Online demo
Download
Contact

Because information matters

  • WebDAV permissions problem

  • We tried to make OpenKM as intuitive as possible, but an advice is always welcome.
It is currently Thu Jun 19, 2025 10:23 am

WebDAV permissions problem

We tried to make OpenKM as intuitive as possible, but an advice is always welcome.
Forum rules: Please, before asking something see the documentation wiki or use the search feature of the forum. And remember we don't have a crystal ball or mental readers, so if you post about an issue tell us which OpenKM are you using and also the browser and operating system version. For more info read How to Report Bugs Effectively.
 Reply

WebDAV permissions problem

 #14513  by mateuszknapik
 
Hello again :)
I think I've found a bug in WebDAV implementation.
Namely, when I try to overwrite a file, to which I have read-only permissions, file is not overwritten (what is good), but it gets Edited by [username] status and owner of this file (who has full permissions set in security tab) cannot edit it or unlock it. WebDAV application (Cyberduck) returns error.
Here's log from Cyberduck:
Code: Select all
HTTP/1.1 207 Multi-Status
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4.2.3.GA (build: SVNTag=JBoss_4_2_3_GA date=200807181439)/JBossWeb-2.0
Date: Wed, 14 Mar 2012 11:00:09 GMT
Content-Type: text/xml;charset=UTF-8
Content-Length: 16170
PROPFIND /OpenKM/webdav/okm_root/PLANOWANIE/2012/PLANOWANIE%20seryjna%20T2.xls HTTP/1.1
Depth: 1
Content-Type: text/xml; charset=utf-8
Content-Length: 99
Host: 127.0.0.1:4433
Connection: Keep-Alive
User-Agent: Cyberduck/4.2.1 (Mac OS X/10.6.8) (i386)
Authorization: Basic bWF0ZXVzemtuYXBpa0B0cmFuc2tldC5wbDpwb3phYmVrMg==
HTTP/1.1 207 Multi-Status
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4.2.3.GA (build: SVNTag=JBoss_4_2_3_GA date=200807181439)/JBossWeb-2.0
Date: Wed, 14 Mar 2012 11:00:42 GMT
Content-Type: text/xml;charset=UTF-8
Content-Length: 1166
PUT /OpenKM/webdav/okm_root/PLANOWANIE/2012/PLANOWANIE%20seryjna%20T2.xls HTTP/1.1
Expect: 100-continue
Content-Length: 45056
Content-Type: application/vnd.ms-excel
Host: 127.0.0.1:4433
Connection: Keep-Alive
User-Agent: Cyberduck/4.2.1 (Mac OS X/10.6.8) (i386)
Authorization: Basic bWF0ZXVzemtuYXBpa0B0cmFuc2tldC5wbDpwb3phYmVrMg==
HTTP/1.1 500 Internal Server Error
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4.2.3.GA (build: SVNTag=JBoss_4_2_3_GA date=200807181439)/JBossWeb-2.0
Content-Type: text/html
Transfer-Encoding: chunked
Date: Wed, 14 Mar 2012 11:00:48 GMT
Connection: close
PROPFIND /OpenKM/webdav/okm_root/PLANOWANIE/2012/ HTTP/1.1
Depth: 1
Content-Type: text/xml; charset=utf-8
Content-Length: 99
Host: 127.0.0.1:4433
Connection: Keep-Alive
User-Agent: Cyberduck/4.2.1 (Mac OS X/10.6.8) (i386)
Authorization: Basic bWF0ZXVzemtuYXBpa0B0cmFuc2tldC5wbDpwb3phYmVrMg==
HTTP/1.1 207 Multi-Status
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4.2.3.GA (build: SVNTag=JBoss_4_2_3_GA date=200807181439)/JBossWeb-2.0
Date: Wed, 14 Mar 2012 11:00:52 GMT
Content-Type: text/xml;charset=UTF-8
Content-Length: 16170
I've tested Interarchy and AnyClient and I always get the same results.

