The documentation [1] says:
The WebDAV service uses the database user credentials in order to perform authentication and authorization. If database user and password are explicitly specified when starting the BaseX HTTP Server using the corresponding startup options, WebDAV will not request additional user authentication from the client.
[1] http://docs.basex.org/wiki/Webdav
I take this to mean that if I start basexhttp from a directory my-app, with a .basex file containing, among other things,
USER = myappuser PASSWORD = lips_are_sealed
then when the client issues a PUT request against a URI of the form http://localhost:8984/webdav/my_app_dir/mydoc34.xml the PUT will be accepted and mydoc34.xml will be added to the database or updated there, depending on whether myappuser has WRITE privileges to the database my_app_dir. I also take it to be saying that the WebDAV server will not ask the client for credentials.
(This last is important to me because it appears that in some Web browsers an XForms submission that requires credentials will cause the browser to ask the user for userid and password, and in other browsers the submission will fail silently. If I can just have BaseX use the application-specific user quietly, that will work fine for this particular application.)
However, what I'm seeing suggests that WebDAV is not using the userid specified in the .basex configuration file -- in my tests, one browser is prompting me for credentials and another is failing silently.
I suppose that what I'm seeing may be consistent with an error in the password in the .basex file, but I have tried it with passwords that are hard to mistype, so I don't think that that's it. I have not found a command to ask the server what user I currently am (the equivalent of whoami).
Am I misreading the documentation?
Hi Michael,
Thanks for your helpful report (and thanks for your edits in our Wiki, very appreciated!). Your interpretation of our documentation is completely correct: You should be able to skip the authentication process by specifying default credentials either in .basex (globally) in web.xml (globally, or specific to REST or WebDAV).
One of the pitfalls in WebDAV support is that the clients I experienced so far do slightly different things, so it took me a while to find out what could be the culprit. But I managed to trace the behavior you described with both Oxygen and the WebDAV plugin of the Total Commander. My assumption is that the non-conformance was introduced with the digest authentication support (which I couldn't test yet with the existing WebDAV clients I tried so far). I have uploaded a new snapshot [1], which hopefully fixes the behavior. If not, it may be that it will only be fixed with the next 8.0.1 patch release (8.0 is just too close..).
Hope this helps? Christian
[1] http://files.basex.org/releases/latest
On Fri, Feb 6, 2015 at 8:10 PM, C. M. Sperberg-McQueen cmsmcq@blackmesatech.com wrote:
The documentation [1] says:
The WebDAV service uses the database user credentials in order to perform authentication and authorization. If database user and password are explicitly specified when starting the BaseX HTTP Server using the corresponding startup options, WebDAV will not request additional user authentication from the client.
[1] http://docs.basex.org/wiki/Webdav
I take this to mean that if I start basexhttp from a directory my-app, with a .basex file containing, among other things,
USER = myappuser PASSWORD = lips_are_sealed
then when the client issues a PUT request against a URI of the form http://localhost:8984/webdav/my_app_dir/mydoc34.xml the PUT will be accepted and mydoc34.xml will be added to the database or updated there, depending on whether myappuser has WRITE privileges to the database my_app_dir. I also take it to be saying that the WebDAV server will not ask the client for credentials.
(This last is important to me because it appears that in some Web browsers an XForms submission that requires credentials will cause the browser to ask the user for userid and password, and in other browsers the submission will fail silently. If I can just have BaseX use the application-specific user quietly, that will work fine for this particular application.)
However, what I'm seeing suggests that WebDAV is not using the userid specified in the .basex configuration file -- in my tests, one browser is prompting me for credentials and another is failing silently.
I suppose that what I'm seeing may be consistent with an error in the password in the .basex file, but I have tried it with passwords that are hard to mistype, so I don't think that that's it. I have not found a command to ask the server what user I currently am (the equivalent of whoami).
Am I misreading the documentation?
--
- C. M. Sperberg-McQueen, Black Mesa Technologies LLC
- http://www.blackmesatech.com
- http://cmsmcq.com/mib
- http://balisage.net
basex-talk@mailman.uni-konstanz.de
-
C. M. Sperberg-McQueen -
Christian Grün