Dec 19th, 2005, 04:08 PM
WebDAV home folders authorization
Hello dear forum members.
I'm wondering what is the best way to secure access to WebDAV server to provide functionality similar to user "home" folders, that is, user "a" should have full access rights to /a/*, user b to /b/* , etc. I'd like to use digest authentication filter on top webdav server (either slide or jackrabbit) and have separate authentication realm for each user. Current implementation of Digest Entry Point allows only static configuration of realm; Should I subclass DigestEntryPoint to achieve my goal?
Also, my question to Ben - as I've seen in forum history, you were going to create separate project for spring and webdav integration, so I can assume you solved similar kind of problem. Maybe a bit offtopic, what do you think, does jackrabbit has enough quality to be used in a production system as a webdav repository and server or it's better to use slide? The main problem I see with slide is lack of significant development activity since 2004 year and bad documentation.
Dec 20th, 2005, 11:46 AM
I'm interested in Acegi/WebDav as well.
Dec 21st, 2005, 02:38 PM
I found this link helpful in my search-
Ben talks about integrating Acegi, CAS and Jakarta Slide.
Ben, I'm curious if any your thoughts have changed since that time?
Jan 25th, 2006, 05:59 PM
I have not been monitoring how Slide or Jackrabbit are progressing as projects.
My needs with WebDAV were quite simple, so in the end I used Tomcat's WebDAV Servlet and then popped a Filter in front of it. The filter used Acegi Security's SecurityContextHolder to determine who the user is. It then checked the path the user was requesting from the WebDAV servlet, and sent back a redirect to their home directory if they were trying to access someone else's directory. It was simple, but worked fine. And I didn't need to implement a complex WebDAV server for this particular application's content management needs.