jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Raymond Bourges <raymond.bour...@univ-rennes1.fr>
Subject Re: The state of WebDAV Clients
Date Tue, 27 Nov 2007 15:16:13 GMT
Hi,

About: “Oliver made a fix in Subversion, but there was nobody who could 
release a fixed Slide, either as a minor update to the last Slide 
release years ago, or as a new release of the current code in Subversion.”

In ESUP-Portail project we have made a lot of work over Slide. Perhaps 
because of our poor English we didn’t communicate about this. Sorry.

Slide is used in many universities in France and we make a patch for 
Slide 2.1. You can find it here: 
http://www.esup-portail.org/consortium/espace/Securite/ESUP-2007-AVI-004-COR.zip

It takes the form of a patch of AbstractWebdavMethod Class in order to 
use a special EntityResolver that avoid XML Entity attack. It works on 
LOCK method like Oliver’s patch and with other commands like PROPFIND.

About ESUP-Portail project work over Slide we have:
- Authentication Filter (LDAP, SSO with CAS and Shibboleth)
- Specific Slide stores for groups (uPortal groups and Shibboleth’s 
attributes based groups)
- A Quota for WebDAV (RFC 4331) based on Slide event mechanism

Of course we plan to use Jackrabbit WebDAV server now. But, at this 
time, I don’t know if we can rewrite Slide extension in a jackrabbit 
environment. I just sign on jackrabbit mailing lists.

Jackrabbit seems to be to ACP compliant. I find some information in 
“Coming from Slide...” thread in users mailing list.
But have you some information on how to plug specific WebDAV group 
implementations in Jackrabbit? Is it spring enabled for example?

Thanks a lot.

Some information about ESUP-Portail WebDAV project:
- Web site: http://sourcesup.cru.fr/esup-webdav-srv/current/index.html
- The project site: http://sourcesup.cru.fr/projects/esup-webdav-srv/
- A recent presentation of Shibboleth mechanism: 
http://www.terena.org/activities/eurocamp/november07/slides/bourges-the-shibboleth-enabled-webdav.pdf


ossfwot@dubioso.net a écrit :
> Hello Chris,
>
>   
>> JackRabbit does not currently have a WebDAV client implementation
>> according to this post
>> (http://www.nabble.com/Webdav-Client-Examples--tf4803755.html#a13852979).
>>     
>
> The way I read this post, they have the implementation.
> It is just not released as a separate component.
>
> The released version of the Slide WebDAV client is
> based on HttpClient 2.0, which has been unsupported
> for years. It also includes contrib code from
> HttpClient which was never supported in the first
> place.
>
>   
>> I think it is clear that there is a need for
>> a project like this.
>>     
>
> That is good to know.
>
>   
>> Has there been any though in starting an Apache
>> Commons project to provide WebDAV support?
>>     
>
> Not as a Commons project, but it was discussed
> as a part of HttpComponents. The most recent
> discussion took place on general@jakarta:
> http://www.nabble.com/-discuss--Slide-%2B-HttpComponents-%3D%3E-TLP-tf4207242.html
>
> We made sure that the scope of the new
> HttpComponents TLP allows for releasing
> a WebDAV client, whether that is based on
> Slide or Jackrabbit or something else. But
> projects depend on volunteers to do the work.
>
>   
>> My understanding was that the Slide client was
>> stable and would probably provide a good starting
>> point for a WebDAV client.
>>     
>
> It has no unit tests, no developer community,
> and is based on an HttpClient API scheduled
> for replacement. The Jackrabbit WebDAV client
> is also based on an HttpClient API scheduled
> for replacement, but it has a developer community.
> I don't know about their unit tests.
>
>   
>> For more information on my WebDAV research see this post:
>> http://pragmaticchris.blogspot.com/2007/11/java-webdav-clients.html
>>     
>
> Thanks for the pointers. I may post a comment on
> your blog later this week. For now: we did not retire 
> Slide because Jackrabbit is a perfect replacement.
> We retired Slide because it had no developer
> community that could address a security vulnerability:
> http://www.nabble.com/Warning%3A-Security-Bug-in-Slide-tf4736066.html
>
> Oliver made a fix in Subversion, but there was
> nobody who could release a fixed Slide, either
> as a minor update to the last Slide release years
> ago, or as a new release of the current code in
> Subversion. Projects that cannot address security
> vulnerabilities need to be retired. This does not
> depend on the availability of an alternative. It
> depends only on the availability of a developer
> community.
>
> Users of the current Slide codebase are welcome
> to fork and support the code. They are even more
> welcome to form a new project to move away from
> the HttpClient 2.x/3.x API. I'm willing to invest
> some effort into that next year, after we've
> completed the HttpComponents move to TLP. But
> at the moment, I don't see too many people working
> on a WebDAV client. If you know any, please send
> them our way :-) The best starting point for now
> would be the Jackrabbit client code that is just
> waiting for somebody to release it.
>
> Of course you can always continue to use the
> Slide WebDAV client. There wasn't much support
> for some time, so the situation didn't really
> change by the retirement. It is now just obvious
> to anybody that the code is unsupported.
>
> cheers,
>   Roland
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: slide-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: slide-user-help@jakarta.apache.org
>
>   


Mime
  • Unnamed multipart/mixed (inline, None, 0 bytes)
View raw message