jackrabbit-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r1154123 - in /jackrabbit/branches/2.2: ./ jackrabbit-jcr-server/src/main/java/org/apache/jackrabbit/webdav/jcr/ jackrabbit-jcr-server/src/main/java/org/apache/jackrabbit/webdav/simple/ jackrabbit-standalone/src/main/resources/WEB-INF/ jack...
Date Fri, 05 Aug 2011 08:28:57 GMT
Author: angela
Date: Fri Aug  5 08:28:57 2011
New Revision: 1154123

URL: http://svn.apache.org/viewvc?rev=1154123&view=rev
Log:
2.2: Merging Revision 1152258 (JCR-3036)

Added:
    jackrabbit/branches/2.2/jackrabbit-webdav/src/main/java/org/apache/jackrabbit/webdav/util/CSRFUtil.java
      - copied unchanged from r1152258, jackrabbit/trunk/jackrabbit-webdav/src/main/java/org/apache/jackrabbit/webdav/util/CSRFUtil.java
    jackrabbit/branches/2.2/jackrabbit-webdav/src/test/java/org/apache/jackrabbit/webdav/util/
      - copied from r1152258, jackrabbit/trunk/jackrabbit-webdav/src/test/java/org/apache/jackrabbit/webdav/util/
    jackrabbit/branches/2.2/jackrabbit-webdav/src/test/java/org/apache/jackrabbit/webdav/util/CSRFUtilTest.java
      - copied unchanged from r1152258, jackrabbit/trunk/jackrabbit-webdav/src/test/java/org/apache/jackrabbit/webdav/util/CSRFUtilTest.java
    jackrabbit/branches/2.2/jackrabbit-webdav/src/test/java/org/apache/jackrabbit/webdav/util/TestAll.java
      - copied unchanged from r1152258, jackrabbit/trunk/jackrabbit-webdav/src/test/java/org/apache/jackrabbit/webdav/util/TestAll.java
Modified:
    jackrabbit/branches/2.2/   (props changed)
    jackrabbit/branches/2.2/jackrabbit-jcr-server/src/main/java/org/apache/jackrabbit/webdav/jcr/JCRWebdavServerServlet.java
    jackrabbit/branches/2.2/jackrabbit-jcr-server/src/main/java/org/apache/jackrabbit/webdav/simple/SimpleWebdavServlet.java
    jackrabbit/branches/2.2/jackrabbit-standalone/src/main/resources/WEB-INF/web.xml
    jackrabbit/branches/2.2/jackrabbit-webapp/src/main/webapp/WEB-INF/web.xml
    jackrabbit/branches/2.2/jackrabbit-webdav/src/main/java/org/apache/jackrabbit/webdav/server/AbstractWebdavServlet.java

Propchange: jackrabbit/branches/2.2/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Fri Aug  5 08:28:57 2011
@@ -2,4 +2,4 @@
 /jackrabbit/sandbox/JCR-1456:774917-886178
 /jackrabbit/sandbox/JCR-2170:812417-816332
 /jackrabbit/sandbox/tripod-JCR-2209:795441-795863
-/jackrabbit/trunk:1038201,1038203,1038205,1038657,1039064,1039347,1039408,1039422-1039423,1039888,1039946,1040033,1040090,1040459,1040601,1040606,1040661,1040958,1041379,1041439,1041761,1042643,1042647,1042978-1042982,1043084-1043086,1043088,1043343,1043357-1043358,1043430,1043554,1043616,1043618,1043637,1043656,1043893,1043897,1044239,1044312,1044451,1044613,1049473,1049491,1049514,1049518,1049520,1049859,1049870,1049874,1049878,1049880,1049883,1049889,1049891,1049894-1049895,1049899-1049901,1049909-1049911,1049915-1049916,1049919,1049923,1049925,1049931,1049936,1049939,1050212,1050298,1050346,1050551,1055068,1055070-1055071,1055116-1055117,1055127,1055134,1055164,1055498,1060431,1060434,1060753,1063756,1064670,1065599,1065622,1066059,1066071,1069831,1071562,1071573,1071680,1074140,1079314,1079317,1080186,1080540,1087304,1088991,1089032,1089053,1089436,1092106,1092117,1092683,1097363,1097513-1097514,1098963-1098964,1099033,1099172,1100286,1104027,1128175,1130192,1130228,113
 2993,1136353,1136360,1138511,1141141,1141717,1143738,1144332,1144338,1144695
+/jackrabbit/trunk:1038201,1038203,1038205,1038657,1039064,1039347,1039408,1039422-1039423,1039888,1039946,1040033,1040090,1040459,1040601,1040606,1040661,1040958,1041379,1041439,1041761,1042643,1042647,1042978-1042982,1043084-1043086,1043088,1043343,1043357-1043358,1043430,1043554,1043616,1043618,1043637,1043656,1043893,1043897,1044239,1044312,1044451,1044613,1049473,1049491,1049514,1049518,1049520,1049859,1049870,1049874,1049878,1049880,1049883,1049889,1049891,1049894-1049895,1049899-1049901,1049909-1049911,1049915-1049916,1049919,1049923,1049925,1049931,1049936,1049939,1050212,1050298,1050346,1050551,1055068,1055070-1055071,1055116-1055117,1055127,1055134,1055164,1055498,1060431,1060434,1060753,1063756,1064670,1065599,1065622,1066059,1066071,1069831,1071562,1071573,1071680,1074140,1079314,1079317,1080186,1080540,1087304,1088991,1089032,1089053,1089436,1092106,1092117,1092683,1097363,1097513-1097514,1098963-1098964,1099033,1099172,1100286,1104027,1128175,1130192,1130228,113
 2993,1136353,1136360,1138511,1141141,1141717,1143738,1144332,1144338,1144695,1152258

