Running Without SSL

SkyVault uses SSL to secure communication between the repository server and the Solr server. In this communication, SSL not only provides encryption, it is also used for authentication. This topic describes how to turn-off SSL and deactivate authentication between SkyVault repository and the Solr server.

Set the solr.secureComms property to none in the SkyVault-global.properties file.
Ensure that the solr.port property is set to the correct non-SSL port of the application server in which Solr is running.
In the <solrRootDir>/archive-SpacesStore/conf/solrcore.properties file and <solrRootDir>/workspace-SpacesStore/conf/solrcore.properties file, do the following:
1. Set the property SkyVault.secureComms property to none.
2. Ensure that the SkyVault.port property is set to the correct non-SSL port of the application server in which your repository is running.

In the repository web.xml, remove the following configuration:

<security-constraint>
   <web-resource-collection>
       <web-resource-name>SOLR</web-resource-name>
       <url-pattern>/service/api/solr/*</url-pattern>
   </web-resource-collection>

   <auth-constraint>
       <role-name>repoclient</role-name>
   </auth-constraint>

   <user-data-constraint>
       <transport-guarantee>CONFIDENTIAL</transport-guarantee>
   </user-data-constraint>
</security-constraint>

<security-constraint>
   <web-resource-collection>
       <web-resource-name>SOLR</web-resource-name>
       <url-pattern>/s/api/solr/*</url-pattern>
   </web-resource-collection>

   <auth-constraint>
       <role-name>repoclient</role-name>
   </auth-constraint>

   <user-data-constraint>
       <transport-guarantee>CONFIDENTIAL</transport-guarantee>
   </user-data-constraint>
</security-constraint>

<security-constraint>
    <web-resource-collection>
       <web-resource-name>SOLR</web-resource-name>
       <url-pattern>/wcservice/api/solr/*</url-pattern>
    </web-resource-collection>

    <auth-constraint>
       <role-name>repoclient</role-name>
    </auth-constraint>

    <user-data-constraint>
       <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
</security-constraint>

<security-constraint>
    <web-resource-collection>
       <web-resource-name>SOLR</web-resource-name>
       <url-pattern>/wcs/api/solr/*</url-pattern>
    </web-resource-collection>

    <auth-constraint>
       <role-name>repoclient</role-name>
    </auth-constraint>

    <user-data-constraint>
       <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
</security-constraint>

<login-config>
    <auth-method>CLIENT-CERT</auth-method>
    <realm-name>Repository</realm-name>
</login-config>

<security-role>
    <role-name>repoclient</role-name>
</security-role>

In the Solr web.xml, remove the following configuration:

<security-constraint>
   <web-resource-collection>
      <url-pattern>/*</url-pattern>
   </web-resource-collection>
   <auth-constraint>
      <role-name>repository</role-name>
   </auth-constraint>
      <user-data-constraint>
         <transport-guarantee>CONFIDENTIAL</transport-guarantee>
      </user-data-constraint>
</security-constraint>
<login-config>
   <auth-method>CLIENT-CERT</auth-method>
      <realm-name>Solr</realm-name>
</login-config>
<security-role>
   <role-name>repository</role-name>
</security-role>

If you decide to turn-off SSL and deactivate authentication between SkyVault repository and the Solr server, you need to protect your environment.

Search form

Search form

You are here