You are viewing a plain text version of this content. The canonical link for it is here.
Posted to slide-user@jakarta.apache.org by Jacob Lund <jl...@qualiware.com> on 2002/10/04 12:27:47 UTC
Verifying access
Hi,
How do I check if I have access to a given resource, in case it has a
lock on it?
I have a resource with an exclusive lock on it, and now I want to check
it I have access to this resource!
What I do is retrieve the lock-token and now I need to check if the user
owns this lock! I then add this lock-token to a request header and then
test if I can operate on the resource by adding a new meta-tag and then
remove it again!
But is there an easier way to verify if current user owns the lock on a
given resource?
/Jacob
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: Plan for slide 2
Posted by Ganael LAPLANCHE <gl...@jouve.fr>.
Oups... Sorry for the reply Jamin...
Just a mistake
I'm gonna repost my *own* mail ;-)
----- Original Message -----
From: "Ganael LAPLANCHE" <gl...@jouve.fr>
To: "Slide Users Mailing List" <sl...@jakarta.apache.org>
Sent: Wednesday, October 09, 2002 4:50 PM
Subject: Re: Plan for slide 2
> Hi all,
>
> I'm new to slide, and tried to install it.
> Everything seems to work fine but if I try to upload a file with cadaver,
I
> get
> a "500 internal server error" message. I'm running slide with the basic
> configuration,
> with root user...
>
> Could someone help me ?
>
> Gan.
>
> ----- Original Message -----
> From: "jamin rubio" <jr...@jouve.fr>
> To: "'Slide Users Mailing List'" <sl...@jakarta.apache.org>
> Sent: Wednesday, October 09, 2002 2:47 PM
> Subject: Plan for slide 2
>
>
> > Hi all,
> >
> > Is there any idea here of the slide 2 release schedule date...it seems
> that
> > there is a lot of things done throw cvs...
> >
> > Thanks for this excellent piece of work
> >
> > Jamin
> >
> >
> > --
> > To unsubscribe, e-mail:
> <ma...@jakarta.apache.org>
> > For additional commands, e-mail:
> <ma...@jakarta.apache.org>
> >
> >
>
>
> --
> To unsubscribe, e-mail:
<ma...@jakarta.apache.org>
> For additional commands, e-mail:
<ma...@jakarta.apache.org>
>
>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: Plan for slide 2
Posted by Ganael LAPLANCHE <gl...@jouve.fr>.
Hi all,
I'm new to slide, and tried to install it.
Everything seems to work fine but if I try to upload a file with cadaver, I
get
a "500 internal server error" message. I'm running slide with the basic
configuration,
with root user...
Could someone help me ?
Gan.
----- Original Message -----
From: "jamin rubio" <jr...@jouve.fr>
To: "'Slide Users Mailing List'" <sl...@jakarta.apache.org>
Sent: Wednesday, October 09, 2002 2:47 PM
Subject: Plan for slide 2
> Hi all,
>
> Is there any idea here of the slide 2 release schedule date...it seems
that
> there is a lot of things done throw cvs...
>
> Thanks for this excellent piece of work
>
> Jamin
>
>
> --
> To unsubscribe, e-mail:
<ma...@jakarta.apache.org>
> For additional commands, e-mail:
<ma...@jakarta.apache.org>
>
>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Plan for slide 2
Posted by jamin rubio <jr...@jouve.fr>.
Hi all,
Is there any idea here of the slide 2 release schedule date...it seems that
there is a lot of things done throw cvs...
Thanks for this excellent piece of work
Jamin
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
RE: Verifying access
Posted by Julian Reschke <ju...@gmx.de>.
> From: Andreas Probst [mailto:andpro77@gmx.net]
> Sent: Wednesday, October 09, 2002 12:18 PM
> To: Slide Users Mailing List
> Subject: RE: Verifying access
>
>
> Hi all,
>
> please see intermixed.
>
> Andreas
>
>
> On 8 Oct 2002 at 14:47, Julian Reschke wrote:
>
> > > From: Jacob Lund [mailto:jl@qualiware.com]
> > > Sent: Tuesday, October 08, 2002 2:42 PM
> > > To: 'Slide Users Mailing List'
> > > Subject: RE: Verifying access
> > >
> > >
> > > Thanks for the reply!
> > >
> > > From what I can see in the thread you referred to, they do not verify
> > > that they have access rights!
> > >
> > > You where right about the lock-token! In the case where a
> user asks for
> > > a lock-token (lockdiscovery or propfind) on a resource where another
> > > user took out the lock - the locktoken will be:
> > > opaquelocktoken:faketoken! However this response does not seem to be
> >
> > If this is indeed returned, it's a severe bug in Slide that needs to be
> > fixed.
>
> I thought the faketoken was returned to prevent users from
> stealing other users' locks.
