Tuesday May 16, 2006

New Feature WebDAV Access Control Protocol In Sun Java System Web Server 7.0


New Feature WebDAV Access Control Protocol In Sun Java System Web Server 7.0

 There's a whole bunch of new stuff in Sun Java System Web Server 7.0, and you can download it for free from http://www.sun.com/download/index.jsp?cat=Web%20%26%20Proxy%20Servers&tab=3&subcat=Web%20Servers .

Remote Content Manipulation And Remote Access Control

Whenever I create website for myself for personal use or when I need to use a website that is common to our group with more than one member modifying the content, I always want to
  • Create, modify or delete files on a website via a HTTP without actually ftp'ing the files into the machine that contains the content.
  • Lock a page when I am modifying a file and prevent my team members from modifying it at the same time.
  • Create directories on a website just by sending a simple HTTP command remotely rather than logging into the machine where web server is installed and then creating the directory by typing "mkdir foo".
  • Copy and move files around without actually logging into the machine that contains the content.
  • Associating properties to a file.
More than that, I also want to
  • Control who can view, modify (access) the file I have created rather than telling the web site administrator to do it for me that too without a server restart.
  • Finding out how many files I myself have created inside a directory on a website.
  • Finding out who has created a file (Who is the owner of a file).
  • Finding out how many files I can view, modify inside a directory on a website.
  • Finer control of privileges like write-content, write-properties, bind, write-acl than merely write privileges.

WebDAV and WebDAV Access Control Protocol support in Sun Java System Web Server 7

Check this out, we have implemented ALL this Sun Java System Web Server 7. It was an experience reading RFC and implementing it. What I found the toughest part was reusing the existing infrastructure with bare minimum changes to the core and yet meeting the deadlines !!

Sun Java System Web Server 7 now
  • Conforms to WebDAV protocol as defined by the RFC 2518.
    • Supports the following HTTP methods GET, HEAD, OPTIONS, PUT, LOCK, UNLOCK, MKCOL, COPY, MOVE PROPPATCH, DELETE, PROPFIND.
  • Conforms to WebDAV Access Control Protocol as defined by the RFC 3744.
    • Also supports ACL, REPORT(DAV:acl-principal-prop-set, DAV:principal-match, DAV:expand-property), PROPFIND (DAV:acl and DAV:current-user-privilege-set property).
    • Has finer access rights like dav:all, dav:read, dav:read-acl, dav:read-current-user-privilege-set, dav:write, dav:write-acl, dav:write-properties, dav:write-content, dav:bind, dav:unbind, dav:unlock.
Assuming I am a user alpha (and I have DAV:write-acl privileges on this file). I want to allows all users in group foo, read privileges, and user alpha all privileges on a file I created, all I have to do is send an ACL request through a WebDAV client or telnet as follows
ACL /col1/myfile.html HTTP/1.1
Host: test.sun.com
Content-type: text/xml; charset="utf-8"
Content-Length: xxx
Authorization: xxx

<?xml version="1.0" encoding="utf-8"?>
<D:multistatus xmlns:D="DAV:">
  <D:acl>
    <D:ace>
      <D:principal>
          <D:href>http://test.sun.com/magnus-internal/my-ldap-auth-db/groups/foo</D:href>
      </D:principal>
      <D:grant>
        <D:privilege><D:read/></D:privilege>
      </D:grant>
    </D:ace>
    <D:ace>
      <D:principal>
          <D:href>http://
test.sun.com/magnus-internal/my-ldap-auth-db/users/alpha</D:href>
      </D:principal>
      <D:grant>
        <D:privilege><D:all/></D:privilege>
      </D:grant>
    </D:ace>

  </D:acl>
</D:multistatus>

Explore WebDAV and WebDAV Access Control features and let us know,

Configuring WebDAV in Sun Java System Web Server 7.0

Configuring WebDAV in Sun Java System Web Server 7.0

Download Sun Java System Web Server 7.0 absolutely free from here .

Also check out my next blog about WebDAV Access Control Protocol(RFC 3744) support in Sun Java System Web Server 7.0.

Overview

WebDAV stands for "Web-based Distributed Authoring and Versioning". It is a set of extensions to the HTTP protocol which allows users to collaboratively edit and manage files on remote web servers. Sun Java System Web Server 7.0 conforms to WebDAV protocol as defined by the RFC 2518 and the WebDAV Access Control Protocol specification as defined by the RFC 3744.
In this article I will describe how to configure WebDAV in Sun Java System Web Server 7.0 via Administration CLI.