Best regards
Mateusz Knapik

Re: WebDAV permissions problem

 #14526  by pavila
 
Please, detail step by step the process to generate the bug. I'm a bit confused with your explanation.

Re: WebDAV permissions problem

 #14547  by mateuszknapik
 
Ok:
1. User A uploads file test.xls (via site or webdav, it doesn't matter) and sets it's permissions (in Security Tab) to this: http://dl.dropbox.com/u/99833/OpenKM/1.png.
2. User B logs on to OpenKM via WebDAV client (CyberDuck, AnyClient or other) and opens file test.doc.
3. User B tries to upload new version of test.doc (or he opened test.doc to edit, so when he closes Excel, WebDAV client tries to do it).
4. WebDAV client shows error (because user B doesn't have write permission). So far so good. (http://dl.dropbox.com/u/99833/OpenKM/2.png).
5. File is now in checked-out state (http://dl.dropbox.com/u/99833/OpenKM/3.png), so User A can't update it nor cancel check-out state :(

User A and User B are in the same group (have the same User Role).
Here is the output from server console:
Code: Select all
11:28:02,252 INFO  [Server] JBoss (MX MicroKernel) [4.2.3.GA (build: SVNTag=JBoss_4_2_3_GA date=200807181439)] Started in 44s:879ms
11:28:15,716 WARN  [DocConverter] system.openoffice.path not configured
11:28:15,803 WARN  [DocConverter] and also system.openoffice.server not configured
11:30:48,137 INFO  [MultiIndex] updating index with 1 nodes from indexing queue.
11:35:08,410 INFO  [WebDavProtocol] resourceTypeHelper: class com.bradmcevoy.http.webdav.WebDavResourceTypeHelper
11:35:08,410 INFO  [WebDavProtocol] quotaDataAccessor: class com.bradmcevoy.http.quota.DefaultQuotaDataAccessor
11:35:08,421 INFO  [WebDavProtocol] creating default patcheSetter: class com.bradmcevoy.http.webdav.PropertySourcePatchSetter
11:35:08,451 INFO  [HttpManager] PROPFIND :: http://127.0.0.1:8080/OpenKM/webdav/ - http://127.0.0.1:8080/OpenKM/webdav/
11:35:13,354 INFO  [HttpManager] PROPFIND :: http://127.0.0.1:8080/OpenKM/webdav/okm_root/ - http://127.0.0.1:8080/OpenKM/webdav/okm_root/
11:38:10,026 INFO  [HttpManager] GET :: http://127.0.0.1:8080/OpenKM/webdav/okm_root/test.xls - http://127.0.0.1:8080/OpenKM/webdav/okm_root/test.xls
11:38:16,828 INFO  [HttpManager] PUT :: http://127.0.0.1:8080/OpenKM/webdav/okm_root/test.xls - http://127.0.0.1:8080/OpenKM/webdav/okm_root/test.xls
11:38:17,248 WARN  [DirectDocumentModule] /okm:root/test.xls/okm:content/jcr:lastModified: not allowed to add or modify item
javax.jcr.AccessDeniedException: /okm:root/test.xls/okm:content/jcr:lastModified: not allowed to add or modify item
	at org.apache.jackrabbit.core.ItemImpl.validateTransientItems(ItemImpl.java:407)
	at org.apache.jackrabbit.core.ItemImpl.save(ItemImpl.java:1083)
	at com.openkm.module.base.BaseDocumentModule.setContent(BaseDocumentModule.java:361)
	at com.openkm.module.direct.DirectDocumentModule.setContent(DirectDocumentModule.java:491)
	at com.openkm.api.OKMDocument.setContent(OKMDocument.java:222)
	at com.openkm.webdav.resource.FolderResource.createNew(FolderResource.java:201)
	at com.bradmcevoy.http.http11.PutHandler.processCreate(PutHandler.java:166)
	at com.bradmcevoy.http.http11.PutHandler.process(PutHandler.java:141)
	at com.bradmcevoy.http.StandardFilter.process(StandardFilter.java:32)
	at com.bradmcevoy.http.FilterChain.process(FilterChain.java:21)
	at com.bradmcevoy.http.HttpManager.process(HttpManager.java:174)
	at com.openkm.webdav.WebDavService.handleRequest(WebDavService.java:65)
	at com.openkm.webdav.WebDAVFilter.handleRequest(WebDAVFilter.java:77)
	at com.openkm.webdav.WebDAVFilter.doFilter(WebDAVFilter.java:56)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
	at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
