REST interface unexpectedly forwarding to https / port 8443

[Benedikt Kroll]

Hello all,

I am running DSpace 5.5 and 6.0-rc1 on Open Suse 13.2 VMs for testing,
and I can't get the REST interface to work. When calling
http://localhost:8080/rest, it gets forwarded to
https://localhost:8443/rest (status code 302) and then fails because
my test VMs are not configured for HTTPS. When calling the XMLUI via
http, it stays on that port and protocol, so the problem seems to be
about REST only.

If anyone could point me to what I am missing, that would be really
great. I looked through the config files and did some web searching, but
didn't find a solution. DSpace and Tomcat are not configured to forward
to HTTPS anywhere, as far as I see.

Thanks!

Benedikt Kroll

[Ondřej Košarko]

Hi,

this behavior is documented in

https://wiki.duraspace.org/display/DSDOC5x/REST+API quoting:

"In DSpace 5, the REST API adds authentication, allows Creation, Update, and Delete to objects, can access restricted materials if authorized, and it requires SSL. For localhost development purposes, SSL can add additional getting-started difficulty, so security can be disabled. To disable DSpace REST's requirement to require security/ssl, alter [dspace]/webapps/rest/WEB-INF/web.xml or [dspace-source]/dspace-rest/src/main/webapp/WEB-INF/web.xml and comment out the security-constraint block, and restart your servlet container. Production usages of the REST API should use SSL, as authentication credentials should not go over the internet unencrypted."

Regards,

Ondrej Kosarko

Benedikt Kroll

--
You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dspace-tech...@googlegroups.com.
To post to this group, send email to dspac...@googlegroups.com.
Visit this group at https://groups.google.com/group/dspace-tech.
For more options, visit https://groups.google.com/d/optout.

[Claudia Jürgen]

Hallo Benedikt,

you can diable the ssl security constraint see https://wiki.duraspace.org/display/DSDOC5x/REST+API

"In DSpace 5, the REST API adds authentication, allows Creation, Update, and Delete to objects, can access restricted materials if authorized, and it requires SSL. For localhost development purposes, SSL can add additional getting-started difficulty, so security can be disabled. To disable DSpace REST's requirement to require security/ssl, alter [dspace]/webapps/rest/WEB-INF/web.xml or [dspace-source]/dspace-rest/src/main/webapp/WEB-INF/web.xml and comment out the security-constraint block, and restart your servlet container. Production usages of the REST API should use SSL, as authentication credentials should not go over the internet unencrypted."

Hope this helps

Claudia Jürgen

-- 
Claudia Juergen
Eldorado

Technische Universität Dortmund
Universitätsbibliothek
Vogelpothsweg 76
44227 Dortmund

Tel.: +49 231-755 40 43
Fax: +49 231-755 40 32
claudia...@tu-dortmund.de
www.ub.tu-dortmund.de

Wichtiger Hinweis: Die Information in dieser E-Mail ist vertraulich. Sie ist ausschließlich für den Adressaten bestimmt. Sollten Sie nicht der für diese E-Mail bestimmte Adressat sein, unterrichten Sie bitte den Absender und vernichten Sie diese Mail. Vielen Dank.
Unbeschadet der Korrespondenz per E-Mail, sind unsere Erklärungen ausschließlich final rechtsverbindlich, wenn sie in herkömmlicher Schriftform (mit eigenhändiger Unterschrift) oder durch Übermittlung eines solchen Schriftstücks per Telefax erfolgen.

Important note: The information included in this e-mail is confidential. It is solely intended for the recipient. If you are not the intended recipient of this e-mail please contact the sender and delete this message. Thank you. Without prejudice of e-mail correspondence, our statements are only legally binding when they are made in the conventional written form (with personal signature) or when such documents are sent by fax.