Re: AW: ACL questions
This ambiguity has caught me out before, spent days chasing ACL problems only to find the 'order' of the entries makes a difference. If one is to use this 'hack' one might find oneself in trouble later down the line, with one's users not having access to their files because you have updated to some fture version of slide that works differently. Also is this the same for different backend stores, can differences occur if store backend are changed. What is the official position on this for slide, or rather what the webdav official position on the way such ACL's are inplemented ? It would be nice to have a definative (unified) interpretation on the slide list Daniel Florey wrote: As far as I can remember the ordering of the ACL is very important for the resulting permissions. The first entry that matches the user/required permission will indicate if the user if allowed to perform the required action. If this is true it would be possible to achieve what you had in mind by simply ordering the acls in the right way. Cheers, Daniel -Ursprüngliche Nachricht- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Pontus Strand Gesendet: Mittwoch, 15. Dezember 2004 10:28 An: Slide Users Mailing List (E-mail) Betreff: ACL questions Hello, I have spent a couple of days working with user access rights in the application we are building. And I think I understand how things work by now, almost ... :-) A couple of questions remain, however... The customer we work for wants the initial creator of a document to be the only one who has the right to assign access rights to that document. And that is impossible, it seems, given the way ACL work in Slide. The way I want this to work is to first grant "read" and "write" to our user groups (roles) on the collection where the file is stored. Second, I grant "read-acl" and "write-acl2 to the user that created the document. Finally, I deny "read-acl" and "write-acl" to our user groups. However, since the user is part of one of the user groups, the user is also denied "read-acl" and "write-acl". Now to my question, is there any way around this? I.e. can I grant a user belonging to a group higher access rights than that group? Another question in this area: Assume that we have a user A that is a member of groups B and C. Group B has "read" and "write" rights on a file and group C only has "read" rights. Will user A be able to write to that file? This is not really part of the problem I need to solve, it just curiosity :-) Best regards, Pontus Strand - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Cannot browse WebDAV in Windows XP
I had this XP log on issue, whereby xp insisted on appending a hostname to the login. It only happens on certain xp clients. In my case I was running slide on port 80 (for firewall reasons), so entering the url in the add network places wizard would be something like : http://x.x.x.x/slide/files This resulted in the issues as described. However when i appended the port number i.e. http://x.x.x.x:80/slide/files the issue stopped. That is XPO stopped appending a host and logged in perfectly. I'll add a cautionary note however, XP on some versions has an issue with slide running on port 80, it suffers from the infinite directory problem, where by the directory listing contains itself!!! Try explaining that one to your users. (This issues is know and can be seen under http://greenbytes.de/tech/webdav/webfolder-client-list.html as file-mismatch) You have been warned!! PS The solution is not to use port 80 which is a royal pain and defats the object in many cases!! PPS I am not actually running the app server on port 80 (root access!!), its being masqueraded via port 80 through the firewall Al On Mon, 21 Jun 2004 07:53:31 -0700 (PDT), Bernard Sirius <[EMAIL PROTECTED]> wrote: Er, that doesn't work either on my machine. BUT, I have a workaround now... with a price tag: south river technologies' WebDrive. Runs like the wind ! I'll stick with this for the moment, as it's more important for me right now to understand what Slide can actually bring me... --- Andrey Shulinsky <[EMAIL PROTECTED]> wrote: Hi there! I had the similar problem and solved it by turning off the authentication for the OPTIONS method in Slide's deployment descriptor: DAV resource / COPY DELETE GET HEAD LOCK MKCOL MOVE POST PROPFIND PROPPATCH PUT UNLOCK VERSION-CONTROL REPORT CHECKIN CHECKOUT UNCHECKOUT MKWORKSPACE UPDATE LABEL MERGE BASELINE-CONTROL MKACTIVITY ACL SEARCH BIND UNBIND REBIND root user XP WebFolders client issues the OPTIONS request first, it fails because you've not been authenticated yet but for some reason I don't know the client doesn't ask for your credentials. Either Slide doesn't return the 401 response or WebFolders don't expect it... or... or something else happens. I haven't looked into the problem thoroughly. I wonder if there are better solutions then the one I'm suggesting... Yours sincerely, Andrey. > -Original Message- > From: Slide Users Mailing List [mailto:[EMAIL PROTECTED] > Sent: Sunday, June 20, 2004 7:23 PM > To: [EMAIL PROTECTED] > Subject: Cannot browse WebDAV in Windows XP > Importance: Low > > Hi, > > I'm trying to browse my fresh slide installation with xp. It > all works perfectly with my regular browser, but I cannot > "add a new Network Place"... > > The password is never recognized. I have done everything like > is said in the documentation (auth-constraint stuff) and > tested several things, but the password simply isn't recognized. > > In fact, xp doesn't allow me to enter "root" as username, and > systematically prepends localhost/ to it. > > Any idea ? > > Bernard > > > > > __ > Do you Yahoo!? > New and Improved Yahoo! Mail - 100MB free storage! > http://promotions.yahoo.com/new_mail > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Do you Yahoo!? New and Improved Yahoo! Mail - Send 10MB messages! http://promotions.yahoo.com/new_mail - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- [EMAIL PROTECTED] <<< - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Need help getting Slide to use LDAP.
