How do I undo SSL-only access to API-M functions?

Question: I inadvertently chose SSL for API-M access when I installed Fedora, and now I want plain HTTP access to API-M functions without reinstalling Fedora. How can I reconfigure Fedora to allow non-SSL access to API-M?

Answer: In the installed webapp, the WEB-INF/web.xml file has a <security-constraint> block with a description of APIM. There's a <user-data-constraint> block with a transport-guarantee value of CONFIDENTIAL. If you comment out or remove that <user-data-constraint> block, Tomcat won't require SSL for those resources (API-M).

Instructions:

Edit the WEB-INF/web.xml under the fedora webapp directory in your webapp server (Tomcat, in most cases). Comment out the relevant <user-data-constraint> block:

<security-constraint>
  <web-resource-collection>
    <web-resource-name>Fedora Repository Server</web-resource-name>
    <description>Fedora-generated security-constraint</description>
    <description>APIM</description>
    <url-pattern>/index.html</url-pattern>
    <url-pattern>/getDSAuthenticated</url-pattern>
    <url-pattern>/management/getNextPID</url-pattern>
    <url-pattern>/management/upload</url-pattern>
    <url-pattern>/services/management</url-pattern>
    <url-pattern>*.jws</url-pattern>
  </web-resource-collection>
  <!-- Commented out to disable SSL-only access to API-M functions -->
  <!-- <user-data-constraint> -->
  <!--   <transport-guarantee>CONFIDENTIAL</transport-guarantee> -->
  <!-- </user-data-constraint> -->
</security-constraint>

Restart the Fedora web application.

Note that if you only change the web.xml file under fedora/webapps, your change will be lost the next time fedora.war is redployed. To persist your changes across deployments, unpack the fedora.war file, edit the WEB-INF/web.xml file as described above, repack the WAR and drop it back in place in your webapps directory.

All Versions

Child pages