Web Server 7.0.9 supports WebDAV or Web-based Distributed Authoring and Versioning, a standard in Web-based collaboration. WebDAV is an extension to the HTTP/1.1 protocol that enables clients to perform remote web content authoring operations.
A complete WebDAV transaction involves a WebDAV-enabled server, such as Web Server 7.0.9 that can service requests for WebDAV resources, as well as a WebDAV-enabled client such as Adobe® GoLive® or Macromedia® DreamWeaver® that supports WebDAV-enabled Web publishing requests.
On the server-side, you need to enable and configure Web Server 7.0.9 to be able to service WebDAV requests.
You might want to configure WebDAV for several reasons: for example, to tune server performance, to eliminate security risks, or to provide for conflict-free remote authoring.
To suit your configuration requirements, you can change the minimum amount of time the server holds a lock on a WebDAV resource, the depth of the PROPFIND request on a collection, and the maximum size of the XML content allowed in the body of a request, and so on.
Default WebDAV attributes can be configured at the virtual server level for all collections under a virtual server. The values configured here correspond to the DAV element in the server.xml file.
WebDAV attributes can also be configured at a collection level and override any virtual server level attributes configured for the collection. The attribute values configured at the collection level correspond to the DAVCOLLECTION element in the server.xml file.
WebDAV is an extension of the HTTP/1.1 protocol, and adds new HTTP methods and headers that provide authoring support for Web resources of any type, not only HTML and XML but also, text, graphics, spreadsheets, and all other formats. Some of the tasks you can accomplish using WebDAV are:
Properties (meta-data) manipulation. You can create, remove and query information about web pages, such as their authors and creation date using the WebDAV methods PROPFIND and PROPPATCH.
Collection and resource management. You can create sets of documents and retrieve a hierarchical membership listing (similar to a directory listing in a file system) using the WebDAV methods GET, PUT, DELETE, and MKCOL.
Locking. You can use WebDAV to prevent more than one person from working on a document at the same time. The use of mutually exclusive or shared locks using the WebDAV methods LOCK and UNLOCK, helps to prevent the 'lost updates' (overwriting of changes) problem.
Namespace operations. You can use WebDAV to instruct the server to copy and move Web resources using the WebDAV methods COPY and MOVE.
WebDAV support in Web Server 7.0.9 provides the following features:
Compliance with RFC 2518 and interoperability with RFC 2518 clients.
Security and access control for publishing.
Efficient publishing operations on file system-based WebDAV collections and resources.
This section outlines the common terms you will encounter as you work with WebDAV.
URI. A URI (Uniform Resource Identifier) is a file identifier that provides an additional layer of security by using an abbreviated URL. The first part of the URL is substituted with a URL mapping that hides the file’s full physical pathname from the user.
A JSP page, foo.jsp, is located at the URI /docs/date.jsp. This page contains HTML markup and Java code which, when executed, prints today’s date on the client’s browser. When the server receives a GET request for foo.jsp from a client, before serving the page it executes the Java code. What the client receives is not foo.jsp which resides on the server, but a dynamically generated page that displays the current date.
If you were to create a source URI, for example, /publish/docs, and map it to the /docs directory containing foo.jsp, then a request for /publish/docs/foo.jsp will be a request for the source code of the /docs/foo.jsp JSP page. In this case, the server will serve the page without executing the Java code. The client will receive the unprocessed page exactly as stored on disk.
A request for the source URI is thus a request for the source of the resource.
Collection. A WebDAV collection is a resource or a set of resources that are enabled for WebDAV operations. A collection contains a set of URIs, termed member URIs, which identify member resources that are WebDAV-enabled.
Internal Member URI. A Member URI that is immediately relative to the URI of the collection. For example, if the resource with the URL http://info.sun.com/resources/info is WebDAV-enabled and if the resource with the URL http://info.sun.com/resources/ is also WebDAV-enabled, then the resource with the URL http://info.sun.com/resources/ is a collection and contains http://info.sun.com/resources/info as an internal member.
