Disabling authentication and authorization means that anyone can make unauthenticated requests to Fedora and they will be allowed. For instructions on only disabling only authorization, see Bypass Authorization.
Authentication is baked into the web.xml
. In order disable it, you must either edit the web.xml
to look like this example, or instruct your container to load an alternate web.xml
. The following describes how to load an alternate web.xml
in Tomcat and Jetty.
Tomcat
Add an entry to your $CATALINA_HOME/conf/server.xml
that instructs the webapp to load a different web.xml
. Assuming Fedora is deployed as the fcrepo webapp, the entry should look like this:
<Server> ... <Service> ... <Engine> ... <Host> <Context docBase="fcrepo" altDDName="webapps/fcrepo/WEB-INF/no-auth-web.xml" /> ... </Host> </Engine> </Service> </Server>
Alternatively, you can add a context file to the $CATALINA_HOME/conf/Catalina/localhost
directory. The name of the file should be the webapp name plus .xml
. Assuming Fedora is deploy as the fcrepo webapp, then file would be called $CATALINA_HOME/conf/Catalina/localhost/fcrepo.xml
and contain
<Context altDDName="webapps/fcrepo/WEB-INF/no-auth-web.xml" />
Jetty
- Save a copy of the no-auth-web.xml to
$JETTY_BASE/etc/fcrepo-no-auth-web.xml
. - Add an entry to your
$JETTY_BASE/
webapp/fcrepo.xml
, instructing Jetty to load a different web.xml:
<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd"> <Configure class="org.eclipse.jetty.webapp.WebAppContext"> ... <Set name="descriptor"><SystemProperty name="jetty.base" default="."/>/etc/fcrepo-no-auth-web.xml</Set> </Configure>