	at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:182)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:432)
	at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
	at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262)
	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
	at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
	at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446)
	at java.lang.Thread.run(Thread.java:680)
11:38:17,249 WARN  [JCRUtils] node == NULL
11:38:17,249 ERROR [StandardFilter] process
java.lang.RuntimeException: Failed to create: /okm:root/test.xls/okm:content/jcr:lastModified: not allowed to add or modify item
	at com.openkm.webdav.resource.FolderResource.createNew(FolderResource.java:225)
	at com.bradmcevoy.http.http11.PutHandler.processCreate(PutHandler.java:166)
	at com.bradmcevoy.http.http11.PutHandler.process(PutHandler.java:141)
	at com.bradmcevoy.http.StandardFilter.process(StandardFilter.java:32)
	at com.bradmcevoy.http.FilterChain.process(FilterChain.java:21)
	at com.bradmcevoy.http.HttpManager.process(HttpManager.java:174)
	at com.openkm.webdav.WebDavService.handleRequest(WebDavService.java:65)
	at com.openkm.webdav.WebDAVFilter.handleRequest(WebDAVFilter.java:77)
	at com.openkm.webdav.WebDAVFilter.doFilter(WebDAVFilter.java:56)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
	at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
	at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:182)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:432)
	at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
	at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262)
	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
	at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
	at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446)
	at java.lang.Thread.run(Thread.java:680)
Caused by: com.openkm.core.AccessDeniedException: /okm:root/test.xls/okm:content/jcr:lastModified: not allowed to add or modify item
	at com.openkm.module.direct.DirectDocumentModule.setContent(DirectDocumentModule.java:505)
	at com.openkm.api.OKMDocument.setContent(OKMDocument.java:222)
	at com.openkm.webdav.resource.FolderResource.createNew(FolderResource.java:201)
	... 27 more
Caused by: javax.jcr.AccessDeniedException: /okm:root/test.xls/okm:content/jcr:lastModified: not allowed to add or modify item
	at org.apache.jackrabbit.core.ItemImpl.validateTransientItems(ItemImpl.java:407)
	at org.apache.jackrabbit.core.ItemImpl.save(ItemImpl.java:1083)
	at com.openkm.module.base.BaseDocumentModule.setContent(BaseDocumentModule.java:361)
	at com.openkm.module.direct.DirectDocumentModule.setContent(DirectDocumentModule.java:491)
	... 29 more
11:45:12,985 INFO  [HttpManager] PUT :: http://127.0.0.1:8080/OpenKM/webdav/okm_root/test.xls - http://127.0.0.1:8080/OpenKM/webdav/okm_root/test.xls
11:45:13,012 ERROR [DirectDocumentModule] Node locked.
javax.jcr.lock.LockException: Node locked.
	at org.apache.jackrabbit.core.lock.XAEnvironment.lock(XAEnvironment.java:146)
	at org.apache.jackrabbit.core.lock.XALockManager.lock(XALockManager.java:78)
	at org.apache.jackrabbit.core.lock.SessionLockManager.lock(SessionLockManager.java:160)
	at org.apache.jackrabbit.core.NodeImpl.lock(NodeImpl.java:4655)
	at com.openkm.module.direct.DirectDocumentModule.checkout(DirectDocumentModule.java:728)
	at com.openkm.api.OKMDocument.checkout(OKMDocument.java:162)
	at com.openkm.webdav.resource.FolderResource.createNew(FolderResource.java:200)
	at com.bradmcevoy.http.http11.PutHandler.processCreate(PutHandler.java:166)
	at com.bradmcevoy.http.http11.PutHandler.process(PutHandler.java:141)
	at com.bradmcevoy.http.StandardFilter.process(StandardFilter.java:32)
	at com.bradmcevoy.http.FilterChain.process(FilterChain.java:21)