Property. A name/value pair that contains descriptive information about a resource. Properties are used for efficient discovery and management of resources. For example, a ’creationdate’ property might allow for the indexing of all resources by the date on which the resources were created, and an ’author’ property, for indexing by author name.
Live Property. A property that is enforced by the server. For example, the live getcontentlength property has as its value, the length of the entity returned by a GET request, which is automatically calculated by the server. Live properties include the following:
The value of a property is read-only, maintained by the server
The value of the property is maintained by the client, but the server performs syntax checking on submitted values.
Dead Property. A property that is not enforced by the server. The server only records the value of a dead property; the client is responsible for maintaining its consistency.
The server supports the following live properties:
The server supports the live property executable that enables clients to change the file permissions associated with a resource.
An example of a PROPPATCH request for the executable live property:
PROPPATCH /test/index.html HTTP/1.1
<A:propertyupdate xmlns:A="DAV:" xmlns:B="http://apache.org/dav/props/">
Locking. The ability to lock a resource provides a mechanism to guarantee that one user will not modify a resource while it is being edited by another. Locking prevents overwrite conflicts and resolves the "lost updates" problem.
The server supports two types of locking: shared and exclusive.
New HTTP Methods. WebDAV introduces several new HTTP methods that instruct WebDAV-enabled servers how to handle requests. These methods are used in addition to existing HTTP methods such as GET, PUT, and DELETE to carry out WebDAV transactions. The new HTTP methods are briefly described below:
PROPFIND. Used to fetch one or more properties belonging to one or more resources. When a client submits a PROPFIND request on a collection to the server, the request may include a Depth: header with a value of 0, 1, or infinity.
0. Specifies that the properties of the collection at the specified URI will be fetched.
1. Specifies that the properties of the collection and resources immediately under the specified URI will be fetched.
infinity. Specifies that the properties of the collection and all member URIs it contains will be fetched. Be aware that because a request with infinite depth will crawl the entire collection, it can impose a large burden on the server.
You can use the Administration Server to enable WebDAV for the entire server. When you do so, the following directive is added to the magnus.conf file that loads the WebDAV plugin:
Init fn="load-modules" shlib="/s1ws6.1/lib/libdavplugin.so" funcs="init-dav,ntrans-dav,pcheck-dav,service-dav" shlib_flags="(global|now)" Init fn="init-dav" LateInit=yes
The init-dav Init function initializes and registers the WebDAV subsystem.
To enable WebDAV execute the following command in CLI.
wadm> enable-webdav --user=admin --password-file=admin.pwd --host=serverhost --port=8989 --config=test
See CLI Reference, enable-webdav(1).
To enable WebDAV collection, execute the following command:
wadm> enable-dav-collection --user=admin --password-file=admin.pwd --host=serverhost --port=8989 --config=config1 --vs=config1_vs_1 --uri=/dav_config1
See CLI Reference, enable-dav-collection(1).
To disable WebDAV collection, execute the following command:
wadm> disable-dav-collection --user=admin --password-file=admin.pwd --host=serverhost --port=8989 --config=config1 --vs=config1_vs_1 --uri=/dav_config1
See CLI Reference, disable-dav-collection(1).
To add a WebDAV Collection, execute the following command:
wadm> create-dav-collection --user=admin --password-file=admin.pwd --host=serverhost --port=8989 --config=config1 --vs=config1_vs_1 --uri=/dav_config1 --source-uri=/dav_config1
See CLI Reference, create-dav-collection(1).
To list all WebDAV collections, execute the following command:
wadm> list-dav-collections --user=admin --password-file=admin.pwd --host=serverhost --port=8989 --config=config1 --vs=config1_vs_1
See CLI Reference, list-dav-collections(1).
