Open Source Document Management System | OpenKM

Because information matters
https://forum.openkm.com/

WebDAV permissions problem

https://forum.openkm.com/viewtopic.php?t=5825

Page 1 of 1

WebDAV permissions problem

PostPosted:Wed Mar 14, 2012 4:15 pm
by mateuszknapik
Hello again :)
I think I've found a bug in WebDAV implementation.
Namely, when I try to overwrite a file, to which I have read-only permissions, file is not overwritten (what is good), but it gets Edited by [username] status and owner of this file (who has full permissions set in security tab) cannot edit it or unlock it. WebDAV application (Cyberduck) returns error.
Here's log from Cyberduck:
Code: Select all
HTTP/1.1 207 Multi-Status
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4.2.3.GA (build: SVNTag=JBoss_4_2_3_GA date=200807181439)/JBossWeb-2.0
Date: Wed, 14 Mar 2012 11:00:09 GMT
Content-Type: text/xml;charset=UTF-8
Content-Length: 16170
PROPFIND /OpenKM/webdav/okm_root/PLANOWANIE/2012/PLANOWANIE%20seryjna%20T2.xls HTTP/1.1
Depth: 1
Content-Type: text/xml; charset=utf-8
Content-Length: 99
Host: 127.0.0.1:4433
Connection: Keep-Alive
User-Agent: Cyberduck/4.2.1 (Mac OS X/10.6.8) (i386)
Authorization: Basic bWF0ZXVzemtuYXBpa0B0cmFuc2tldC5wbDpwb3phYmVrMg==
HTTP/1.1 207 Multi-Status
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4.2.3.GA (build: SVNTag=JBoss_4_2_3_GA date=200807181439)/JBossWeb-2.0
Date: Wed, 14 Mar 2012 11:00:42 GMT
Content-Type: text/xml;charset=UTF-8
Content-Length: 1166
PUT /OpenKM/webdav/okm_root/PLANOWANIE/2012/PLANOWANIE%20seryjna%20T2.xls HTTP/1.1
Expect: 100-continue
Content-Length: 45056
Content-Type: application/vnd.ms-excel
Host: 127.0.0.1:4433
Connection: Keep-Alive
User-Agent: Cyberduck/4.2.1 (Mac OS X/10.6.8) (i386)
Authorization: Basic bWF0ZXVzemtuYXBpa0B0cmFuc2tldC5wbDpwb3phYmVrMg==
HTTP/1.1 500 Internal Server Error
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4.2.3.GA (build: SVNTag=JBoss_4_2_3_GA date=200807181439)/JBossWeb-2.0
Content-Type: text/html
Transfer-Encoding: chunked
Date: Wed, 14 Mar 2012 11:00:48 GMT
Connection: close
PROPFIND /OpenKM/webdav/okm_root/PLANOWANIE/2012/ HTTP/1.1
Depth: 1
Content-Type: text/xml; charset=utf-8
Content-Length: 99
Host: 127.0.0.1:4433
Connection: Keep-Alive
User-Agent: Cyberduck/4.2.1 (Mac OS X/10.6.8) (i386)
Authorization: Basic bWF0ZXVzemtuYXBpa0B0cmFuc2tldC5wbDpwb3phYmVrMg==
HTTP/1.1 207 Multi-Status
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4.2.3.GA (build: SVNTag=JBoss_4_2_3_GA date=200807181439)/JBossWeb-2.0
Date: Wed, 14 Mar 2012 11:00:52 GMT
Content-Type: text/xml;charset=UTF-8
Content-Length: 16170
I've tested Interarchy and AnyClient and I always get the same results.

Best regards
Mateusz Knapik

Re: WebDAV permissions problem

PostPosted:Thu Mar 15, 2012 6:36 pm
by pavila
Please, detail step by step the process to generate the bug. I'm a bit confused with your explanation.

Re: WebDAV permissions problem

PostPosted:Fri Mar 16, 2012 10:43 am
by mateuszknapik
Ok:
1. User A uploads file test.xls (via site or webdav, it doesn't matter) and sets it's permissions (in Security Tab) to this: http://dl.dropbox.com/u/99833/OpenKM/1.png.
2. User B logs on to OpenKM via WebDAV client (CyberDuck, AnyClient or other) and opens file test.doc.
3. User B tries to upload new version of test.doc (or he opened test.doc to edit, so when he closes Excel, WebDAV client tries to do it).
4. WebDAV client shows error (because user B doesn't have write permission). So far so good. (http://dl.dropbox.com/u/99833/OpenKM/2.png).
5. File is now in checked-out state (http://dl.dropbox.com/u/99833/OpenKM/3.png), so User A can't update it nor cancel check-out state :(

