Latest 3.x Release
This documentation covers the latest release of the legacy 3.x Fedora. Looking for another version? See all documentation.
Fedora 4 Development
Looking for Fedora's currently active development?
Question
I inadvertently chose SSL for API-M access when I installed Fedora, and now I want plain HTTP access to API-M functions without reinstalling Fedora. How can I reconfigure Fedora to allow non-SSL access to API-M?
Answer
As of fedora 3.5, security settings are configured by Spring within FEDORA_HOME
. Prior to this release, ssl could be enabled and disabled only be editing the web.xml
file within the deployed fedora war. Now, such settings are easily achieved by editing a .properties file in FEDORA_HOME/server/config/spring/web
. More complex tasks, such as requiring ssl for individual resources regardless of the general api-a or api-m settings, are possible by editing spring bean xml files.
Instructions:
- Edit the
FEDORA_HOME/server/config/spring/web/web.properties
file. There are three relevant properties that will affect ssl behaviour, which will look like this example:wheresecurity.ssl.api.access=ANY_CHANNEL security.ssl.api.management=REQUIRES_SECURE_CHANNEL security.ssl.api.default=ANY_CHANNEL
security.ssl.api.access
controls ssl for api-a,security.ssl.api.management
controls ssl for api-m, andsecurity.ssl.api.default
controls ssl for other resourses (unused at present). Acceptable values areANY_CHANNEL
to allow non-ssl connections, andREQUIRES_SECURE_CHANNEL
for forced ssl. - (Optional)
FEDORA_HOME/server/config/spring/web/security.xml
if it is necessary to enable or disable ssl for individual resources one by one. Typically, this would only be necessary if exceptions to the general api-a or api-m rules are needed. SSL configuration within this file uses the spring security namespace, and property substitution (e.g. look for placeholders such as${security.ssl.api.management
}). For more information, see the spring 3.0.x channel security documentation. - Restart the Fedora web application.