To remove WebDAV collection, execute the following command:
wadm> delete-dav-collection --user=admin --password-file=admin.pwd --host=serverhost --port=8989 --config=config1 --vs=config1_vs_1 --uri=/dav_config1
See CLI Reference, delete-dav-collection(1).
To set WebDAV properties at the server level, execute the following command:
wadm> set-webdav-prop --user=admin --password-file=admin.pwd --host=serverhost --port=8989 --config=config1 acl-max-entries=120
See CLI Reference, set-webdav-prop(1).
To view WebDAV properties at the server level, execute the following command:
wadm> get-webdav-prop --user=admin --password-file=admin.pwd --host=serverhost --port=8989 --config=config1
See CLI Reference, get-webdav-prop(1).
To set WebDAV collection properties, execute the following command:
wadm> set-dav-collection-prop --user=admin --password-file=admin.pwd --host=serverhost --port=8989 --config=config1 --vs=config1_vs_1 --uri=/dav_config1 min-lock-timeout=1
See CLI Reference, set-dav-collection-prop(1).
To view WebDAV collection properties, execute the following command:
wadm> get-dav-collection-prop --user=admin --password-file=admin.pwd --host=serverhost --port=8989 -config=config1 --vs=config1_vs_1 --uri=/dav_config1
See CLI Reference, get-dav-collection-prop(1).
Some common WebDAV properties are listed in the following table:Table 10–1 WebDAV Parameters
Lock Database Path
Specify the directory in which the locking database will be maintained.
Minimum Lock Time-out
Specify the minimum lifetime of a lock in seconds. A value of -1 implies that the lock never expires. This value indicates the amount of time that an element will be locked before the lock is automatically removed.
Maximum Request Size
Specify the maximum size of the XML request body. You should configure this value to prevent possible denial of service attacks. The default value is 8192 (8K).
Maximum Expand Property Depth
Specify the depth of the Expand Property. 0 applies only to the specified resource. This is the default value. 1 applies to the specified resource and the next level. infinity applies to the specified resource and all resources it contains. Also prevent excessive memory consumption by restricting the size of this parameter.
Default owner for the collection.
Existing root URI on which WebDAV will be enabled.
Maximum PROPFIND Depth
Maximum depth of PROPFIND requests send to collections.
Lock Database Update Interval
Interval at which WebDAV lock databases are synced to disk. Use 0 to disable caching of WebDAV lock information.
The ACL authentication database to use.
The authentication method to use. Default authentication method is Basic.
Authentication Prompt Text
The prompt to display to clients when requesting authentication.
DAV ACL Database
Maximum number of ACEs to allow on a single resource. 0–2147.0483647.0. Specify —1 for no limit.
Maximum size of the memory representation of the WebDAV ACL database for a collection. 0–2147.0483647.0. Specify —1 for no limit.
Interval at which WebDAV ACL databases are synced to disk. 0.001–3600 seconds. Specify 0 to disable caching of WebDAV ACL lists.
DAV Property Database
Maximum size of WebDAV property database files. 0–2147.0483647.0. Specify —1 for no limit.
Interval at which WebDAV property databases are synced to disk. 0.01–3600 seconds. Specify 0 to disable caching of WebDAV properties.
To disable WebDAV at server level, execute the following command:
wadm> disable-webdav --user=admin --password-file=admin.pwd --host=serverhost --port=8989 --config=config1
See CLI Reference, disable-webdav(1).
From the administration console, click WebDAV tab from the selected configuration to edit WebDAV authentication database settings. The following table provides a short description of each field in the page:Table 10–2 WebDAV Authentication Database Properties
Authentication Database lets you select a database the server will use to authenticate users.
The default is keyfile
Authentication Prompt Text
Prompt for Authentication option enables you to enter message text that appears in the authentication dialog box. You can use this text to describe what the user needs to enter. Depending on the browser, the user will see about the first 40 characters of the prompt.
