> Hello, I'm wondering if there's a way to put a JSP file in the slide
WebDav
> system so I can control the web interface to the Dav system.
>
> For example, I want to put a index.jsp file into the /users folder so when
> an administrator accesses that folder from a web browser then he will be
> presented with an HTML administrative view. This way I can prevent folder
> browsing, use slide ACL's for access control to the JSP and add my logic
to
> the administration of that folder.
>
> Right now when I attempt to "put" a JSP file into slide I get the output
> contained at the end of this message. It looks like the problem in the
> output is related to a configuration of the JspEngine. Meaning the "put"
> fires the hook into the JspEngine and the JspEngine attempts to handle the
> request. This isn't that big of a deal since it's probably a good thing.
> In that it prevents a hacker from uploading a volatile JSP into the Dav
> system.
>
> So can you tell me how I can implement the functionality I stated above?
Well, you can't do that unless your servlet container / JSP engine can
abstract the filesystem.
Tomcat 3.x can't do that, so you can't run webapps (JSPs or servlets) off a
Slide namespace, unless of course you use a properly configured filesystem
based store, but that's more a hack than an elegant solution.
Tomcat 4.0 fully abstracts the filesystem, so it's relatively easy to do
that.
The latest binaries now include a Tomcat 4 powered Slide server, which can
be a good example of how you can do the integration.
More details + downloads :
http://jakarta.apache.org/slide/server.html
http://jakarta.apache.org/builds/jakarta-slide/nightly/2001-06-26/jakarta-sl
ide.zip
> On a second note, as you know, right now the slide webdav/manager
servlet(s)
> just display a directory listing to HTML clients. How can I override that
> behavior? I've looked at the webdav servlet source and the WebDav
directory
> listing HTML code is generated from there. Do I need to write my own
webdav
> servlet to eliminate the directory browsing? Is there a better way?
If a user can read a resource, it can also list its members if it's a
collection. Right now, the two permissions (read and list) are not separate
(but a new permission could be added).
There is no "display directory browsing" flag, mainly because the WebDAV
servlet in Slide isn't meant to be used as a replacement for the default
servlet in Tomcat. Instead, it is supposed to be handling all the URLs in
the context, and provide full access to them for various editing purposes.
Remy
