Fedora Repository 3 Documentation
Page not found
|
Question
I inadvertently chose SSL for API-M access when I installed Fedora, and now I want plain HTTP access to API-M functions without reinstalling Fedora. How can I reconfigure Fedora to allow non-SSL access to API-M?
Answer
As of fedora 3.5, security settings are configured by Spring within FEDORA_HOME . Prior to this release, ssl could be enabled and disabled only be editing the web.xml file within the deployed fedora war. Now, such settings are easily achieved by editing a .properties file in FEDORA_HOME/server/config/spring/web . More complex tasks, such as requiring ssl for individual resources regardless of the general api-a or api-m settings, are possible by editing spring bean xml files.
Instructions:
- Edit the
FEDORA_HOME/server/config/spring/web/web.properties file. There are three relevant properties that will affect ssl behaviour, which will look like this example:
security.ssl.api.access=ANY_CHANNEL
security.ssl.api.management=REQUIRES_SECURE_CHANNEL
security.ssl.api.default=ANY_CHANNEL
where security.ssl.api.access controls ssl for api-a, security.ssl.api.management controls ssl for api-m, and security.ssl.api.default controls ssl for other resourses (unused at present). Acceptable values are ANY_CHANNEL to allow non-ssl connections, and REQUIRES_SECURE_CHANNEL for forced ssl.
- (Optional)
FEDORA_HOME/server/config/spring/web/security.xml if it is necessary to enable or disable ssl for individual resources one by one. Typically, this would only be necessary if exceptions to the general api-a or api-m rules are needed. SSL configuration within this file uses the spring security namespace, and property substitution (e.g. look for placeholders such as ${security.ssl.api.management }). For more information, see the spring 3.0.x channel security documentation.
- Restart the Fedora web application.
|
#trackbackRdf ($trackbackUtils.getContentIdentifier($page) $page.title $trackbackUtils.getPingUrl($page))