Modified: jackrabbit/branches/2.2/jackrabbit-jcr-server/src/main/java/org/apache/jackrabbit/webdav/jcr/JCRWebdavServerServlet.java
URL: http://svn.apache.org/viewvc/jackrabbit/branches/2.2/jackrabbit-jcr-server/src/main/java/org/apache/jackrabbit/webdav/jcr/JCRWebdavServerServlet.java?rev=1154123&r1=1154122&r2=1154123&view=diff
==============================================================================
--- jackrabbit/branches/2.2/jackrabbit-jcr-server/src/main/java/org/apache/jackrabbit/webdav/jcr/JCRWebdavServerServlet.java
(original)
+++ jackrabbit/branches/2.2/jackrabbit-jcr-server/src/main/java/org/apache/jackrabbit/webdav/jcr/JCRWebdavServerServlet.java
Fri Aug  5 08:28:57 2011
@@ -60,20 +60,6 @@ public abstract class JCRWebdavServerSer
     public static final String INIT_PARAM_RESOURCE_PATH_PREFIX = "resource-path-prefix";
 
     /**
-     * Name of the optional init parameter that defines the value of the
-     * 'WWW-Authenticate' header.<p/>
-     * If the parameter is omitted the default value
-     * {@link #DEFAULT_AUTHENTICATE_HEADER "Basic Realm=Jackrabbit Webdav Server"}
-     * is used.
-     *
-     * @see #getAuthenticateHeaderValue()
-     */
-    public static final String INIT_PARAM_AUTHENTICATE_HEADER = "authenticate-header";
-
-    /** the 'missing-auth-mapping' init parameter */
-    public final static String INIT_PARAM_MISSING_AUTH_MAPPING = "missing-auth-mapping";
-
-    /**
      * Servlet context attribute used to store the path prefix instead of
      * having a static field with this servlet. The latter causes problems
      * when running multiple
@@ -81,7 +67,6 @@ public abstract class JCRWebdavServerSer
     public static final String CTX_ATTR_RESOURCE_PATH_PREFIX = "jackrabbit.webdav.jcr.resourcepath";
 
     private String pathPrefix;
-    private String authenticate_header;
 
     private JCRWebdavServer server;
     private DavResourceFactory resourceFactory;
@@ -107,12 +92,6 @@ public abstract class JCRWebdavServerSer
         getServletContext().setAttribute(CTX_ATTR_RESOURCE_PATH_PREFIX, pathPrefix);
         log.debug(INIT_PARAM_RESOURCE_PATH_PREFIX + " = " + pathPrefix);
 
-        authenticate_header = getInitParameter(INIT_PARAM_AUTHENTICATE_HEADER);
-        if (authenticate_header == null) {
-            authenticate_header = DEFAULT_AUTHENTICATE_HEADER;
-        }
-        log.debug(INIT_PARAM_AUTHENTICATE_HEADER + " = " + authenticate_header);
-
         txMgr = new TxLockManagerImpl();
         subscriptionMgr = new SubscriptionManagerImpl();
         txMgr.addTransactionListener((SubscriptionManagerImpl) subscriptionMgr);
@@ -232,18 +211,6 @@ public abstract class JCRWebdavServerSer
     }
 