That may be the intent, but it breaks the protocol. The URI returned as lock
token
- must be a legal URI (this one isn't, because it doesn't follow the
syntactic rules for the opaquelocktoken scheme)
- must identity the lock.
Prevention of other principals (ab)using the lock token is a completely
separate issue that needs to be treated somewhere else.
> > > described in the webdav or the deltaV documentation! Is this slide
> > > sprcific??
> > >
> > > Basically what I need is some command the verifies write-access to a
> > > resource! Are there any commands beside PUT and PROPPATCH that are
> > > denied when a lock is taken on a resource?
DELETE, RENAME, ...:
--
<green/>bytes GmbH -- http://www.greenbytes.de -- tel:+492512807760
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
RE: Verifying access
Posted by Andreas Probst <an...@gmx.net>.
Hi all,
please see intermixed.
Andreas
On 8 Oct 2002 at 14:47, Julian Reschke wrote:
> > From: Jacob Lund [mailto:jl@qualiware.com]
> > Sent: Tuesday, October 08, 2002 2:42 PM
> > To: 'Slide Users Mailing List'
> > Subject: RE: Verifying access
> >
> >
> > Thanks for the reply!
> >
> > From what I can see in the thread you referred to, they do not verify
> > that they have access rights!
> >
> > You where right about the lock-token! In the case where a user asks for
> > a lock-token (lockdiscovery or propfind) on a resource where another
> > user took out the lock - the locktoken will be:
> > opaquelocktoken:faketoken! However this response does not seem to be
>
> If this is indeed returned, it's a severe bug in Slide that needs to be
> fixed.
I thought the faketoken was returned to prevent users from
stealing other users' locks.
>
> > described in the webdav or the deltaV documentation! Is this slide
> > sprcific??
> >
> > Basically what I need is some command the verifies write-access to a
> > resource! Are there any commands beside PUT and PROPPATCH that are
> > denied when a lock is taken on a resource?
>
> --
> <green/>bytes GmbH -- http://www.greenbytes.de -- tel:+492512807760
>
>
> --
> To unsubscribe, e-mail: <ma...@jakarta.apache.org>
> For additional commands, e-mail: <ma...@jakarta.apache.org>
>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
RE: Verifying access
Posted by Julian Reschke <ju...@gmx.de>.
> From: Jacob Lund [mailto:jl@qualiware.com]
> Sent: Tuesday, October 08, 2002 2:42 PM
> To: 'Slide Users Mailing List'
> Subject: RE: Verifying access
>
>
> Thanks for the reply!
>
> From what I can see in the thread you referred to, they do not verify
> that they have access rights!
>
> You where right about the lock-token! In the case where a user asks for
> a lock-token (lockdiscovery or propfind) on a resource where another
> user took out the lock - the locktoken will be:
> opaquelocktoken:faketoken! However this response does not seem to be
If this is indeed returned, it's a severe bug in Slide that needs to be
fixed.
> described in the webdav or the deltaV documentation! Is this slide
> sprcific??
>
> Basically what I need is some command the verifies write-access to a
> resource! Are there any commands beside PUT and PROPPATCH that are
> denied when a lock is taken on a resource?
--
<green/>bytes GmbH -- http://www.greenbytes.de -- tel:+492512807760
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
RE: Verifying access
Posted by Jacob Lund <jl...@qualiware.com>.
Thanks for the reply!
>From what I can see in the thread you referred to, they do not verify
that they have access rights!
You where right about the lock-token! In the case where a user asks for
a lock-token (lockdiscovery or propfind) on a resource where another
user took out the lock - the locktoken will be:
opaquelocktoken:faketoken! However this response does not seem to be
described in the webdav or the deltaV documentation! Is this slide
sprcific??
Basically what I need is some command the verifies write-access to a
resource! Are there any commands beside PUT and PROPPATCH that are
denied when a lock is taken on a resource?
/Jacob
-----Original Message-----
From: Andreas Probst [mailto:andpro77@gmx.net]
Sent: 8. oktober 2002 13:36
To: Slide Users Mailing List
Subject: RE: Verifying access
Hi Jacob,
I think Slide2 gives you the lock token only if the client user
is the one that locked a resource. Otherwise an opaque lock
token is returned. So if you get a proper lock token and the
logged-in user has write permission, you should be able to write
the resource.
I did not test this, but I wrote a servlet that unlocks a locked
resource by using Slide client methods to connect to Slide's
WebdavServlet. This works only if the logged-in user was the one
that locked the resource before.
Maybe the following archived discussion helps you. Get it by
sending an e-mail to slide-user-thread.2463@jakarta.apache.org
Andreas
On 8 Oct 2002 at 11:53, Jacob Lund wrote:
> Sorry for reposting - but I cannot believe that I am the only one
> having this problem!