On Thu, 27 May 2004 00:58:07 +0900, Carlos Villegas <[EMAIL PROTECTED]> wrote: Alan Wood wrote: On Tue, 25 May 2004 09:38:25 -0700, James Mason <[EMAIL PROTECTED]> wrote: It might be posible to define a standard mechanism, maybe by writing some Abstract Store class for a partial or "transparent" store, where a store that does not handle an operation it delegates to the parent store. For example, you mount a standard store on /, Tx or JDBC, and then you mount the LDAP store on /users and /roles. If the LDAP store doesn't handle a given operation, like creating arbitrary properties, it delegates to the root store. I was thinking of something along those lines. Having a dual-mode Store that put some things in LDAP and some things in a filesystem/database. I hadn't thought of passing the additional properties up to a higher-scoped Store. That makes sense. I'm not sure how that would play out with the current API, and I can see the potential for concurrency issues (deleting a user in LDAP but still having properties in the parent store). I like the idea, though. [snip] Well, I am not expert either, but I have a working "mixed" store along those lines. As you said, a slide node is made of other pieces. But it doesn't matter where those pieces come from as long as the overall view of the object is consistent. I implemented a EJB Store based on the JDBC samples, however, the user/roles come from existing User/Role beans in my application. In fact the User bean may be an LDAPUser or and DatabaseUser, which my application already had. I have several abstractions in between, because other parts of my application needs them, but it could be done with the default stores. The transaction stuff could be tricky, I haven't tested my implementation thoroughly. So far it seems to work. But if LDAP is readonly, it doesn't matter. I didn't use what I suggested, passing unsupported operations to the parent store. Rather, I handled it internally, as far as Slide is concerned there's only one store mounted at the root. Basically, for LDAP, you just need to implement retrieveObject and retrieveRevisionDescriptor, the rest is passed along. However, I think it's possible to generalize this and use the scope concept in Slide as suggested. The problems I see are the same James mentioned: the current API may be lacking and how to synchronize external changes to user/roles. Deleted users in LDAP may not be a problem because you always check LDAP first and can invalidate the orphan local objects. But there are other cases like deleting and readding, or even some modifications may also create inconsistencies. Maybe a timestamp check to discard local related objects will do the trick. I see where your coming from, using the readonly store implementation (for say user and password) avoids the transaction issues. But if this were to be implemented (just user and password) it would be best to create the store so that it outsourced authentication in a standard way using JAAS, that way you could easily design any backend for authentication i.e. LDAP, SQL or even another Slide !! just joking about that last one ;) PS there are also some diadvantegs to just user/password storage changes, promarily that from a admin point of view you now have two points of admin LDAP for user name and passwords and other permisssions and WEBDAV/Slide for ACLs which isnt exactly a global admin view. Al -- [EMAIL PROTECTED] <<<<<<<<<<<<<<<<<<<<<<<<<<< - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Need help getting Slide to use LDAP.
On Tue, 25 May 2004 09:38:25 -0700, James Mason <[EMAIL PROTECTED]> wrote: It might be posible to define a standard mechanism, maybe by writing some Abstract Store class for a partial or "transparent" store, where a store that does not handle an operation it delegates to the parent store. For example, you mount a standard store on /, Tx or JDBC, and then you mount the LDAP store on /users and /roles. If the LDAP store doesn't handle a given operation, like creating arbitrary properties, it delegates to the root store. I was thinking of something along those lines. Having a dual-mode Store that put some things in LDAP and some things in a filesystem/database. I hadn't thought of passing the additional properties up to a higher-scoped Store. That makes sense. I'm not sure how that would play out with the current API, and I can see the potential for concurrency issues (deleting a user in LDAP but still having properties in the parent store). I like the idea, though. Although this would be handy I am not sure it is feasable after looking at the TX store and XMLDescriptors et all... The stores store nodes for a given URI, a node itself consists of other nodes (properties, value permissions etc..) what seems to be suggested here is differentiating storage for these different node components (leaves of the tree). I believe this may destroy the node abstraction fundamental in slide. I also find it difficult to imagine how transactions would be handled accross the nodes given that some have an LDAP route and others have a file stream route. Now Im no expert here it's my first look at the store example code, but my feeling would be that LDAP would have to house all of the nodes under the user tree (and roles would also make sense here i believe). This would again raise the issue of LDAP schema issues with existing schemas in the LDAP instalation for users.groups etc.. It would also mean a lot of work me thinks. I think the real issue here is that slide has not been created with an abstract or seperable user/role model, but instead treats these as nodes of the existing model, stored alongside everything else (I dont mean this as a critisism, just an observation). It would be nice if someone else here with direct experience of the store developement could add some input to clarify. Any takers? Al -- [EMAIL PROTECTED] <<< - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Need help getting Slide to use LDAP.