Steps to configure WebDAV in Sun Java System Web Server 7.0

Go to Sun Java System Web Server 7.0 installation directory.
Start Admin Server.
./admin-server/bin/startserv
Start wadm.
./bin/wadm --user=admin
Please enter admin-user-password>
Sun Java System Web Server 7.0 B12/02/2005 18:02
wadm>

Enabling WebDAV at instance level

wadm>enable-webdav --config=test
CLI201 Command "enable-webdav" ran successfully

Note the new lines in magnus.conf, default.acl and server.xml as given below
magnus.conf
...
Init fn="load-modules" shlib="libdavplugin.so" funcs="init-dav,ntrans-dav,pcheck-dav,service-dav" shlib_flags="(global|now)"
Init fn="init-dav" LateInit="yes"
\*For Windows it is davplugin.dll and for HP-UX it is libdavplugin.sl

server.xml
...
<dav/>
...

default.acl
...
acl "uri=/magnus-internal";
deny (all) user = "anyone";
allow (list) user = "all";

acl "dav-src";
deny (all) user = "anyone";

Adding a DAV collection

wadm>create-dav-collection --config=test --vs=test --uri=/dav --sourceuri=/source
CLI201 Command "create-dav-collection" ran successfully

To verify that the command ran successfully you can see the changes in server.xml and obj.conf as given below
server.xml
...
<dav-collection>
<uri>/dav</uri>
<source-uri>/source</source-uri>
</dav-collection>
...
obj.conf
...
NameTrans fn="ntrans-dav" name="dav"
...
PathCheck fn="pcheck-dav"
...
Service fn="service-dav" method="(OPTIONS|PUT|DELETE|COPY|MOVE|PROPFIND|PROPPATCH|LOCK|UNLOCK|MKCOL|ACL|REPORT)"
...
<Object name="dav">
PathCheck fn="check-acl" acl="dav-src"
Service fn="service-dav" method="(GET|HEAD|POST|PUT|DELETE|COPY|MOVE|PROPFIND|PROPPATCH|LOCK|UNLOCK|MKCOL|ACL|REPORT)"
</Object>

Now set appropriate ACLs in default.acl or create a new ACL file for this virtual server and set ACLs in it. Make sure that the users have appropriate "rwx" permissions in docroot as required.
Note that ntrans-dav directive has to be the first Nametrans directive (before ntrans-j2ee directive) and pcheck-dav directive has to be the last PathCheck directive (after find-index-j2ee directive).

Difference Between Source Uri and Content Uri

Suppose we crate a dav-collection with content uri "/dav" and source uri as "/source".
Sending a request,
GET /dav/test.jsp HTTP/1.0
will return the output of the jsp
Hello World!!

Sending a request,
GET /source/test.jsp HTTP/1.0
will return the source of the jsp
< % System.out.println("Hello World!!"); % >

Advanced CLIs

Listing DAV collections

Normal listing
wadm>list-dav-collections --config=test --vs=test
/dav
Detailed listing
wadm>list-dav-collections --config=test --vs=test -l
uri     source-uri     enabled

------------------------------
/dav     /source     true

Setting properties at server level

wadm>set-webdav-prop --config=test max-xml-request-body-size=1024
CLI201 Command "set-webdav-prop" ran successfully

Verify by getting the properties as shown in the next section.

Getting properties of DAV at server level

wadm>get-webdav-prop --config=test
acl-db-max-entries=10
auth-method=basic
default-owner=webservd
property-db-update-interval=0
lock-db-update-interval=0
max-xml-request-body-size=1024
auth-prompt=Sun Java System Web Server WebDAV
max-propfind-depth=1
property-db-max-size=8192
acl-db-update-interval=0
acl-db-max-size=8192
max-expand-property-depth=3
auth-auth-db-name=keyfile
max-report-response-elements=1000
enabled=true
min-lock-timeout=0

Setting DAV Collection Properties

wadm>set-dav-collection-prop --config=test --vs=test --uri=/dav min-lock-timeout=60
CLI201 Command "set-dav-collection-prop" ran successfully

Verify this by getting the properties as shown in next section

Getting properties of a DAV Collection

wadm> get-dav-collection-prop --config=test --vs=test --uri=/dav
acl-db-max-entries=10
auth-method=basic
property-db-update-interval=0
lock-db-update-interval=0
source-uri=/source
max-xml-request-body-size=8192
auth-prompt=Sun Java System Web Server WebDAV
max-propfind-depth=1
property-db-max-size=8192
acl-db-update-interval=0
acl-db-max-size=8192
max-expand-property-depth=3
max-report-response-elements=1000
uri=/dav
enabled=true
auth-auth-db-name=keyfile
min-lock-timeout=60

Disabling DAV Collection

wadm>disable-dav-collection --config=test --vs=test --uri=/dav
CLI201 Command "disable-dav-collection" ran successfully

Enabling DAV Collection

wadm>enable-dav-collection --config=test --vs=test --uri=/dav
CLI201 Command "enable-dav-collection" ran successfully

Deleting a DAV collection

wadm>delete-dav-collection --config=test --vs=test --uri=/dav
CLI201 Command "delete-dav-collection" ran successfully

Disabling WebDAV at server level

wadm>disable-webdav --config=test
CLI201 Command "disable-webdav" ran successfully

About

Meena Vyas

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today