remm 01/05/28 19:34:58
Modified: src/webdav/server/org/apache/slide/webdav/method
PropFindMethod.java
Log:
- Expose the lock token only if the current principal is the owner of the lock,
or if the lock token was submitted in the request.
Revision Changes Path
1.23 +15 -4
jakarta-slide/src/webdav/server/org/apache/slide/webdav/method/PropFindMethod.java
Index: PropFindMethod.java
===================================================================
RCS file:
/home/cvs/jakarta-slide/src/webdav/server/org/apache/slide/webdav/method/PropFindMethod.java,v
retrieving revision 1.22
retrieving revision 1.23
diff -u -r1.22 -r1.23
--- PropFindMethod.java 2001/05/16 12:07:56 1.22
+++ PropFindMethod.java 2001/05/29 02:34:57 1.23
@@ -1,7 +1,7 @@
/*
- * $Header:
/home/cvs/jakarta-slide/src/webdav/server/org/apache/slide/webdav/method/PropFindMethod.java,v
1.22 2001/05/16 12:07:56 juergen Exp $
- * $Revision: 1.22 $
- * $Date: 2001/05/16 12:07:56 $
+ * $Header:
/home/cvs/jakarta-slide/src/webdav/server/org/apache/slide/webdav/method/PropFindMethod.java,v
1.23 2001/05/29 02:34:57 remm Exp $
+ * $Revision: 1.23 $
+ * $Date: 2001/05/29 02:34:57 $
*
* ====================================================================
*
@@ -1056,7 +1056,18 @@
generatedXML.writeElement(null, "locktoken", XMLPrinter.OPENING);
generatedXML.writeElement(null, "href", XMLPrinter.OPENING);
// Put here the token Id
- generatedXML.writeText("opaquelocktoken:" + token.getLockId());
+ boolean isOwner = false;
+ try {
+ String subjectUri = security.getPrincipal(slideToken).getUri();
+ if (token.getSubjectUri().startsWith(subjectUri))
+ isOwner = true;
+ } catch (Exception e) {
+ }
+ if (isOwner || slideToken.checkLockToken(token.getLockId())) {
+ generatedXML.writeText("opaquelocktoken:" + token.getLockId());
+ } else {
+ generatedXML.writeText("opaquelocktoken:faketoken");
+ }
generatedXML.writeElement(null, "href", XMLPrinter.CLOSING);
generatedXML.writeElement(null, "locktoken", XMLPrinter.CLOSING);
