Current Release

This documentation covers the current version of Fedora. Looking for another version? See all documentation.

Disabling authentication and authorization means that anyone can make unauthenticated requests to Fedora and they will be allowed. For instructions on only disabling only authorization, see Bypass Authorization.

Authentication is baked into the web.xml. In order disable it, you must either edit the web.xml to look like this example, or instruct your container to load an alternate web.xml. The following describes how to load an alternate web.xml in Tomcat and Jetty.


Add an entry to your $CATALINA_HOME/conf/server.xml that instructs the webapp to load a different web.xml. Assuming Fedora is deployed as the fcrepo webapp, the entry should look like this:

        <Context docBase="fcrepo" altDDName="webapps/fcrepo/WEB-INF/no-auth-web.xml" />

Alternatively, you can add a context file to the $CATALINA_HOME/conf/Catalina/localhost  directory. The name of the file should be the webapp name plus .xml. Assuming Fedora is deploy as the fcrepo webapp, then file would be called $CATALINA_HOME/conf/Catalina/localhost/fcrepo.xml  and contain

<Context altDDName="webapps/fcrepo/WEB-INF/no-auth-web.xml" />


  1. Save a copy of the no-auth-web.xml to $JETTY_BASE/etc/fcrepo-no-auth-web.xml.
  2. Add an entry to your $JETTY_BASE/webapp/fcrepo.xml, instructing Jetty to load a different web.xml:
<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "">
<Configure class="org.eclipse.jetty.webapp.WebAppContext">
  <Set name="descriptor"><SystemProperty name="jetty.base" default="."/>/etc/fcrepo-no-auth-web.xml</Set>