>
> What I have is a client that can "reconnect" to a locked resource!
> This is interesting if the client or server crashes and the need to
> reconnect afterward! I do not wish to store additional info about the
> lock on the server or the client!
>
> Therefore I need to retrieve the locktoken and then try to see if I
> can access the resource! The only way, that I could think of, is to
> try and add/remove a property on the resource - and thereby verify
> that I have write-access to the resource!
>
> Is this the way all of you do this, or am I missing something?
>
> Thanks
> Jacob
>
> -----Original Message-----
> From: Jacob Lund [mailto:jl@qualiware.com]
> Sent: 4. oktober 2002 12:28
> To: slide-user@jakarta.apache.org
> Subject: Verifying access
>
>
> Hi,
>
> How do I check if I have access to a given resource, in case it has a
> lock on it?
>
> I have a resource with an exclusive lock on it, and now I want to
> check it I have access to this resource!
>
> What I do is retrieve the lock-token and now I need to check if the
> user owns this lock! I then add this lock-token to a request header
> and then test if I can operate on the resource by adding a new
> meta-tag and then remove it again!
>
> But is there an easier way to verify if current user owns the lock on
> a given resource?
>
> /Jacob
>
>
--
To unsubscribe, e-mail:
<ma...@jakarta.apache.org>
For additional commands, e-mail:
<ma...@jakarta.apache.org>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
RE: Verifying access
Posted by Andreas Probst <an...@gmx.net>.
Hi Jacob,
I think Slide2 gives you the lock token only if the client user
is the one that locked a resource. Otherwise an opaque lock
token is returned. So if you get a proper lock token and the
logged-in user has write permission, you should be able to write
the resource.
I did not test this, but I wrote a servlet that unlocks a locked
resource by using Slide client methods to connect to Slide's
WebdavServlet. This works only if the logged-in user was the one
that locked the resource before.
Maybe the following archived discussion helps you. Get it by
sending an e-mail to slide-user-thread.2463@jakarta.apache.org
Andreas
On 8 Oct 2002 at 11:53, Jacob Lund wrote:
> Sorry for reposting - but I cannot believe that I am the only one having
> this problem!
>
> What I have is a client that can "reconnect" to a locked resource! This
> is interesting if the client or server crashes and the need to reconnect
> afterward! I do not wish to store additional info about the lock on the
> server or the client!
>
> Therefore I need to retrieve the locktoken and then try to see if I can
> access the resource! The only way, that I could think of, is to try and
> add/remove a property on the resource - and thereby verify that I have
> write-access to the resource!
>
> Is this the way all of you do this, or am I missing something?
>
> Thanks
> Jacob
>
> -----Original Message-----
> From: Jacob Lund [mailto:jl@qualiware.com]
> Sent: 4. oktober 2002 12:28
> To: slide-user@jakarta.apache.org
> Subject: Verifying access
>
>
> Hi,
>
> How do I check if I have access to a given resource, in case it has a
> lock on it?
>
> I have a resource with an exclusive lock on it, and now I want to check
> it I have access to this resource!
>
> What I do is retrieve the lock-token and now I need to check if the user
> owns this lock! I then add this lock-token to a request header and then
> test if I can operate on the resource by adding a new meta-tag and then
> remove it again!
>
> But is there an easier way to verify if current user owns the lock on a
> given resource?
>
> /Jacob
>
>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
RE: Verifying access
Posted by Jacob Lund <jl...@qualiware.com>.
Sorry for reposting - but I cannot believe that I am the only one having
this problem!
What I have is a client that can "reconnect" to a locked resource! This
is interesting if the client or server crashes and the need to reconnect
afterward! I do not wish to store additional info about the lock on the
server or the client!
Therefore I need to retrieve the locktoken and then try to see if I can
access the resource! The only way, that I could think of, is to try and
add/remove a property on the resource - and thereby verify that I have
write-access to the resource!
Is this the way all of you do this, or am I missing something?
Thanks
Jacob
-----Original Message-----
From: Jacob Lund [mailto:jl@qualiware.com]
Sent: 4. oktober 2002 12:28
To: slide-user@jakarta.apache.org
Subject: Verifying access
Hi,
How do I check if I have access to a given resource, in case it has a
lock on it?
I have a resource with an exclusive lock on it, and now I want to check
it I have access to this resource!
What I do is retrieve the lock-token and now I need to check if the user
owns this lock! I then add this lock-token to a request header and then
test if I can operate on the resource by adding a new meta-tag and then
remove it again!
But is there an easier way to verify if current user owns the lock on a
given resource?
/Jacob
--
To unsubscribe, e-mail:
<ma...@jakarta.apache.org>
For additional commands, e-mail:
<ma...@jakarta.apache.org>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>