James I think its a great idea, in my opinion would also really help slide in a number of applications i am working on too. On Fri, 21 May 2004 11:09:30 -0700, James Mason <[EMAIL PROTECTED]> wrote: Here's what I'm hoping to have when I get finished: 1. Tomcat authenticates users against an LDAP repository. 2. Slide authorizes users against an LDAP repository. 3. Slide authorizes groups (or roles) against an LDAP repository. 4. Slide determines group/role membership from user membership in LDAP groups. #1 is not an issue with Slide, but I was thinking of configuring Tomcat to use the SlideRealm and having Slide authenticate against LDAP. This may not be worth the effort, though. I have used the JAAS implementation from slide for this so that i dont have to worry about keeping users up to dat in the application server. Thus jetty (I prefer Jetty over tomcat) authenticates via jaas through slide. Thus all users are managed in slide. I have also written some admin classes for administrating users. If the store for users is changed to LDAP, this should still play nicely. For #2 - #4, based on my understanding of Slide, I'm going to need to create a new Store implementation that talks to LDAP. Unfortunately I havent looked at the stores, so cant add any pointers here My questions: Does anyone see anything I've overlooked (an easier way to do this, perhaps)? I think one has to consider what the benefits of using LDAP are as a user store? I would have thought the main benefit is centralisation, single sign in that sort of thing. In doing that one would need to use a common schema that all apps authenticating users etc.. would all support I have No real experience with LDAP schema's but I guess the trick here is to use a recognised schema for users and add the extra nodes that slide would require, remembering that ACLs are quite complicated in slide, would these apply outside of slide?? or would each app using LDAP have its own application specific ACLs I definitley find the ACLs difficult to get my head around. Has anyone else done something similar that they wouldn't mind sharing? Is there any documentation/postings that would help me write a new Store? What I've found basically says read the source for the default stores. Actually the text stores are probably better to look at than the SQL/J2EE stores as they are more node like (albeit xml node based), LDAP dI think has a node like structure so the match is good. The other question would be how would you talk to LDAP, would you use JNDI or specific LDAP libraries ? I think JNDI may have a benefit here, plus slide could also benefit from a little JNDI support, again these are not areas of my expertese, just my $0.02, and I would certainly be prepared to help as long as the code was contributed back (I.E opensourced). Al -- [EMAIL PROTECTED] <<< - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Folders inside folders on Windows XP
On Wed, 19 May 2004 09:02:10 +0200, Julian Reschke <[EMAIL PROTECTED]> wrote: Alan Wood wrote: ... *Note* I also tell customers to enter the full URL including port into the address when they are adding a web folder (even though 80 is default of course) this prevents Microsoft's intefering user/login management automatically adding domain information to the user name!! Weird but true!! So now i really have a dilema if i wish to use port 80 (but dont specify port in the url) the user can't enter the username as windows interferes!! Has anyone found another way around this, forgive me I am not a Windows expert. How does one prevent windows (XP and 2000) from automatically converting login usernames to domain qualified ones? e.g. when adding a web folder using the wizard one enters the userName 'fred' and password 'fredspassword' then windows converts this into '[EMAIL PROTECTED]/files' for instance. I probably should have that on my issues list, too (and cross-link the two issues). Does this issue have an KM article? In which webfolder versions does it occur? Well I will try to get some more version information from a couple of customers for completeness and feedback for yourself. This problem however is not confined to webfolders me thinks, I have seen this problem on the same system trying to connect to a Samba share, where Windows tries to add the domain name etc.. when one presents it with a straight user name like 'fred'. It is less of a problem with samba/CIF shares though because you can use the DOS 'NET USE' commands to map shares to drives etc.. providing usernames and passwords on the command line. It therefore must be related to Windows user/logon management and may not be specific to a dll. It may come down to whether the system is part of a windows domain or similar (again my familiarity with windows here is limited). Having said that adding the prot number to the webFolder address line does get around the problem so it should be documented from a webfolder/webdav perspective I guess. I am sure others must have experienced this, and would like to know if there are ways around it (rather than changing port numbers away from '80' Al -- [EMAIL PROTECTED] <<<<<<<<<<<<<<<<<<<<<<<<<<< - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Folders inside folders on Windows XP
