Disabling authentication and authorization means that anyone can make unauthenticated requests to Fedora and they will be allowed. This article will discuss disabling both. For instructions on only disabling only authorization, see Bypass Authorization.
Authentication is baked into the web.xml. In order disable it, you must either edit the web.xml to look like this example (TODO add link when PR approved), or instruct your container to load an alternate web.xml. The following describes how to load an alternate web.xml in Tomcat and Jetty.
...