Web browsers typically cache the username and password, and associate them with the prompt text. When the user accesses files and directories of the server having the same prompt, the usernames and passwords won’t need to be entered again. If you want users to authenticate again for specific files and directories, you simply need to change the prompt for the ACL on that resource.
WebDAV methods operate on the source of a resource or a collection. HTTP methods such as GET and PUT are overloaded by the WebDAV protocol and therefore, a request with these methods can either be a request to the source of the resource or a request to the content (output) of the resource.
Microsoft and many other WebDAV vendors have addressed this problem by sending a Translate:f header with the request to inform the server that the request is for the source. In order to be interoperable with the popular WebDAV client Microsoft WebFolders, the server recognizes the Translate:f header as a request to the source of the resource. To accommodate clients that do not send the Translate:f header, the server defines a source URI.
For a WebDAV-enabled collection, the request to the URI retrieves the content (output) of the resource and a request to the source URI retrieves the source of the resource. A request to the URI with a Translate:f header is treated as a request to the source URI.
Note that by default all access to the source of a resource is denied by the dav-src ACL with the following declaration in the server instance-specific ACL file:
deny (all) user = "anyone";
An user can enable access to the source to a user by adding access rights to the source URI.
The server enables the server administrator to lock a resource so as to serialize access to that resource. Using a lock, a user accessing a particular resource is reassured that another user will not modify the same resource. In this way, the "lost updates" problem is resolved as multiple users share resources on the server. The lock database maintained by the server keeps track of the lock tokens issued and in use by clients.
The server supports the opaquelocktoken URI scheme, which is designed to be unique across all resources for all time. This uses the Universal Unique Identifier (UUID) mechanism, as described in ISO-1157.08.
The server recognizes two types of locking mechanisms:
Exclusive locking sometimes proves to be too rigid and expensive a mechanism for locking resources. For example, in the event of a program crash or the lock owner forgetting to unlock the resource, a lock timeout or the administrator’s intervention will be required to remove the exclusive lock.
When using shared locks, lock owners may use any other communication channel to coordinate their work. The intent of a shared lock is to let collaborators know who else may be working on a resource.
You can control locking by configuring the value of the minlocktimeout attribute of the DAV or DAVCOLLECTION objects in the server.xml file. The minlocktimeout attribute specifies the minimum lifetime of a lock in seconds. This value indicates the amount of time that an element will be locked before the lock is automatically removed.
This is an optional attribute. If the value is set to -1, the lock will never expire. Setting the value to 0 enables all the resources in the collection to be locked with the Timeout header specified in the request.
If no Timeout header is specified, then the resource is locked with infinite timeout. If a request has a Timeout header set to the value Infinite, then also, the resource is locked with infinite timeout.
If the request for a WebDAV resource has a Timeout header value that is equal to or greater than the minlocktimeout value specified in server.xml, then the resource is locked for the period of time specified in the request.
However, if the request has a Timeout header value that is lower than the minlocktimeout value specified in server.xml, then the resource is locked with the minlocktimeout value specified in server.xml.
The following table illustrates how the server handles locking requests:Table 10–3 How Web Server handles locking requests
If Timeout header value in Request is set to:
The resource is:
Locked with timeout set to -1 (infinite)
Locked with timeout set to -1 (infinite)
To set lock expiry through CLI, execute the following command:
wadm> expire-lock --user=admin --password-file=admin.pwd --host=serverhost--port=8989 --config=config1 --vs=config1 --collection-uri=/dav1 --lock-uri=/dav1/file.html --opaque-token=opaquelocktoken
See CLI Reference, expire-lock(1).
In the above example opaque-token specifies the ID of the lock that you want to set to expire.
To display existing locks through CLI, execute the following command:
wadm> list-locks --user=admin --password-file=admin.pwd --host=serverhost --port=8989 --config=config1 --vs config1 --collection-uri=/dav1
See CLI Reference, list-locks(1).