You are here

Running Without SSL

Alfresco uses SSL to secure communication between the repository server and the Solr 4 server. In this communication, SSL not only provides encryption, it is also used for authentication. This topic describes how to turn-off SSL and deactivate authentication between Alfresco repository and the Solr server.
  1. Set the solr.secureComms property to none in the alfresco-global.properties file.
  2. Ensure that the solr.port property is set to the correct non-SSL port of the application server in which Solr is running.
  3. In the <solrRootDir>/archive-SpacesStore/conf/solrcore.properties file and <solrRootDir>/workspace-SpacesStore/conf/solrcore.properties file, do the following:
    1. Set the property alfresco.secureComms property to none.
    2. Ensure that the alfresco.port property is set to the correct non-SSL port of the application server in which your repository is running.
  4. In the repository web.xml, remove the following configuration:

    <security-constraint>
       <web-resource-collection>
           <web-resource-name>SOLR</web-resource-name>
           <url-pattern>/service/api/solr/*</url-pattern>
       </web-resource-collection>
    
       <auth-constraint>
           <role-name>repoclient</role-name>
       </auth-constraint>
    
       <user-data-constraint>
           <transport-guarantee>CONFIDENTIAL</transport-guarantee>
       </user-data-constraint>
    </security-constraint>
    
    <security-constraint>
       <web-resource-collection>
           <web-resource-name>SOLR</web-resource-name>
           <url-pattern>/s/api/solr/*</url-pattern>
       </web-resource-collection>
    
       <auth-constraint>
           <role-name>repoclient</role-name>
       </auth-constraint>
    
       <user-data-constraint>
           <transport-guarantee>CONFIDENTIAL</transport-guarantee>
       </user-data-constraint>
    </security-constraint>
    
    <security-constraint>
        <web-resource-collection>
           <web-resource-name>SOLR</web-resource-name>
           <url-pattern>/wcservice/api/solr/*</url-pattern>
        </web-resource-collection>
    
        <auth-constraint>
           <role-name>repoclient</role-name>
        </auth-constraint>
    
        <user-data-constraint>
           <transport-guarantee>CONFIDENTIAL</transport-guarantee>
        </user-data-constraint>
    </security-constraint>
    
    <security-constraint>
        <web-resource-collection>
           <web-resource-name>SOLR</web-resource-name>
           <url-pattern>/wcs/api/solr/*</url-pattern>
        </web-resource-collection>
    
        <auth-constraint>
           <role-name>repoclient</role-name>
        </auth-constraint>
    
        <user-data-constraint>
           <transport-guarantee>CONFIDENTIAL</transport-guarantee>
        </user-data-constraint>
    </security-constraint>
    
    <login-config>
        <auth-method>CLIENT-CERT</auth-method>
        <realm-name>Repository</realm-name>
    </login-config>
    
    <security-role>
        <role-name>repoclient</role-name>
    </security-role>
  5. In the Solr web.xml, remove the following configuration:

    <security-constraint>
       <web-resource-collection>
          <url-pattern>/*</url-pattern>
       </web-resource-collection>
       <auth-constraint>
          <role-name>repository</role-name>
       </auth-constraint>
          <user-data-constraint>
             <transport-guarantee>CONFIDENTIAL</transport-guarantee>
          </user-data-constraint>
    </security-constraint>
    <login-config>
       <auth-method>CLIENT-CERT</auth-method>
          <realm-name>Solr</realm-name>
    </login-config>
    <security-role>
       <role-name>repository</role-name>
    </security-role>
If you decide to turn-off SSL and deactivate authentication between Alfresco repository and the Solr server, you need to protect your environment. For more information, see Configuring SSL for a production environment.

Sending feedback to the Alfresco documentation team

You don't appear to have JavaScript enabled in your browser. With JavaScript enabled, you can provide feedback to us using our simple form. Here are some instructions on how to enable JavaScript in your web browser.