You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@jackrabbit.apache.org by ni...@planet.nl on 2007/10/26 09:44:16 UTC
Problem with webdav and system user
In our application we have Jackrabbit 1.3.1. We try to get write rights through webdav, but can't get it right. In our repository.xml we have the following security section:
<Security appName="Jackrabbit">
<!--
access manager:
class: FQN of class implementing the AccessManager interface
-->
<AccessManager
class="org.apache.jackrabbit.core.security.SimpleAccessManager">
<!-- <param name="config" value="${rep.home}/access.xml"/> -->
</AccessManager>
<LoginModule
class="org.apache.jackrabbit.core.security.SimpleLoginModule">
<!-- anonymous user name ('anonymous' is the default value) -->
<param name="anonymousId" value="anonymous" />
<!--
default user name to be used instead of the anonymous user
when no login credentials are provided (unset by default)
-->
<!-- <param name="defaultUserId" value="superuser"/> -->
</LoginModule>
</Security>
And our web.xml is also configured:
<servlet>
<servlet-name>Webdav</servlet-name>
<description>The webdav servlet that connects HTTP request to the repository.</description>
<servlet-class>nl.ourcompany.servlet.SimpleWebdavServlet</servlet-class>
<init-param>
<param-name>resource-path-prefix</param-name>
<param-value>/repository</param-value>
<description>defines the prefix for spooling resources out of the repository.</description>
</init-param>
<init-param>
<param-name>missing-auth-mapping</param-name>
<param-value>anonymous:anonymous</param-value>
<description>
Defines how a missing authorization header should be handled. 1) If this init-param is missing, a 401 response is generated. This is suiteable for clients (eg.
webdav clients) for which sending a proper authorization header is not possible if the server never sent a 401. 2) If this init-param is present with an empty
value, null-credentials are returned, thus forcing an null login on the repository. 3) If this init-param has a 'user:password' value, the respective simple
credentials are generated.
</description>
</init-param>
<!--
Optional parameter to define the value of the 'WWW-Authenticate' header
-->
<!--
<init-param>
<param-name>authenticate-header</param-name>
<param-value>Basic realm="Jackrabbit Webdav Server"</param-value>
<description>
Defines the value of the 'WWW-Authenticate' header.
</description>
</init-param>
-->
<!--
Parameter used to configure behaviour of webdav resources such as:
- destinction between collections and non-collections
- resource filtering
-->
<init-param>
<param-name>resource-config</param-name>
<param-value>/WEB-INF/jcr-webdav-config.xml</param-value>
<description>Defines various dav-resource configuration parameters.</description>
</init-param>
<load-on-startup>4</load-on-startup>
</servlet>
Where the servlet-class is a straight copy of the Jackrabbit class.
With this configuration we are able to list the files in a WebDAV browser (like Konquerer), for example on webdav://localhost/context/repository/default. Also, when we try to log on with system (webdav://system@localhost/context/repository/default) we get the listing, but we are not allowed to do any file modification (move, delete, create, adjust).
In earlier versions of Jackrabbit we were allowed to do file modifications. Is this changed somehow? And how can we change files through webdav at the moment?
With regards,
Nick Stolwijk
Re: Problem with webdav and system user
Posted by Angela Schreiber <an...@day.com>.
hi nick
from what i see in your web.xml you have the missing-auth-mapping
set to <param-value>anonymous:anonymous</param-value>.
you are never be prompted for authentication, right?
so, you always get a session for the anonymous user when
requesting through the webdav server.
and i would assume, that the anonymous user does not have
write permission.
if this is the reason for you problem, i would suggest, that
you either omit the missing-auth-mapping parameter or set
the param-value to define the userId/password of a user that
has write permission.
hope that helps
angela
nick_stolwijk@planet.nl wrote:
> In our application we have Jackrabbit 1.3.1. We try to get write rights through webdav, but can't get it right. In our repository.xml we have the following security section:
>
> <Security appName="Jackrabbit">
> <!--
> access manager:
> class: FQN of class implementing the AccessManager interface
> -->
> <AccessManager
> class="org.apache.jackrabbit.core.security.SimpleAccessManager">
> <!-- <param name="config" value="${rep.home}/access.xml"/> -->
> </AccessManager>
>
> <LoginModule
> class="org.apache.jackrabbit.core.security.SimpleLoginModule">
> <!-- anonymous user name ('anonymous' is the default value) -->
> <param name="anonymousId" value="anonymous" />
> <!--
> default user name to be used instead of the anonymous user
> when no login credentials are provided (unset by default)
> -->
> <!-- <param name="defaultUserId" value="superuser"/> -->
> </LoginModule>
> </Security>
>
> And our web.xml is also configured:
> <servlet>
> <servlet-name>Webdav</servlet-name>
> <description>The webdav servlet that connects HTTP request to the repository.</description>
> <servlet-class>nl.ourcompany.servlet.SimpleWebdavServlet</servlet-class>
>
> <init-param>
> <param-name>resource-path-prefix</param-name>
> <param-value>/repository</param-value>
> <description>defines the prefix for spooling resources out of the repository.</description>
> </init-param>
>
> <init-param>
> <param-name>missing-auth-mapping</param-name>
> <param-value>anonymous:anonymous</param-value>
> <description>
> Defines how a missing authorization header should be handled. 1) If this init-param is missing, a 401 response is generated. This is suiteable for clients (eg.
> webdav clients) for which sending a proper authorization header is not possible if the server never sent a 401. 2) If this init-param is present with an empty
> value, null-credentials are returned, thus forcing an null login on the repository. 3) If this init-param has a 'user:password' value, the respective simple
> credentials are generated.
> </description>
> </init-param>
>
> <!--
> Optional parameter to define the value of the 'WWW-Authenticate' header
> -->
> <!--
> <init-param>
> <param-name>authenticate-header</param-name>
> <param-value>Basic realm="Jackrabbit Webdav Server"</param-value>
> <description>
> Defines the value of the 'WWW-Authenticate' header.
> </description>
> </init-param>
> -->
> <!--
> Parameter used to configure behaviour of webdav resources such as:
> - destinction between collections and non-collections
> - resource filtering
> -->
> <init-param>
> <param-name>resource-config</param-name>
> <param-value>/WEB-INF/jcr-webdav-config.xml</param-value>
> <description>Defines various dav-resource configuration parameters.</description>
> </init-param>
> <load-on-startup>4</load-on-startup>
> </servlet>
>
> Where the servlet-class is a straight copy of the Jackrabbit class.
>
> With this configuration we are able to list the files in a WebDAV browser (like Konquerer), for example on webdav://localhost/context/repository/default. Also, when we try to log on with system (webdav://system@localhost/context/repository/default) we get the listing, but we are not allowed to do any file modification (move, delete, create, adjust).
>
> In earlier versions of Jackrabbit we were allowed to do file modifications. Is this changed somehow? And how can we change files through webdav at the moment?
>
> With regards,
>
> Nick Stolwijk
>