Disabling authentication and authorization means that anyone can make unauthenticated requests to Fedora and they will be allowed.
Authentication is baked into the web.xml
. In order disable it, you must either edit the web.xml
to look like this example (TODO add link when PR approved), or instruct your container to load an alternate web.xml
. The following describes how to load an alternate web.xml
in Tomcat and Jetty.
Tomcat
Add an entry to your $CATALINA_HOME/conf/server.xml
that instructs the webapp to load a different web.xml
. Assuming Fedora is deployed as the fcrepo webapp, the entry should look like this:
<Server> ... <Service> ... <Engine> ... <Host> <Context docBase="fcrepo" altDDName="webapps/fcrepo/WEB-INF/no-auth-web.xml" /> ... </Host> </Engine> </Service> </Server>
Jetty
- Save a copy of the no-auth-web.xml (TODO insert link) to
$JETTY_BASE/etc/fcrepo-no-auth-web.xml
. - Add an entry to your
$JETTY_BASE/
webapp/fcrepo.xml
, instructing Jetty to load a different web.xml:
<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd"> <Configure class="org.eclipse.jetty.webapp.WebAppContext"> ... <Set name="descriptor"><SystemProperty name="jetty.base" default="."/>/etc/fcrepo-no-auth-web.xml</Set> </Configure>