Running Fedora without authorization means that the REST API is available to any request coming from the container and lacks any finer-grained security. This is useful when Fedora is running behind another application that connects to Fedora and implements its own security checks. This configuration is also useful for temporary demonstrations and for running software tests that do not require security.
Disabling auth in Fedora does not preclude the use of container authentication to secure Fedora. However, container roles are not used for any further authorization within Fedora. All requests are treated as superusers.
Tomcat
Add an entry to your server.xml
that instructs the webapp to load a different web.xml
. Assuming Fedora is deployed as the fcrepo webapp, the entry should look like this:
<Server> ... <Service> ... <Engine> ... <Host> <Context docBase="fcrepo" altDDName="webapps/fcrepo/WEB-INF/no-auth-web.xml" /> ... </Host> </Engine> </Service> </Server>
Jetty
- Save a copy of the no-auth-web.xml (insert link) to
$JETTY_BASE/etc/fcrepo-no-auth-web.xml
. - Add an entry to your
webapp/fcrepo.xml
, instructing Jetty to load a different web.xml:
<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd"> <Configure class="org.eclipse.jetty.webapp.WebAppContext"> ... <Set name="descriptor"><SystemProperty name="jetty.base" default="."/>/etc/fcrepo-no-auth-web.xml</Set> </Configure>