hi dirk,
I found the following inconsistencies in the implementation of the webdav
Access Control Protocol.
1) Both "current-user-privilege-set" and "acl" properties on some resources
returns the privilege DAV:all but the specification says that only
non-abstract privileges from the DAV:supported-privilege-set property should
be returned(Section 5.3 last para).Hence the DAV:all privilege should never
be returned for both acl and current-user-privilege set properties since
DAV:all is returned as an abstract privilege in the supported-privilege-set
property.
2)The acl method on resources must only contain non-abstract elements
specified in the DAV:supported-privilege-set of that resource.But the acl
method is currently allowing setting of the privileges which are not even
there in the supported-privilege-set property of the resource like
"read-revision-content", "read-revision-metadata", "grant-permission" and
non-abstract privileges like DAV:all etc.
(Section 5.4.2)
3) The propfind method implementation for a request on a resource for the
"acl" property is inconsistent with the ACl method implementation . For
example in the propfind implementation a principal is considered to have
"read" privilege only if
he has "readObject","readRevisionMetadata" ,"readRevisionContent" privileges
used in slide.
boolean canRead = readObject && readRevisionMetadata &&
readRevisionContent;
But the acl method implementation for "read" privilege request for a
principal grants "readObject","readRevisionMetadata",
"readRevisionContent" and also "readLocks" .Similarily for the "write"
privilege the principal is granted 8 privileges in slide in the acl method
implementation but the propfind method request for the "acl" property
returns "write" only if the principal has ten slide privileges.
boolean canWrite = createObject && removeObject && lockObject
&& readLocks && createRevisionMetadata
&& modifyRevisionMetadata && removeRevisionMetadata
&& createRevisionContent && modifyRevisionContent
&& removeRevisionContent;
thanks,
rajkumar
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 20, 2001 6:24 PM
To: [EMAIL PROTECTED]
Subject: cvs commit: jakarta-slide/src/examples/SimpleWebdavServlet
SimpleWebdavServlet.java
dirkv 01/09/20 18:24:13
Modified: src/examples/SimpleWebdavServlet SimpleWebdavServlet.java
Log:
sync with main servlet
Revision Changes Path
1.4 +5 -5
jakarta-slide/src/examples/SimpleWebdavServlet/SimpleWebdavServlet.java
Index: SimpleWebdavServlet.java
===================================================================
RCS file:
/home/cvs/jakarta-slide/src/examples/SimpleWebdavServlet/SimpleWebdavServlet
.java,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- SimpleWebdavServlet.java 2001/08/19 11:07:10 1.3
+++ SimpleWebdavServlet.java 2001/09/21 01:24:13 1.4
@@ -1,7 +1,7 @@
/*
- * $Header:
/home/cvs/jakarta-slide/src/examples/SimpleWebdavServlet/SimpleWebdavServlet
.java,v 1.3 2001/08/19 11:07:10 cmlenz Exp $
- * $Revision: 1.3 $
- * $Date: 2001/08/19 11:07:10 $
+ * $Header:
/home/cvs/jakarta-slide/src/examples/SimpleWebdavServlet/SimpleWebdavServlet
.java,v 1.4 2001/09/21 01:24:13 dirkv Exp $
+ * $Revision: 1.4 $
+ * $Date: 2001/09/21 01:24:13 $
*
* ====================================================================
*
@@ -209,7 +209,7 @@
permissionsList =
security.enumeratePermissions(slideToken,
object.getUri());
- locksList = lock.enumerateLocks(slideToken, object.getUri());
+ locksList = lock.enumerateLocks(slideToken, object.getUri(),
false);
} catch (SlideException e) {
@@ -282,7 +282,7 @@
permissionsList =
security.enumeratePermissions(slideToken,
currentResource);
- locksList = lock.enumerateLocks(slideToken,
currentResource);
+ locksList = lock.enumerateLocks(slideToken,
currentResource, false);
} catch (SlideException e) {