     /**
-     * Returns the init param of the servlet configuration or
-     * {@link #DEFAULT_AUTHENTICATE_HEADER} as default value.
-     *
-     * @return corresponding init parameter or {@link #DEFAULT_AUTHENTICATE_HEADER}.
-     * @see #INIT_PARAM_AUTHENTICATE_HEADER
-     */
-    @Override
-    public String getAuthenticateHeaderValue() {
-        return authenticate_header;
-    }
-
-    /**
      * Modified variant needed for JCR move and copy that isn't compliant to
      * WebDAV. The latter requires both methods to fail if the destination already
      * exists and Overwrite is set to F (false); in JCR however this depends on

Modified: jackrabbit/branches/2.2/jackrabbit-jcr-server/src/main/java/org/apache/jackrabbit/webdav/simple/SimpleWebdavServlet.java
URL: http://svn.apache.org/viewvc/jackrabbit/branches/2.2/jackrabbit-jcr-server/src/main/java/org/apache/jackrabbit/webdav/simple/SimpleWebdavServlet.java?rev=1154123&r1=1154122&r2=1154123&view=diff
==============================================================================
--- jackrabbit/branches/2.2/jackrabbit-jcr-server/src/main/java/org/apache/jackrabbit/webdav/simple/SimpleWebdavServlet.java
(original)
+++ jackrabbit/branches/2.2/jackrabbit-jcr-server/src/main/java/org/apache/jackrabbit/webdav/simple/SimpleWebdavServlet.java
Fri Aug  5 08:28:57 2011
@@ -66,20 +66,6 @@ public abstract class SimpleWebdavServle
     public static final String INIT_PARAM_RESOURCE_PATH_PREFIX = "resource-path-prefix";
 
     /**
-     * Name of the optional init parameter that defines the value of the
-     * 'WWW-Authenticate' header.<p/>
-     * If the parameter is omitted the default value
-     * {@link #DEFAULT_AUTHENTICATE_HEADER "Basic Realm=Jackrabbit Webdav Server"}
-     * is used.
-     *
-     * @see #getAuthenticateHeaderValue()
-     */
-    public static final String INIT_PARAM_AUTHENTICATE_HEADER = "authenticate-header";
-
-    /** the 'missing-auth-mapping' init parameter */
-    public final static String INIT_PARAM_MISSING_AUTH_MAPPING = "missing-auth-mapping";
-
-    /**
      * Name of the init parameter that specify a separate configuration used
      * for filtering the resources displayed.
      */
@@ -105,11 +91,6 @@ public abstract class SimpleWebdavServle
     private String resourcePathPrefix;
 
     /**
-     * Header value as specified in the {@link #INIT_PARAM_AUTHENTICATE_HEADER} parameter.
-     */
-    private String authenticate_header;
-
-    /**
      * Map used to remember any webdav lock created without being reflected
      * in the underlying repository.
      * This is needed because some clients rely on a successful locking
@@ -162,12 +143,6 @@ public abstract class SimpleWebdavServle
         getServletContext().setAttribute(CTX_ATTR_RESOURCE_PATH_PREFIX, resourcePathPrefix);
         log.info(INIT_PARAM_RESOURCE_PATH_PREFIX + " = '" + resourcePathPrefix + "'");
 
-        authenticate_header = getInitParameter(INIT_PARAM_AUTHENTICATE_HEADER);
-        if (authenticate_header == null) {
-            authenticate_header = DEFAULT_AUTHENTICATE_HEADER;
-        }
-        log.info("WWW-Authenticate header = '" + authenticate_header + "'");
-
         config = new ResourceConfig(getDetector());
         String configParam = getInitParameter(INIT_PARAM_RESOURCE_CONFIG);
         if (configParam != null) {
@@ -387,20 +362,6 @@ public abstract class SimpleWebdavServle
     }
 
     /**
-     * Returns the header value retrieved from the {@link #INIT_PARAM_AUTHENTICATE_HEADER}
-     * init parameter. If the parameter is missing, the value defaults to
-     * {@link #DEFAULT_AUTHENTICATE_HEADER}.
-     *
-     * @return the header value retrieved from the corresponding init parameter
-     * or {@link #DEFAULT_AUTHENTICATE_HEADER}.
-     * @see AbstractWebdavServlet#getAuthenticateHeaderValue()
-     */
-    @Override
-    public String getAuthenticateHeaderValue() {
-        return authenticate_header;
-    }
-
-    /**
      * Returns the resource configuration to be applied
      *
      * @return the resource configuration.

