On Wed, Oct 2, 2024 at 4:47 PM Christopher Schultz <ch...@christopherschultz.net> wrote: > > Michael, > > On 10/1/24 12:14, Michael Osipov wrote: > > On 2024/10/01 15:20:53 Rémy Maucherat wrote: > >> On Tue, Oct 1, 2024 at 4:53 PM Michael Osipov <micha...@apache.org> wrote: > >>> > >>> Folks, > >>> > >>> I'd like to put some effort into the DefaultServlet and the WebDAV servlet > >>> to align them more with mod_autoindex and add some minor improvements if I > >>> can cover my usecases here at work. > >>> > >>> Currently, I use mod_dav which I want to replace with the WebDAV servlet > >>> because I don't have the authz components in HTTPd like I have in Tomcat > >>> (it is rather a pain since I need to sync groups into a local file). > >>> > >>> The config in HTTPd is straight forward: > >>>> <LocationMatch "^/(backend-dev|content-dev|prod)/dav(/|$)(.*)"> > >>>> ProxyPassMatch "!" > >>>> </LocationMatch> > >>>> > >>>> AliasMatch "^/(backend-dev|content-dev|prod)/dav(/|$)(.*)" > >>>> "/var/foo/$1$2$3" > >>>> <DirectoryMatch "^/var/foo/(backend-dev|content-dev|prod)(/|$)(.*)"> > >>>> Dav On > >>>> AuthType GSSAPI > >>>> AuthName "Foo WebDAV Repository" > >>>> AuthzSendForbiddenOnFailure On > >>>> Options Indexes > >>>> IndexOptions FancyIndexing FoldersFirst Charset=UTF-8 NameWidth=* > >>>> SuppressDescription > >>>> <Limit GET HEAD OPTIONS PROPFIND> > >>>> AuthGroupFile /var/foo/db/apache-groups.txt > >>>> Require group foo-maintainers bar-maintainers baz-maintainers > >>>> </Limit> > >>>> AddDefaultCharset utf-8 > >>>> AddType text/plain .log .tex > >>>> </DirectoryMatch> > >>> > >>> /(backend-dev|content-dev|prod) are proxied to three Tomcat instances, the > >>> config above would be replaced with subcontexts at > >>> /(backend-dev|content-dev|prod)#dav > >>> (solely for the DAV purpose) where the web.xml contains: > >>>> <servlet> > >>>> <servlet-name>webdav</servlet-name> > >>>> > >>>> <servlet-class>org.apache.catalina.servlets.WebdavServlet</servlet-class> > >>>> <init-param> > >>>> <param-name>listings</param-name> > >>>> <param-value>true</param-value> > >>>> </init-param> > >>>> <init-param> > >>>> <param-name>showServerInfo</param-name> > >>>> <param-value>false</param-value> > >>>> </init-param> > >>>> <init-param> > >>>> <param-name>sortListings</param-name> > >>>> <param-value>true</param-value> > >>>> </init-param> > >>>> <init-param> > >>>> <param-name>sortDirectoriesFirst</param-name> > >>>> <param-value>true</param-value> > >>>> </init-param> > >>>> <init-param> > >>>> <param-name>fileEncoding</param-name> > >>>> <param-value>UTF-8</param-value> > >>>> </init-param> > >>>> <load-on-startup>1</load-on-startup> > >>>> </servlet> > >>>> > >>>> <servlet-mapping> > >>>> <servlet-name>webdav</servlet-name> > >>>> <url-pattern>/*</url-pattern> > >>>> </servlet-mapping> > >>>> > >>>> <security-constraint> > >>>> <web-resource-collection> > >>>> <web-resource-name>WebDAV</web-resource-name> > >>>> <url-pattern>/*</url-pattern> > >>>> </web-resource-collection> > >>>> <auth-constraint> > >>>> <role-name>Foo Maintainer</role-name> > >>>> <role-name>Bar Maintainer</role-name> > >>>> <role-name>Baz Maintainer</role-name> > >>>> </auth-constraint> > >>>> </security-constraint> > >>> > >>> and the context.xml (for backend-dev): > >>>> <?xml version="1.0" encoding="UTF-8"?> > >>>> <Context> > >>>> <Listener > >>>> className="org.apache.catalina.core.PropertiesRoleMappingListener" /> > >>>> > >>>> <Valve > >>>> className="net.sf.michaelo.tomcat.authenticator.SpnegoAuthenticator" > >>>> loginEntryName="tomcat-accept" > >>>> sendAuthInfoResponseHeaders="true" /> > >>>> > >>>> <Realm > >>>> className="net.sf.michaelo.tomcat.realm.PacDataActiveDirectoryRealm" > >>>> loginEntryName="tomcat-accept" /> > >>>> > >>>> <Resources> > >>>> <PostResources base="/var/foo/backend-dev" > >>>> > >>>> className="org.apache.catalina.webresources.DirResourceSet" > >>>> webAppMount="/" /> > >>>> </Resources> > >>>> </Context> > >>> > >>> It just works from the browser, CarotDAV, the Windows Explorer, and > >>> py-webdavclient3. > >>> > >>> Now my question/concern is the Javadoc of the servlet [1] says: > >>>> The WebDAVServlet must not be used as the default servlet (ie mapped to > >>>> '/') as it will not work in this configuration. > >>> > >>> Well, it works, doesn't it? And the sample below maps to root as well: > >>>> <servlet-mapping> > >>>> <servlet-name>webdav</servlet-name> > >>>> <url-pattern>/*</url-pattern> > >>>> </servlet-mapping> > >>> > >>> So what is it now, can I safely use the servlet with this setup? > >>> There is nothing else in this WAR file except context.xml, web.xml and > >>> a properties file. > >> > >> /* mapping is very different from /. / is the default servlet. /* is > >> not and has a priority over it. > >> The javadoc which you linked to has a mapping example of the WebDAV > >> servlet using /*, which is 100% ok. > > > > Ahhh, you are right. It is a subtile difference. I want to evalute yet > > another option depicted in the DefaultServlet Javadoc, but in any case it > > looks good so far. > > IMHO It's worth pointing out in this same place in the documentation > that "/ is bad but /* is okay". When I read your question I thought "/ > != /*" but not every user would understand the distinction.
The javadoc of the WebDAV servlet is the only documentation there is, and it is correct and accurate. Default mapping of WebDAV does not make sense at all since all the other Servlets mappings take precedence over the / mapping. As a result, the file manipulations would fail as soon as anything else is mapped. It is now possible for a Servlet to detect its mappings. As a result it is doable to validate that the WebDAV Servlet is mapped exclusively to wildcard mappings, and produce an error if it is not. Maybe I'll do that ... Rémy --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
