Question: I inadvertently chose SSL for API-M access when I installed Fedora, and now I want plain HTTP access to API-M functions without reinstalling Fedora. How can I reconfigure Fedora to allow non-SSL access to API-M?
Answer: In the installed webapp, the WEB-INF/web.xml
file has a <security-constraint>
block with a description of APIM. There's a <user-data-constraint>
block with a transport-guarantee value of CONFIDENTIAL. If you comment out or remove that <user-data-constraint>
block, Tomcat won't require SSL for those resources (API-M).
Instructions:
WEB-INF/web.xml
under the fedora
webapp directory in your webapp server (Tomcat, in most cases). Comment out the relevant <user-data-constraint>
block:
<security-constraint> <web-resource-collection> <web-resource-name>Fedora Repository Server</web-resource-name> <description>Fedora-generated security-constraint</description> <description>APIM</description> <url-pattern>/index.html</url-pattern> <url-pattern>/getDSAuthenticated</url-pattern> <url-pattern>/management/getNextPID</url-pattern> <url-pattern>/management/upload</url-pattern> <url-pattern>/services/management</url-pattern> <url-pattern>*.jws</url-pattern> </web-resource-collection> <!-- Commented out to disable SSL-only access to API-M functions --> <!-- <user-data-constraint> --> <!-- <transport-guarantee>CONFIDENTIAL</transport-guarantee> --> <!-- </user-data-constraint> --> </security-constraint> |
Note that if you only change the |