User A and User B are in the same group (have the same User Role).
Here is the output from server console:
Code: Select all
11:28:02,252 INFO  [Server] JBoss (MX MicroKernel) [4.2.3.GA (build: SVNTag=JBoss_4_2_3_GA date=200807181439)] Started in 44s:879ms
11:28:15,716 WARN  [DocConverter] system.openoffice.path not configured
11:28:15,803 WARN  [DocConverter] and also system.openoffice.server not configured
11:30:48,137 INFO  [MultiIndex] updating index with 1 nodes from indexing queue.
11:35:08,410 INFO  [WebDavProtocol] resourceTypeHelper: class com.bradmcevoy.http.webdav.WebDavResourceTypeHelper
11:35:08,410 INFO  [WebDavProtocol] quotaDataAccessor: class com.bradmcevoy.http.quota.DefaultQuotaDataAccessor
11:35:08,421 INFO  [WebDavProtocol] creating default patcheSetter: class com.bradmcevoy.http.webdav.PropertySourcePatchSetter
11:35:08,451 INFO  [HttpManager] PROPFIND :: http://127.0.0.1:8080/OpenKM/webdav/ - http://127.0.0.1:8080/OpenKM/webdav/
11:35:13,354 INFO  [HttpManager] PROPFIND :: http://127.0.0.1:8080/OpenKM/webdav/okm_root/ - http://127.0.0.1:8080/OpenKM/webdav/okm_root/
11:38:10,026 INFO  [HttpManager] GET :: http://127.0.0.1:8080/OpenKM/webdav/okm_root/test.xls - http://127.0.0.1:8080/OpenKM/webdav/okm_root/test.xls
11:38:16,828 INFO  [HttpManager] PUT :: http://127.0.0.1:8080/OpenKM/webdav/okm_root/test.xls - http://127.0.0.1:8080/OpenKM/webdav/okm_root/test.xls
11:38:17,248 WARN  [DirectDocumentModule] /okm:root/test.xls/okm:content/jcr:lastModified: not allowed to add or modify item
javax.jcr.AccessDeniedException: /okm:root/test.xls/okm:content/jcr:lastModified: not allowed to add or modify item
	at org.apache.jackrabbit.core.ItemImpl.validateTransientItems(ItemImpl.java:407)
	at org.apache.jackrabbit.core.ItemImpl.save(ItemImpl.java:1083)
	at com.openkm.module.base.BaseDocumentModule.setContent(BaseDocumentModule.java:361)
	at com.openkm.module.direct.DirectDocumentModule.setContent(DirectDocumentModule.java:491)
	at com.openkm.api.OKMDocument.setContent(OKMDocument.java:222)
	at com.openkm.webdav.resource.FolderResource.createNew(FolderResource.java:201)
	at com.bradmcevoy.http.http11.PutHandler.processCreate(PutHandler.java:166)
	at com.bradmcevoy.http.http11.PutHandler.process(PutHandler.java:141)
	at com.bradmcevoy.http.StandardFilter.process(StandardFilter.java:32)
	at com.bradmcevoy.http.FilterChain.process(FilterChain.java:21)
	at com.bradmcevoy.http.HttpManager.process(HttpManager.java:174)
	at com.openkm.webdav.WebDavService.handleRequest(WebDavService.java:65)
	at com.openkm.webdav.WebDAVFilter.handleRequest(WebDAVFilter.java:77)
	at com.openkm.webdav.WebDAVFilter.doFilter(WebDAVFilter.java:56)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
	at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
	at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:182)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:432)
	at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
	at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262)
	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
	at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
	at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446)
	at java.lang.Thread.run(Thread.java:680)
11:38:17,249 WARN  [JCRUtils] node == NULL
11:38:17,249 ERROR [StandardFilter] process
java.lang.RuntimeException: Failed to create: /okm:root/test.xls/okm:content/jcr:lastModified: not allowed to add or modify item
	at com.openkm.webdav.resource.FolderResource.createNew(FolderResource.java:225)
	at com.bradmcevoy.http.http11.PutHandler.processCreate(PutHandler.java:166)
	at com.bradmcevoy.http.http11.PutHandler.process(PutHandler.java:141)
	at com.bradmcevoy.http.StandardFilter.process(StandardFilter.java:32)
	at com.bradmcevoy.http.FilterChain.process(FilterChain.java:21)
	at com.bradmcevoy.http.HttpManager.process(HttpManager.java:174)
	at com.openkm.webdav.WebDavService.handleRequest(WebDavService.java:65)
	at com.openkm.webdav.WebDAVFilter.handleRequest(WebDAVFilter.java:77)
	at com.openkm.webdav.WebDAVFilter.doFilter(WebDAVFilter.java:56)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
	at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
	at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:182)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:432)
	at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
	at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262)
	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
	at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
	at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446)
	at java.lang.Thread.run(Thread.java:680)
Caused by: com.openkm.core.AccessDeniedException: /okm:root/test.xls/okm:content/jcr:lastModified: not allowed to add or modify item
	at com.openkm.module.direct.DirectDocumentModule.setContent(DirectDocumentModule.java:505)
	at com.openkm.api.OKMDocument.setContent(OKMDocument.java:222)
	at com.openkm.webdav.resource.FolderResource.createNew(FolderResource.java:201)
	... 27 more
