Question

I inadvertently chose SSL for API-M access when I installed Fedora, and now I want plain HTTP access to API-M functions without reinstalling Fedora.  How can I reconfigure Fedora to allow non-SSL access to API-M?

Answer

As of fedora 3.5, security settings are configured by Spring within FEDORA_HOME. Prior to this release, ssl could be enabled and disabled only be editing the web.xml file within the deployed fedora war. Now, such settings are easily achieved by editing a .properties file in FEDORA_HOME/server/config/spring/web. More complex tasks, such as requiring ssl for individual resources regardless of the general api-a or api-m settings, are possible by editing spring bean xml files.

Instructions:

1. Edit the FEDORA_HOME/server/config/spring/web/web.properties file. There are three relevant properties that will affect ssl behaviour, which will look like this example:

   security.ssl.api.access=ANY_CHANNEL
   security.ssl.api.management=REQUIRES_SECURE_CHANNEL
   security.ssl.api.default=ANY_CHANNEL
   

   where security.ssl.api.access controls ssl for api-a, security.ssl.api.management controls ssl for api-m, and security.ssl.api.default controls ssl for other resourses (unused at present). Acceptable values are ANY_CHANNEL to allow non-ssl connections, and REQUIRES_SECURE_CHANNEL for forced ssl.
2. (Optional) FEDORA_HOME/server/config/spring/web/security.xml if it is necessary to enable or disable ssl for individual resources one by one. Typically, this would only be necessary if exceptions to the general api-a or api-m rules are needed. SSL configuration within this file uses the spring security namespace, and property substitution (e.g. look for placeholders such as ${security.ssl.api.management}). For more information, see the spring 3.0.x channel security documentation.
3. Restart the Fedora web application.