Modified: jackrabbit/branches/2.2/jackrabbit-standalone/src/main/resources/WEB-INF/web.xml
URL: http://svn.apache.org/viewvc/jackrabbit/branches/2.2/jackrabbit-standalone/src/main/resources/WEB-INF/web.xml?rev=1154123&r1=1154122&r2=1154123&view=diff
==============================================================================
--- jackrabbit/branches/2.2/jackrabbit-standalone/src/main/resources/WEB-INF/web.xml (original)
+++ jackrabbit/branches/2.2/jackrabbit-standalone/src/main/resources/WEB-INF/web.xml Fri Aug
 5 08:28:57 2011
@@ -44,7 +44,6 @@
             The webdav servlet that connects HTTP request to the repository.
         </description>
         <servlet-class>org.apache.jackrabbit.j2ee.SimpleWebdavServlet</servlet-class>
-
         <init-param>
             <param-name>resource-path-prefix</param-name>
             <param-value>/repository</param-value>
@@ -59,6 +58,22 @@
                 Defines various dav-resource configuration parameters.
             </description>
         </init-param>
+        <!--
+            Optional parameter to define the behaviour of the referrer-based CSRF protection
+        -->
+        <!--
+        <init-param>
+            <param-name>csrf-protection</param-name>
+            <param-value>host1.domain.com,host2.domain.org</param-value>
+            <description>
+                Defines the behaviour of the referrer based CSRF protection
+                1) If omitted or left empty the (default) behaviour is to allow only requests
with
+                   an empty referrer header or a referrer host equal to the server host
+                2) May also contain a comma separated list of additional allowed referrer
hosts
+                3) If set to 'disabled' no referrer checking will be performed at all
+            </description>
+        </init-param>
+        -->
         <load-on-startup>3</load-on-startup>
     </servlet>
 
@@ -128,6 +143,22 @@
             <description>JcrRemotingServlet: Optional mapping from node type names
to default depth.</description>
         </init-param>
         -->
+        <!--
+            Optional parameter to define the behaviour of the referrer-based CSRF protection
+        -->
+        <!--
+        <init-param>
+            <param-name>csrf-protection</param-name>
+            <param-value>host1.domain.com,host2.domain.org</param-value>
+            <description>
+                Defines the behaviour of the referrer based CSRF protection
+                1) If omitted or left empty the (default) behaviour is to allow only requests
with
+                   an empty referrer header or a referrer host equal to the server host
+                2) May also contain a comma separated list of additional allowed referrer
hosts
+                3) If set to 'disabled' no referrer checking will be performed at all
+            </description>
+        </init-param>
+        -->
         <load-on-startup>5</load-on-startup>
     </servlet>
 

Modified: jackrabbit/branches/2.2/jackrabbit-webapp/src/main/webapp/WEB-INF/web.xml
URL: http://svn.apache.org/viewvc/jackrabbit/branches/2.2/jackrabbit-webapp/src/main/webapp/WEB-INF/web.xml?rev=1154123&r1=1154122&r2=1154123&view=diff
==============================================================================
--- jackrabbit/branches/2.2/jackrabbit-webapp/src/main/webapp/WEB-INF/web.xml (original)
+++ jackrabbit/branches/2.2/jackrabbit-webapp/src/main/webapp/WEB-INF/web.xml Fri Aug  5 08:28:57
2011
@@ -147,7 +147,7 @@
           <description>
             If this is set, the RepositoryAccessServlet expects a Repository in the ServletContext

