Current Release

This documentation covers the current version of Fedora. Looking for another version? See all documentation.

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

Running Fedora without authorization means that the REST API is available to any request coming from the container and lacks any finer-grained security. This is useful when Fedora is running behind another application that connects to Fedora and implements its own security checks. This configuration is also useful for temporary demonstrations and for running software tests that do not require security.

Disabling auth in Fedora does not preclude the use of container authentication to secure Fedora. However, container roles are not used for any further authorization within Fedora. All requests are treated as superusers.

Auth is disabled by default in the Jetty one-click version of Fedora.

Step-by-Step Configuration

  1. Set the fcrepo.auth.enabled property to false. This can be done in a properties file or with a -D argument.
  2. Edit Fedora's web.xml so that all of the auth related configuration is removed or commented out. Here is an example of what the modified web.xml should look like. The web.xml is located in the WEB-INF directory within the Fedora webapp when it is deployed in Tomcat.
  • No labels

All content on the LYRASIS Wiki is licensed under the CC BY (Attribution) license, unless otherwise noted.