Caused by: javax.jcr.AccessDeniedException: /okm:root/test.xls/okm:content/jcr:lastModified: not allowed to add or modify item
	at org.apache.jackrabbit.core.ItemImpl.validateTransientItems(ItemImpl.java:407)
	at org.apache.jackrabbit.core.ItemImpl.save(ItemImpl.java:1083)
	at com.openkm.module.base.BaseDocumentModule.setContent(BaseDocumentModule.java:361)
	at com.openkm.module.direct.DirectDocumentModule.setContent(DirectDocumentModule.java:491)
	... 29 more
11:45:12,985 INFO  [HttpManager] PUT :: http://127.0.0.1:8080/OpenKM/webdav/okm_root/test.xls - http://127.0.0.1:8080/OpenKM/webdav/okm_root/test.xls
11:45:13,012 ERROR [DirectDocumentModule] Node locked.
javax.jcr.lock.LockException: Node locked.
	at org.apache.jackrabbit.core.lock.XAEnvironment.lock(XAEnvironment.java:146)
	at org.apache.jackrabbit.core.lock.XALockManager.lock(XALockManager.java:78)
	at org.apache.jackrabbit.core.lock.SessionLockManager.lock(SessionLockManager.java:160)
	at org.apache.jackrabbit.core.NodeImpl.lock(NodeImpl.java:4655)
	at com.openkm.module.direct.DirectDocumentModule.checkout(DirectDocumentModule.java:728)
	at com.openkm.api.OKMDocument.checkout(OKMDocument.java:162)
	at com.openkm.webdav.resource.FolderResource.createNew(FolderResource.java:200)
	at com.bradmcevoy.http.http11.PutHandler.processCreate(PutHandler.java:166)
	at com.bradmcevoy.http.http11.PutHandler.process(PutHandler.java:141)
	at com.bradmcevoy.http.StandardFilter.process(StandardFilter.java:32)
	at com.bradmcevoy.http.FilterChain.process(FilterChain.java:21)
	at com.bradmcevoy.http.HttpManager.process(HttpManager.java:174)
	at com.openkm.webdav.WebDavService.handleRequest(WebDavService.java:65)
	at com.openkm.webdav.WebDAVFilter.handleRequest(WebDAVFilter.java:77)
	at com.openkm.webdav.WebDAVFilter.doFilter(WebDAVFilter.java:56)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
	at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
	at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:182)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:432)
	at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
	at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262)
	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
	at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
	at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446)
	at java.lang.Thread.run(Thread.java:680)
11:45:13,013 ERROR [StandardFilter] process
java.lang.RuntimeException: Failed to create: Node locked.
	at com.openkm.webdav.resource.FolderResource.createNew(FolderResource.java:225)
	at com.bradmcevoy.http.http11.PutHandler.processCreate(PutHandler.java:166)
	at com.bradmcevoy.http.http11.PutHandler.process(PutHandler.java:141)
	at com.bradmcevoy.http.StandardFilter.process(StandardFilter.java:32)
	at com.bradmcevoy.http.FilterChain.process(FilterChain.java:21)
	at com.bradmcevoy.http.HttpManager.process(HttpManager.java:174)
	at com.openkm.webdav.WebDavService.handleRequest(WebDavService.java:65)
	at com.openkm.webdav.WebDAVFilter.handleRequest(WebDAVFilter.java:77)
	at com.openkm.webdav.WebDAVFilter.doFilter(WebDAVFilter.java:56)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
	at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
	at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:182)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:432)
	at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
	at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262)
	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
	at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
	at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446)
	at java.lang.Thread.run(Thread.java:680)
Caused by: com.openkm.core.LockException: Node locked.
	at com.openkm.module.direct.DirectDocumentModule.checkout(DirectDocumentModule.java:747)
	at com.openkm.api.OKMDocument.checkout(OKMDocument.java:162)
	at com.openkm.webdav.resource.FolderResource.createNew(FolderResource.java:200)
	... 27 more
Caused by: javax.jcr.lock.LockException: Node locked.
	at org.apache.jackrabbit.core.lock.XAEnvironment.lock(XAEnvironment.java:146)
	at org.apache.jackrabbit.core.lock.XALockManager.lock(XALockManager.java:78)
	at org.apache.jackrabbit.core.lock.SessionLockManager.lock(SessionLockManager.java:160)
	at org.apache.jackrabbit.core.NodeImpl.lock(NodeImpl.java:4655)
	at com.openkm.module.direct.DirectDocumentModule.checkout(DirectDocumentModule.java:728)
	... 29 more

Re: WebDAV permissions problem

PostPosted:Tue Mar 20, 2012 10:23 am
by pavila
I think now I understand the problem: user B checkouts a document but the does not have write permission so, this should be forbidden. Isn't it?

Re: WebDAV permissions problem

PostPosted:Tue Mar 20, 2012 10:46 am
by mateuszknapik
Yes, that's the problem :)

Re: WebDAV permissions problem

PostPosted:Mon Apr 02, 2012 12:11 pm
by pavila
Can you try with a recent night build? I'm not able to reproduce the problem with WebDrive under Windows 7.
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited