.xml
+++ b/pom.xml
@@ -51,6 +51,17 @@
abdera-i18n
1.1.3
+
+ org.apache.abdera
+ abdera-parser
+ 1.1.3
+
+
+ org.apache.geronimo.specs
+ geronimo-javamail_1.4_spec
+
+
+