             attribute having this name. This allows servlets of this module to be used with
repositories
-            intialized by the jackrabbit-jcr-servlet module utilities.
+            initialized by the jackrabbit-jcr-servlet module utilities.
           </description>
         </init-param>
          -->
@@ -210,7 +210,7 @@
              <description>
                  Defines how a missing authorization header should be handled.
                  1) If this init-param is missing, a 401 response is generated.
-                    This is suiteable for clients (eg. webdav clients) for which
+                    This is suitable for clients (eg. webdav clients) for which
                     sending a proper authorization header is not possible if the
                     server never sent a 401.
                  2) If this init-param is present with an empty value,
@@ -237,7 +237,7 @@
         -->
         <!--
             Parameter used to configure behaviour of webdav resources such as:
-            - destinction between collections and non-collections
+            - distinction between collections and non-collections
             - resource filtering
         -->
         <init-param>
@@ -247,6 +247,22 @@
                 Defines various dav-resource configuration parameters.
             </description>
         </init-param>
+       <!--
+            Optional parameter to define the behaviour of the referrer-based CSRF protection
+        -->
+        <!--
+        <init-param>
+            <param-name>csrf-protection</param-name>
+            <param-value>host1.domain.com,host2.domain.org</param-value>
+            <description>
+                Defines the behaviour of the referrer based CSRF protection
+                1) If omitted or left empty the (default) behaviour is to allow only requests
with
+                   an empty referrer header or a referrer host equal to the server host
+                2) May also contain a comma separated list of additional allowed referrer
hosts
+                3) If set to 'disabled' no referrer checking will be performed at all
+            </description>
+        </init-param>
+        -->
         <load-on-startup>4</load-on-startup>
     </servlet>
 
@@ -265,7 +281,7 @@
             <description>
                 Defines how a missing authorization header should be handled.
                  1) If this init-param is missing, a 401 response is generated.
-                    This is suiteable for clients (eg. webdav clients) for which
+                    This is suitable for clients (eg. webdav clients) for which
                     sending a proper authorization header is not possible if the
                     server never sent a 401.
                  2) If this init-param is present with an empty value,
@@ -316,7 +332,22 @@
             <param-value>/WEB-INF/batchread.properties</param-value>
             <description>JcrRemotingServlet: Optional mapping from node type names
to default depth.</description>
         </init-param>        
-        <load-on-startup>5</load-on-startup>
+        <!--
+            Optional parameter to define the behaviour of the referrer-based CSRF protection
+        -->
+        <!--
+        <init-param>
+            <param-name>csrf-protection</param-name>
+            <param-value>host1.domain.com,host2.domain.org</param-value>
+            <description>
+                Defines the behaviour of the referrer based CSRF protection
+                1) If omitted or left empty the (default) behaviour is to allow only requests
with
+                   an empty referrer header or a referrer host equal to the server host
+                2) May also contain a comma separated list of additional allowed referrer
hosts
+                3) If set to 'disabled' no referrer checking will be performed at all
+            </description>
+        </init-param>
+        -->       <load-on-startup>5</load-on-startup>
     </servlet>
 
     <!-- ====================================================================== -->

Modified: jackrabbit/branches/2.2/jackrabbit-webdav/src/main/java/org/apache/jackrabbit/webdav/server/AbstractWebdavServlet.java
URL: http://svn.apache.org/viewvc/jackrabbit/branches/2.2/jackrabbit-webdav/src/main/java/org/apache/jackrabbit/webdav/server/AbstractWebdavServlet.java?rev=1154123&r1=1154122&r2=1154123&view=diff
==============================================================================
--- jackrabbit/branches/2.2/jackrabbit-webdav/src/main/java/org/apache/jackrabbit/webdav/server/AbstractWebdavServlet.java
(original)
+++ jackrabbit/branches/2.2/jackrabbit-webdav/src/main/java/org/apache/jackrabbit/webdav/server/AbstractWebdavServlet.java
Fri Aug  5 08:28:57 2011
@@ -62,6 +62,7 @@ import org.apache.jackrabbit.webdav.secu
 import org.apache.jackrabbit.webdav.security.AclResource;
 import org.apache.jackrabbit.webdav.transaction.TransactionInfo;
 import org.apache.jackrabbit.webdav.transaction.TransactionResource;
+import org.apache.jackrabbit.webdav.util.CSRFUtil;
 import org.apache.jackrabbit.webdav.version.ActivityResource;
 import org.apache.jackrabbit.webdav.version.DeltaVConstants;
 import org.apache.jackrabbit.webdav.version.DeltaVResource;
@@ -101,6 +102,20 @@ abstract public class AbstractWebdavServ
      */
     private static Logger log = LoggerFactory.getLogger(AbstractWebdavServlet.class);
 
+    /** the 'missing-auth-mapping' init parameter */
+    public final static String INIT_PARAM_MISSING_AUTH_MAPPING = "missing-auth-mapping";
+
+    /**
+     * Name of the optional init parameter that defines the value of the
+     * 'WWW-Authenticate' header.<p/>
+     * If the parameter is omitted the default value
+     * {@link #DEFAULT_AUTHENTICATE_HEADER "Basic Realm=Jackrabbit Webdav Server"}
+     * is used.
+     *
+     * @see #getAuthenticateHeaderValue()
+     */
+    public static final String INIT_PARAM_AUTHENTICATE_HEADER = "authenticate-header";
+
     /**
      * Default value for the 'WWW-Authenticate' header, that is set, if request
      * results in a {@link DavServletResponse#SC_UNAUTHORIZED 401 (Unauthorized)}
@@ -111,6 +126,43 @@ abstract public class AbstractWebdavServ
     public static final String DEFAULT_AUTHENTICATE_HEADER = "Basic realm=\"Jackrabbit Webdav
Server\"";
 
     /**
+     * Name of the parameter that specifies the configuration of the CSRF protection.
+     * May contain a comma-separated list of allowed referrer hosts.
+     * If the parameter is omitted or left empty the behaviour is to only allow requests
which have an empty referrer
+     * or a referrer host equal to the server host.
+     * If the parameter is set to 'disabled' no referrer checks will be performed at all.
+     */
+    public static final String INIT_PARAM_CSRF_PROTECTION = "csrf-protection";
+
+
+    /**
+     * Header value as specified in the {@link #INIT_PARAM_AUTHENTICATE_HEADER} parameter.
+     */
+    private String authenticate_header;
+
+    /**
+     * CSRF protection utility
+     */
+    private CSRFUtil csrfUtil;
+
+    @Override
+    public void init() throws ServletException {
+        super.init();
+
+        // authenticate header
+        authenticate_header = getInitParameter(INIT_PARAM_AUTHENTICATE_HEADER);
+        if (authenticate_header == null) {
+            authenticate_header = DEFAULT_AUTHENTICATE_HEADER;
+        }
+        log.info(INIT_PARAM_AUTHENTICATE_HEADER + " = " + authenticate_header);
+        
+        // read csrf protection params
+        String csrfParam = getInitParameter(INIT_PARAM_CSRF_PROTECTION);
+        csrfUtil = new CSRFUtil(csrfParam);
+        log.info(INIT_PARAM_CSRF_PROTECTION + " = " + csrfParam);
+    }
+
+    /**
      * Checks if the precondition for this request and resource is valid.
      *
      * @param request
@@ -163,11 +215,15 @@ abstract public class AbstractWebdavServ
 
     /**
      * Returns the value of the 'WWW-Authenticate' header, that is returned in
-     * case of 401 error.
+     * case of 401 error: the value is retrireved from the corresponding init
+     * param or defaults to {@link #DEFAULT_AUTHENTICATE_HEADER}.
      *
-     * @return value of the 'WWW-Authenticate' header
+     * @return corresponding init parameter or {@link #DEFAULT_AUTHENTICATE_HEADER}.
+     * @see #INIT_PARAM_AUTHENTICATE_HEADER
      */
-    abstract public String getAuthenticateHeaderValue();
+    public String getAuthenticateHeaderValue() {
+        return authenticate_header;
+    }
 
     /**
      * Service the given request.
@@ -192,10 +248,16 @@ abstract public class AbstractWebdavServ
                 return;
             }
 
+            // perform referrer host checks if CSRF protection is enabled
+            if (!csrfUtil.isValidRequest(webdavRequest)) {
+                webdavResponse.sendError(HttpServletResponse.SC_FORBIDDEN);
+                return;
+            }
+
             // check matching if=header for lock-token relevant operations
             DavResource resource = getResourceFactory().createResource(webdavRequest.getRequestLocator(),
webdavRequest, webdavResponse);
             if (!isPreconditionValid(webdavRequest, resource)) {
-                webdavResponse.sendError(DavServletResponse.SC_PRECONDITION_FAILED);
+                webdavResponse.sendError(HttpServletResponse.SC_PRECONDITION_FAILED);
                 return;
             }
             if (!execute(webdavRequest, webdavResponse, methodCode, resource)) {



Mime
View raw message