Alan Wood wrote: Hi Guys I got a weird one here, for some reason when one of our clients looks into their webdav folder (using add a network place on Windows XP) They see the folder itself as a folder in its root listing!! For every folder the go into they see the folder they are in as well as its contents!! Its like facing mirrors going into the infinite. It only happens with their two XP systems, its ok with their Macs and regular browser views, and its ok when i look at it here from my test XP system!! Has anyone else experienced this issue before?? Maybe this one...: <http://greenbytes.de/tech/webdav/webfolder-client-list.html#issue-folder-mismatch> Excelent Julian, spot on thank you it was : 'folder-mismatch' 'When specifying port 80 explicitly in the URL (rather than letting the default apply), the webfolder fails to detect the entry for the parent collection from the PROPFIND/Depth:1 response body, displaying it as additional child collection.' from the link you gave. I changed the port from 80 to 8580 and bingo it works. The reason i use port 80 is because its a public service and port 80 gives me the least firewall issues with customers!! *Note* I also tell customers to enter the full URL including port into the address when they are adding a web folder (even though 80 is default of course) this prevents Microsoft's intefering user/login management automatically adding domain information to the user name!! Weird but true!! So now i really have a dilema if i wish to use port 80 (but dont specify port in the url) the user can't enter the username as windows interferes!! Has anyone found another way around this, forgive me I am not a Windows expert. How does one prevent windows (XP and 2000) from automatically converting login usernames to domain qualified ones? e.g. when adding a web folder using the wizard one enters the userName 'fred' and password 'fredspassword' then windows converts this into '[EMAIL PROTECTED]/files' for instance. -- [EMAIL PROTECTED] <<<<<<<<<<<<<<<<<<<<<<<<<<< - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Folders inside folders on Windows XP
Hi Guys I got a weird one here, for some reason when one of our clients looks into their webdav folder (using add a network place on Windows XP) They see the folder itself as a folder in its root listing!! For every folder the go into they see the folder they are in as well as its contents!! Its like facing mirrors going into the infinite. It only happens with their two XP systems, its ok with their Macs and regular browser views, and its ok when i look at it here from my test XP system!! Has anyone else experienced this issue before?? Anyone have any clues as to what might be going on or how to solve it? confused Al -- [EMAIL PROTECTED] < - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Folders inside folders on Windows XP
Hi Guys I got a weird one here, for some reason when one of our clients looks into their webdav folder (using add a network place on Windows XP) They see the folder itself as a folder in its root listing!! For every folder the go into they see the folder they are in as well as its contents!! Its like facing mirrors going into the infinite. It only happens with their two XP systems, its ok with their Macs and regular browser views, and its ok when i look at it here from my test XP system!! Has anyone else experienced this issue before?? Anyone have any clues as to what might be going on or how to solve it? confused Al -- [EMAIL PROTECTED] < - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
JDOM problem with slide version 2.0 release
I have noticed a problem using newer versions of Jdom (1.0rc1, Feb 26th 2004 ) with the new slide final release, this did not occur with slide 2.0b1. If i use jdom beta 9 (as provided with slide 2.0) the problem disssapears. I just figured it would be nice to use the latest versions if possible. here is the exception when loading the domain (servlet startup): [snip] all the loading stuff 18 May 2004 11:56:20 - org.apache.slide.security.SecurityImpl - INFO - Action aggregations loaded successfully 18 May 2004 11:56:20 - org.apache.slide.common.Namespace - INFO - Import data into namespace slide 18 May 2004 11:56:20 - org.apache.slide.common.XMLUnmarshaller - INFO - Loading object / org.apache.slide.common.ServiceAccessException: Service TxFileStore at store/metadata working on work/metadata access error : org.jdom.Element.addContent(Lorg/jdom/Element;)Lorg/jdom/Element; at org.apache.slide.store.AbstractStore.storeRevisionDescriptor(AbstractStore.java:1107) at org.apache.slide.store.ExtendedStore.storeRevisionDescriptor(ExtendedStore.java:794) at org.apache.slide.content.ContentImpl.store(ContentImpl.java:1013) at org.apache.slide.common.XMLUnmarshaller.loadObjectRevision(XMLUnmarshaller.java:411) at org.apache.slide.common.XMLUnmarshaller.loadDefaultObjectRevision(XMLUnmarshaller.java:328) at org.apache.slide.common.XMLUnmarshaller.loadObjectNode(XMLUnmarshaller.java:261) at org.apache.slide.common.XMLUnmarshaller.unmarshal(XMLUnmarshaller.java:90) at org.apache.slide.common.NamespaceAccessTokenImpl.importData(NamespaceAccessTokenImpl.java:267) at org.apache.slide.common.Namespace.loadBaseData(Namespace.java:775) at org.apache.slide.common.Domain.initNamespace(Domain.java:814) at org.apache.slide.common.Domain.init(Domain.java:433) at org.apache.slide.common.Domain.init(Domain.java:367) at org.apache.slide.common.Domain.init(Domain.java:330) at org.apache.slide.webdav.WebdavServlet.init(WebdavServlet.java:256) at javax.servlet.GenericServlet.init(GenericServlet.java:256) at org.apache.slide.webdav.WebdavServlet.init(WebdavServlet.java:198) at org.mortbay.jetty.servlet.ServletHolder.start(ServletHolder.java:220) at org.mortbay.jetty.servlet.ServletHandler.initializeServlets(ServletHandler.java:445) at org.mortbay.jetty.servlet.WebApplicationHandler.initializeServlets(WebApplicationHandler.java:150) at org.mortbay.jetty.servlet.WebApplicationContext.start(WebApplicationContext.java:458) at org.mortbay.http.HttpServer.start(HttpServer.java:663) at org.technolibre.interprise.WebDav.start(WebDav.java:154) at org.technolibre.interprise.ServiceKernel.startInternalServices(ServiceKernel.java:498) at org.technolibre.interprise.ServiceKernel.start(ServiceKernel.java:446) at org.technolibre.interprise.boot.main(boot.java:130) -- [EMAIL PROTECTED] < - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