	at com.bradmcevoy.http.HttpManager.process(HttpManager.java:174)
	at com.openkm.webdav.WebDavService.handleRequest(WebDavService.java:65)
	at com.openkm.webdav.WebDAVFilter.handleRequest(WebDAVFilter.java:77)
	at com.openkm.webdav.WebDAVFilter.doFilter(WebDAVFilter.java:56)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
	at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
	at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:182)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:432)
	at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
	at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262)
	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
	at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
	at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446)
	at java.lang.Thread.run(Thread.java:680)
11:45:13,013 ERROR [StandardFilter] process
java.lang.RuntimeException: Failed to create: Node locked.
	at com.openkm.webdav.resource.FolderResource.createNew(FolderResource.java:225)
	at com.bradmcevoy.http.http11.PutHandler.processCreate(PutHandler.java:166)
	at com.bradmcevoy.http.http11.PutHandler.process(PutHandler.java:141)
	at com.bradmcevoy.http.StandardFilter.process(StandardFilter.java:32)
	at com.bradmcevoy.http.FilterChain.process(FilterChain.java:21)
	at com.bradmcevoy.http.HttpManager.process(HttpManager.java:174)
	at com.openkm.webdav.WebDavService.handleRequest(WebDavService.java:65)
	at com.openkm.webdav.WebDAVFilter.handleRequest(WebDAVFilter.java:77)
	at com.openkm.webdav.WebDAVFilter.doFilter(WebDAVFilter.java:56)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
	at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
	at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:182)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:432)
	at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
	at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262)
	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
	at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
	at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446)
	at java.lang.Thread.run(Thread.java:680)
Caused by: com.openkm.core.LockException: Node locked.
	at com.openkm.module.direct.DirectDocumentModule.checkout(DirectDocumentModule.java:747)
	at com.openkm.api.OKMDocument.checkout(OKMDocument.java:162)
	at com.openkm.webdav.resource.FolderResource.createNew(FolderResource.java:200)
	... 27 more
Caused by: javax.jcr.lock.LockException: Node locked.
	at org.apache.jackrabbit.core.lock.XAEnvironment.lock(XAEnvironment.java:146)
	at org.apache.jackrabbit.core.lock.XALockManager.lock(XALockManager.java:78)
	at org.apache.jackrabbit.core.lock.SessionLockManager.lock(SessionLockManager.java:160)
	at org.apache.jackrabbit.core.NodeImpl.lock(NodeImpl.java:4655)
	at com.openkm.module.direct.DirectDocumentModule.checkout(DirectDocumentModule.java:728)
	... 29 more

Re: WebDAV permissions problem

 #14858  by pavila
 
I think now I understand the problem: user B checkouts a document but the does not have write permission so, this should be forbidden. Isn't it?

Re: WebDAV permissions problem

 #15055  by pavila
 
Can you try with a recent night build? I'm not able to reproduce the problem with WebDrive under Windows 7.
 Reply
 Return to “Usage”

Favorites

About Us

OpenKM is part of the management software. A management software is a program that facilitates the accomplishment of administrative tasks. OpenKM is a document management system that allows you to manage business content and workflow in a more efficient way. Document managers guarantee data protection by establishing information security for business content.

Powered By phpBB -
 ©OpenKM 2021
 - All times are UTC -