jackrabbit-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Peter Darton" <pet...@intrinsica.co.uk>
Subject Error in jcr-server Webdav HTTP headers
Date Fri, 02 Dec 2005 10:05:01 GMT
At present, DAV Explorer won't log in to the JCR WebDav servlet - it
doesn't even ask for a username & password.  (Neither the Microsoft
WinXP WebDAV & Novell's NetDrive were as fussy and were happy to log in)
Using Ethereal, I compared the traffic for a valid Slide WebDav login
compared to a JCR WebDav login.

I've now found and fixed the problem on my local build, and I've now got
DAV Explorer to work with JCR Webdav.  Here's a description of the
bugfix:


In
jackrabbit/contrib/jcr-server/server/src/java/org/apache/jackrabbit/serv
er/AbstractWebdavServlet.java, there is a public static final String
DEFAULT_AUTHENTICATE_HEADER.
This is currently set to "Basic Realm=Jackrabbit Webdav Server".

This is not a valid string for use in this context as it is in breach of
RFC2617 for 2 reasons:
1) "Realm" should be "realm"
2) "Jackrabbit Webdav Server" should be in quotes, i.e. "\"Jackrabbit
Webdav Server\""
According to http://www.ietf.org/rfc/rfc2617.txt, a valid challenge
would be:
   WWW-Authenticate: Basic realm="WallyWorld"
Note that "realm" is not capitalised and "WallyWorld" has been enclosed
in quotes.


In other words, AbstractWebdavServlet.java line 82, which currently
reads:
    public static final String DEFAULT_AUTHENTICATE_HEADER = "Basic
Realm=Jackrabbit Webdav Server";
should be changed to read
    public static final String DEFAULT_AUTHENTICATE_HEADER = "Basic
realm=\"Jackrabbit Webdav Server\"";


_____________________________________________________________________
This e-mail has been scanned for viruses by MCI's Internet Managed Scanning Services - powered
by MessageLabs. For further information visit http://www.mci.com

Mime
View raw message