JDOM problem with slide version 2.0 release
I have noticed a problem using newer versions of Jdom (1.0rc1, Feb 26th 2004 ) with the new slide final release, this did not occur with slide 2.0b1. If i use jdom beta 9 (as provided with slide 2.0) the problem disssapears. I just figured it would be nice to use the latest versions if possible. here is the exception when loading the domain (servlet startup): [snip] all the loading stuff 18 May 2004 11:56:20 - org.apache.slide.security.SecurityImpl - INFO - Action aggregations loaded successfully 18 May 2004 11:56:20 - org.apache.slide.common.Namespace - INFO - Import data into namespace slide 18 May 2004 11:56:20 - org.apache.slide.common.XMLUnmarshaller - INFO - Loading object / org.apache.slide.common.ServiceAccessException: Service TxFileStore at store/metadata working on work/metadata access error : org.jdom.Element.addContent(Lorg/jdom/Element;)Lorg/jdom/Element; at org.apache.slide.store.AbstractStore.storeRevisionDescriptor(AbstractStore.java:1107) at org.apache.slide.store.ExtendedStore.storeRevisionDescriptor(ExtendedStore.java:794) at org.apache.slide.content.ContentImpl.store(ContentImpl.java:1013) at org.apache.slide.common.XMLUnmarshaller.loadObjectRevision(XMLUnmarshaller.java:411) at org.apache.slide.common.XMLUnmarshaller.loadDefaultObjectRevision(XMLUnmarshaller.java:328) at org.apache.slide.common.XMLUnmarshaller.loadObjectNode(XMLUnmarshaller.java:261) at org.apache.slide.common.XMLUnmarshaller.unmarshal(XMLUnmarshaller.java:90) at org.apache.slide.common.NamespaceAccessTokenImpl.importData(NamespaceAccessTokenImpl.java:267) at org.apache.slide.common.Namespace.loadBaseData(Namespace.java:775) at org.apache.slide.common.Domain.initNamespace(Domain.java:814) at org.apache.slide.common.Domain.init(Domain.java:433) at org.apache.slide.common.Domain.init(Domain.java:367) at org.apache.slide.common.Domain.init(Domain.java:330) at org.apache.slide.webdav.WebdavServlet.init(WebdavServlet.java:256) at javax.servlet.GenericServlet.init(GenericServlet.java:256) at org.apache.slide.webdav.WebdavServlet.init(WebdavServlet.java:198) at org.mortbay.jetty.servlet.ServletHolder.start(ServletHolder.java:220) at org.mortbay.jetty.servlet.ServletHandler.initializeServlets(ServletHandler.java:445) at org.mortbay.jetty.servlet.WebApplicationHandler.initializeServlets(WebApplicationHandler.java:150) at org.mortbay.jetty.servlet.WebApplicationContext.start(WebApplicationContext.java:458) at org.mortbay.http.HttpServer.start(HttpServer.java:663) at org.technolibre.interprise.WebDav.start(WebDav.java:154) at org.technolibre.interprise.ServiceKernel.startInternalServices(ServiceKernel.java:498) at org.technolibre.interprise.ServiceKernel.start(ServiceKernel.java:446) at org.technolibre.interprise.boot.main(boot.java:130) -- [EMAIL PROTECTED] < - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Folders inside folders on Windows XP
Hi Guys I got a weird one here, for some reason when one of our clients looks into their webdav folder (using add a network place on Windows XP) They see the folder itself as a folder in its root listing!! For every folder the go into they see the folder they are in as well as its contents!! Its like facing mirrors going into the infinite. It only happens with their two XP systems, its ok with their Macs and regular browser views, and its ok when i look at it here from my test XP system!! Has anyone else experienced this issue before?? Anyone have any clues as to what might be going on or how to solve it? confused Al -- [EMAIL PROTECTED] < - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JAAS LoginModule
On Fri, 26 Mar 2004 13:38:13 +0100, Unico Hommes <[EMAIL PROTECTED]> wrote: [snip] The issues with the domain loading itself more than once ended up being the result of multiple slide jars being installed . DOH!! The jars were installed inside the slide war/WEB-INF/lib and in our application server. Removing the jars from the slide webapp jar solves the issue. Thought I let everyone know in case it happens to them :) -- [EMAIL PROTECTED] < - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Strange windows problem
On Fri, 16 Apr 2004 18:17:18 +0800, Hoi Chong <[EMAIL PROTECTED]> wrote: Hi, Windows "webfolders" have a bug where it try to use the "DAV displayname" property value in it's URI to access WebDAV resources. You can use the Slide commandline client or DAVExplorer to access Slide server /files URI and see what the displayname property is set to. If using Slide commandline client, the command is "propfindall files". If using DAVExplorer you should see the displayname property easily. HTH. [snip] Trying to connect to the slide server from a windows system on the network i get: HTTP ERROR: 404 %2Ffiles+Not+Found RequestURI=/files [snip] Thanks Hoi, that helped me work out the problem, it was actually a virtual server issue, I have virtual server set to 'localhost' (im using jetty rather than tomcat) so on the local system it was fine as i was using localhost in the uri, but on the windows system i used the IP number which didnt match the virtua server string!! So i just changed the virtual server string to the IP address now it all works (except for explicit localhost!).. Doh... -- [EMAIL PROTECTED] < - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Strange windows problem
