Old Release

This documentation covers an old version of Fedora. Looking for another version? See all documentation.

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Running Fedora without authorization means that the REST API is either available or not and lacks any finer-grained security. This is useful when Fedora is running behind another application that connects with a administrative role and implements its own security checks. In addition, this configuration is useful for temporary demonstrations and for running software tests that do not require security.

The security bypass for REST endpoint is accomplished by supplying an alternate ModeShape authentication provider for servlet credentials. This servlet authentication provider permits all actions at the modeshape level and does not use a PEP.

Step-by-Step:

  1. If you previous configured a PEP, open your repo.xml file and remove any beans that are instances of "org.fcrepo.auth.ServletContainerAuthenticationProvider".
  2. Also remove the PEP bean, if one was configured.
  3. Remove the depends-on attribute on the modeshapeRepofactory bean, if there is one.
  4. Open your repository.json file
  5. Under security, configure the "BypassSecurityServletAuthenticationProvider", as shown in the example below.

Example repository.json (security section)

"security" : {
  "anonymous" : {
    "roles" : ["readonly","readwrite","admin"],
    "useOnFailedLogin" : false
  },
  "providers" : [
    { "classname" : "org.fcrepo.http.commons.session.BypassSecurityServletAuthenticationProvider" }
  ]
},
  • No labels

All content on the LYRASIS Wiki is licensed under the CC BY (Attribution) license, unless otherwise noted.