In working through a locking problem, two issues have arisen: 1. An unauthenticated user (guest) trying to lock a resource is getting an Error 403 Forbidden message. Tracking this down seems to indicate that the user (/user/guest) did not have access to /users ... as a result of this permission on /users (in the default Domain.xml)
<permission action="/actions" subject="/users/guest" inheritable="true" negative="true"/> and the error was "org.apache.slide.common.Domain - WARNING - Access denied on /users by user /users/guest for action /actions/read". It's not obvious that /users/guest would need read access to /users to perform a lock on the resource (having given read/write/manage permissions to guest on /files). Is this how it is supposed to function ? 2. The isLocked() method on WebdavResource seems to rely on the DAV server returning an empty lockdiscovery element to determine that the resource is no longer locked after it has been already locked (ie. isLocked() stays true even after the resource has been unlocked). A lockdiscovery element is not returned when a resource is not locked from both Slide and IIS, but an empty lockdiscovery (something like <lockdiscovery/>) is returned from Apache (with mod_dav) and the webdav web application that comes with Tomcat. If there is no lockdiscovery element then this should reset the locked state too (ie. isLocked() should return false).