Trying to connect to the slide server from a windows system on the network i get: HTTP ERROR: 404 %2Ffiles+Not+Found RequestURI=/files and I cant see anything in the console output on slide? The strange thing is i can connect to the same /files from the local browser and Konquerer without any issues, the authentication box comes straight up I just cant work out why i.e is getting that error (also add network wizard is the same), its running XP by the way Al -- [EMAIL PROTECTED] < - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Re[2]: Proxy for slide
hi, MH> Alan Wood <[EMAIL PROTECTED]> writes: Hi I'm looking at ways to proxy slide. Can i use apache mod_rewrite in conjuction with slide running in an app server? MH> We had problems with mod_proxy and HTTP 1.1, especially MH> chunked encoding. I have not been looking into this MH> for a year or so, so it might be solved. mod_proxy was rewritten for apache2. i use it for running tomcat behind apache2 on windows2k and it works great with http1.1 here you can find some configuration tips: http://wiki.cocoondev.org/Wiki.jsp?page=ApacheModProxy Thanks Andreas that links has some usefull tips, and i agree whole heartedly with using apache to front all my application servers (I normally use mod rewrite). There are also a couple of other usefull links on the cocoon wiki. I am also looking ad mod_cache but cant find any info on that yet, for both slide and other document publishing web apps we run, anyone used mod_cache? -- [EMAIL PROTECTED] <<<<<<<<<<<<<<<<<<<<< - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Proxy for slide
Hi I'm looking at ways to proxy slide. Can i use apache mod_rewrite in conjuction with slide running in an app server? e.g. in slide i could have the following namespaces /somedomain.com/their-files.. and have apache rewrite requests from www.somedomain.com/repository to the above namespace. Thus I can map a number of domains www.x.com/repository to the corresponding /x/their-files.. namespace on slide. would this work ? otherwise can slide be proxied? al -- [EMAIL PROTECTED] < - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Using jdbc/mysql with slide 2.x
Hi Guys I appreciate some feedback/opinion on the following : I currently use the file based backend for slide, which has been excellent for us so far. Moving forward however we are looking at using JDBC/mysql backend. I have not yet used this backend, and thus have little experience of it, I therefore wonder what current slide users think about the following points. Is the current jdbc/mysql backend as robust as the file backend? does it have any issues over the file based backend i should be aware of? using a mysql backend gives us several advantages including cetral storage along with other data to a replicated db, redundancy and backup to name a few, will the jdbc/mysql backend provide other benefits in performance searching etc.. in slide? Al -- [EMAIL PROTECTED] < - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: creating Collections and default permissions
On Fri, 26 Mar 2004 13:56:38 +0100, Unico Hommes <[EMAIL PROTECTED]> wrote: [snip] Thanks it is reassuring to see someone alse's code that knows slide!! do you know why the '/' namespace has the following permissions in the Domain.xml file? this seems a little to lax for me, just trying to understand it Al -- [EMAIL PROTECTED] < - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JAAS LoginModule
Sorry for the long delay. I haven't been monitoring this list for a while. Hope this is still relevant. It looks like the Domain is bootstrapped during initialization of the JAAS LoginModule instead of by the SlideServlet which is the way it should be. In this case the Domain is not given a specific location to load the domain configuration from so it attempts to locate it by itself. Now I haven't run into this problem. It is probably something specific to the way the application server you are using is starting its services or it may be a classloader issue. The former used to be the case with the Tomcat SlideRealm and I remember working around this by initializing the realm lazily to give the servlet time to bootstrap the Domain first. Hope this gives you some pointers as to where to start debugging this thing. Cheers, Unico -- I have had some issues with jar conflicts and sealed packages etc.. Because I am devoping an application server the libraries can be loaded by the web application of the application server which loads jetty. I still have quite a bit to go through in order to eliminate some of these issues first. But I am using slide at the web application level (as the servlet) and also above jetty at the application level for administrating slide webdav users/groups, it may well be I am loading it twice and hence this could be the cause, I will be doing more with it to check out some of these possible issues. I assume i am doing the right thing by using the static : Domain.getDefaultNamespace(); I could access the slide servlets NamespaceAccessToken from jetty's context, but i figured this may cause issues on transactions etc.. I assumed that using the Domain static method was the way one should get the NamespaceAccessToken . Is this a correct assumption? [snip] -- [EMAIL PROTECTED] < - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
creating Collections and default permissions
Ok guys help me out here if you can My software is now able to create uers and groups (roles) and associate them on the backend using slide libraries 2.x I an now trying to deal with the creation of collections and permisiions (ACL) etc.. this is kind of what im trying to get to collection wise /patientCentre1/ /Patient1records /Patient2records /Patient3records . /PatientXrecords /patientCentre2/ /Patient1records /Patient2records /Patient3records . /PatientXrecords etc.. so there are multiple patients centre collections (these publish the information) under which are there patients which have their own user names and login. Each patient should only be able to access their own records (normally read only, but they also need write permission for other stuff). Each centre has full access to all records collections inside its collection. The software im writing will create the required users and groups on the fly. When it creates a user (patient in this example) it also has to create their collection. Likewise when a new patient centre user/group is created its collection is also created. I have the users and groups licked, my issue is understanding how to create the collections and the correct permissions for both types of user. I'm doing so on the slide side using the slide libraries 2.x not using a webdav client for admin. If any one can help me out here with a few pointers I would really appreciate it. Thanks Al -- [EMAIL PROTECTED] < - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JAAS LoginModule
Sorry for the long delay. I haven't been monitoring this list for a while. Hope this is still relevant. It looks like the Domain is bootstrapped during initialization of the JAAS LoginModule instead of by the SlideServlet which is the way it should be. In this case the Domain is not given a specific location to load the domain configuration from so it attempts to locate it by itself. Now I haven't run into this problem. It is probably something specific to the way the application server you are using is starting its services or it may be a classloader issue. The former used to be the case with the Tomcat SlideRealm and I remember working around this by initializing the realm lazily to give the servlet time to bootstrap the Domain first. Hope this gives you some pointers as to where to start debugging this thing. Cheers, Unico -- I have had some issues with jar conflicts and sealed packages etc.. Because I am devoping an application server the libraries can be loaded by the web application of the application server which loads jetty. I still have quite a bit to go through in order to eliminate some of these issues first. But I am using slide at the web application level (as the servlet) and also above jetty at the application level for administrating slide webdav users/groups, it may well be I am loading it twice and hence this could be the cause, I will be doing more with it to check out some of these possible issues. I assume i am doing the right thing by using the static : Domain.getDefaultNamespace(); I could access the slide servlets NamespaceAccessToken from jetty's context, but i figured this may cause issues on transactions etc.. I assumed that using the Domain static method was the way one should get the NamespaceAccessToken . Is this a correct assumption? [snip] -- [EMAIL PROTECTED] < - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Users,Passwords,Groups and ACLs
Hi Russell I had this same question, couldnt find an answer so decided to take it on my self to develop such a thing. I am currently in the middle of it but am certainly willing to share it with anyone in the community and commit it if its deemed useful good enough. I am also trying to keep it as seperate from my application as possible to enable it to be used by others, but some work (help) may be required. As soon as it's fit to show anyone else I will let you know. PS thanks to Andrey for his help on this also, it was his code that sparked me off in this direction Al Hi, Is there any usable client (preferrably a gui client) for performing management functions on slide - handling users,passwords, groups etc - setting up ACLs Without such a client, slide is like an automobile with no steering wheel. Didn't slide once have a management servlet? Does anyone know the correct syntax for specifying properties (not in the DAV: namespace) in the commandline client? From looking at the source code seems to be the syntax. propget accepts this syntax but propput chokes on it. So I can't even set passwords with the commandline client. I managed to set passwords with SkunkDav, but assigning users to groups seems totally beyond SkunkDav and the commandline client (neither can even display the group-member-set properly). I have some proposals for additions and corrections to the Slide Documentation :-). Is anyone interested? cheers Russell Thamm - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- [EMAIL PROTECTED] < - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Browser webdav listings - ignore this
On Fri, 19 Mar 2004 18:53:15 -, Alan Wood <[EMAIL PROTECTED]> wrote: Hi Can anyone point me in the direction of the classes/mechanism used to render the browser view of collections? Can this be modified, any pointers here would help Al Sorry just ignore me I'm being dim. it defaults to the standard HttpSerlet.service(... doh!.. -- [EMAIL PROTECTED] <<<<<<<<<<<<<<<<<<<<< - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Browser webdav listings
Hi Can anyone point me in the direction of the classes/mechanism used to render the browser view of collections? Can this be modified, any pointers here would help Al -- [EMAIL PROTECTED] < - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Is GroupNode really necessary?
On Thu, 11 Mar 2004 09:39:24 +0100, <[EMAIL PROTECTED]> wrote: Is there any sample code to show how to use the new ACL-Draft-12 group stuff? Please have a look at default Domain.xml shipped with Slide 2.0b1. There, you'll find 4 users configured: /users/root, /users/john, /users/john2 and /users/guest. Moreover, there are 3 roles configured: /roles/root, /roles/user and /roles/guest. The user-role relationship is established through the DAV:group-member-set property. For instance, you'll find /users/john, /users/john2 and /users/root belonging to /roles/user. Note that /users/root is also a member of /roles/root. Through WebDAV, you can link a user to a role by PROPPATCH'ing the DAV:group-member-set property of the role. As a non-standard feature, in Slide you also can create new principals through WebDAV by means of the MKCOL method, e.g. MKCOL /slide/users/peter creates a new user. Merely the maintenance of users and roles over the native Slide API became a bit unhandy through the ACL-DRAFT-12 changes: the NodeProperty instances corresponding to DAV:group-member-set have to be properly provided with lists of XML elements ... :( It is still a TODO to add some convenience here. This is hinted to in the documentation, and i agree it would be nice to see more information about its use. A few examples of adding a user and applying a group would be really handy to get a grip on it. My other question would also be how does one secure such access and changes, can anybody expand on this or proviide an example? -- [EMAIL PROTECTED] < - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
JAAS LoginModule
Hi I'm pretty new to Slide (and webdav for that matter) and am still getting
my head mangled by it (a few days a newbie).
I think it is an awesome thing that creates major opportunities when
integrating to our open source application server, congrats to the developers
on the code base so far.
The documentation however does not help in many situations which is why i
subscribed to this list, i already have a a number of questions:
1) I have just managed to get the JAAS LoginModule working in our application
server which uses Jetty (we r moving away from tomcat). Using the JAAS
loginmodule looked like the only way to do it with Jetty, and we had quite a
few probs getting it working. But something strange is happening, when I log
in as 'root' just using a browser at '/slide/files' for example The
Domain.xml file gets loaded up again? is this meant to happen. It caused a
lot of problems at first because when it happend it could not find
'Domain.xml' . When i start the app up it loads the Domain.xml perfectly. But
when it looks to load it a second time after a root login (for example) it
just looks for 'Domain.xml' without a path. the solution is to copy the
Domain.xml file to somewhere in the class path but this is obviously slightly
different for our application server particularly since the JAAS slide realm
is cretead programaticatlly outside of jetty.
#my login.config for JAAS is :
slide {
org.apache.slide.jaas.spi.SlideLoginModule required
namespace=slide;
};
here is the log output including trace when it fails to find domain.xml on a
login :
09 Mar 2004 12:07:57 - org.apache.slide.common.Domain - INFO -
Auto-Initializing Domain
09 Mar 2004 12:07:57 - org.apache.slide.common.Domain - INFO - Domain
configuration : {org.apache.slide.lock=true,
org.apache.slide.versioncontrol=true, org.apache.slide.debug=false,
org.apache.slide.search=true, org.apache.slide.security=true,
org.apache.slide.urlEncoding=UTF-8}
09 Mar 2004 12:07:57 - org.apache.slide.common.Domain - ERROR - Domain
initialization error : Domain.xml (No such file or directory)
12:07:57.169 WARN!! javax.security.auth.login.LoginException:
org.apache.slide.common.DomainInitializationFailedError: Domain
initialization error : Domain.xml (No such file or directory)
at org.apache.slide.common.Domain.selfInit(Domain.java:766)
at org.apache.slide.common.Domain.accessNamespace(Domain.java:237)
at
org.apache.slide.jaas.spi.SlideLoginModule.initialize(SlideLoginModule.java:126)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:662)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:129)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:610)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:607)
at javax.security.auth.login.LoginContext.login(LoginContext.java:534)
at org.mortbay.jaas.JAASUserRealm.authenticate(JAASUserRealm.java:212)
at
org.mortbay.http.BasicAuthenticator.authenticated(BasicAuthenticator.java:50)
at org.mortbay.http.SecurityConstraint.check(SecurityConstraint.java:415)
at
org.mortbay.http.HttpContext.checkSecurityConstraints(HttpContext.java:1552)
at
org.mortbay.jetty.servlet.ServletHttpContext.checkSecurityConstraints(ServletHttpContext.java:134)
at
org.mortbay.jetty.servlet.WebApplicationHandler.dispatch(WebApplicationHandler.java:235)
at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:567)
at org.mortbay.http.HttpContext.handle(HttpContext.java:1808)
at
org.mortbay.jetty.servlet.WebApplicationContext.handle(WebApplicationContext.java:525)
at org.mortbay.http.HttpContext.handle(HttpContext.java:1758)
at org.mortbay.http.HttpServer.service(HttpServer.java:879)
at org.mortbay.http.HttpConnection.service(HttpConnection.java:790)
at org.mortbay.http.HttpConnection.handleNext(HttpConnection.java:952)
at org.mortbay.http.HttpConnection.handle(HttpConnection.java:807)
at org.mortbay.http.SocketListener.handleConnection(SocketListener.java:197)
at org.mortbay.util.ThreadedServer.handle(ThreadedServer.java:289)
at org.mortbay.util.ThreadPool$PoolThread.run(ThreadPool.java:501)
12:07:57.173 WARN!! AUTH FAILURE: user root
09 Mar 2004 12:08:04 - org.apache.slide.common.Domain - INFO -
Auto-Initializing Domain
09 Mar 2004 12:08:04 - org.apache.slide.common.Domain - INFO - Domain
configuration : {org.apache.slide.lock=true,
org.apache.slide.
