Re: Why need read privilege on upstream folders to achieve a writ e permission
Thanks for answer, James. But our requirement is something different, our problem is: 1. privileges on folders SHOULD be inherited automatically, this is the requirement for example, > > > A - grant read to authenticated (gives all valid users access) > > > B1 - nothing. inherits from A. > > > C1 - grant write to Carl > > > B2 - grant read to root (make sure someone has access) > > > - deny read to authenticated (makes this private) If user Allen has privilege on A, then automatically, he should have access to B1, C1 and other A's subfolders. 2. Now I want to grant write privilege on C1 to Carl, Slide said we have to assign read on A and B1 to Carl to make this work. 3. When we assign read on A and B1 to Carl, because Slide will always assign an INHERITABLE privilege, Carl will has INHERITABLE read privilege on A. If we don't set deny on B2, then B2 will become readable to Carl - this is not what we want. 4. So I've to set Deny on B2. The problem is if I set Deny to authenticated to B2, then Allen will not see B2 anymore, this is not what we want. 5. So in order to let Allen able to see B2, we will assign read privilege on B2 to Allen explicitly, which means we can't using Slide's INHERITANCE to implement our requirement's inheritance. For each inheritance we need, we will have to, in silde, to assign privileges to user explicitly. Now you see our problem? :-( Thanks again for all your quick replys. regards, Jun - Do You Yahoo!? 150万曲MP3疯狂搜,带您闯入音乐殿堂 美女明星应有尽有,搜遍美图、艳图和酷图 1G就是1000兆,雅虎电邮自助扩容!
Re: roles and groups
Thanks, I see. I haven't tested it, but why is not possible to use both? The reason I asked is because we need a feature present in some CMS or PDM systems in which users take a role on login. For the duration of that session the user only belongs to that one role. So I was thinking that groups could be used for static groupings and roles for this type of dynamic grouping. As far as configuration, a user belongs to one or more groups and one or more roles. But the list of roles are only the list of allowed roles, only one (or maybe a set) is taken on a particular session. I didn't think Slide supported this, but I was hoping that both groups and roles could be used concurrently. And then I could somehow hack this functionality in. The mechanism to assign this role to a session will probably be non-standard. I don't think WebDAV has a standard way to support this kind of extension, so only a custom client could use this functionality. However, it's possible to fallback to a default role for standard WebDAV clients. Carlos Andrey Shulinsky wrote: Hi, Carlos! Normally, you could use Groups OR Roles but not both: http://www.mail-archive.com/[EMAIL PROTECTED]/msg04553.html AFAIK, this has not been changed since the aforementioned letter. Yours sincerely, Andrey. -Original Message- From: Slide Users Mailing List [mailto:[EMAIL PROTECTED] Sent: Thursday, August 12, 2004 11:31 PM To: [EMAIL PROTECTED] Subject: roles and groups Importance: Low Hi, I've seen groups mentioned somewhere in the docs or in the code itself. It seems Slide has support for groups in addition to roles. Is that functional and what's the different between groups and roles as far as Slide is concerned. Carlos - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Why need read privilege on upstream folders to achieve a writ e permission
That is correct. You have a lot of choices to make when you setup your permissioning. There are tradeoffs which ever way you choose. Usually though, when you start talking about specifics you find that one approach makes more sense than the others. For instance you may find that all users need read access to A and B1, but only users in department X33 need access to B2 and only the one guy in the basement ever makes changes to C1. Note below: Yong Hu wrote: A - grant read to authenticated (gives all valid users access) B1 - nothing. inherits from A. C1 - grant write to Carl B2 - grant read to root (make sure someone has access) - deny read to authenticated (makes this private) However, if we set "deny read to authenticated" to B2, we are unable to have B2 inherit some privileges it ought to inherit. For example, if user Allen has read privilege on A and we wish this privilege can be inherited to all A's subfolders. Now we have a new user Carl and we want to assign write on C1 to him. If we follow your way to implement, then the result is A will lose the read privilege on B2. Is this correct? You can deny read access on B2 to Carl directly, if you want. By denying access to authenticated you're essentially saying "this section is private and has its own set of access permissions separate from the rest of the tree". -James regards, Jun - Do You Yahoo!? 150äæMP3ççæïåæéåéäæå çåææåæåæïæéçåãèååéå 1Gåæ1000åïéèçéèåæåï - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Why need read privilege on upstream folders to achieve a writ e permission
A - grant read to authenticated (gives all valid users access) B1 - nothing. inherits from A. C1 - grant write to Carl B2 - grant read to root (make sure someone has access) - deny read to authenticated (makes this private) However, if we set "deny read to authenticated" to B2, we are unable to have B2 inherit some privileges it ought to inherit. For example, if user Allen has read privilege on A and we wish this privilege can be inherited to all A's subfolders. Now we have a new user Carl and we want to assign write on C1 to him. If we follow your way to implement, then the result is A will lose the read privilege on B2. Is this correct? regards, Jun - Do You Yahoo!? 150万曲MP3疯狂搜,带您闯入音乐殿堂 美女明星应有尽有,搜遍美图、艳图和酷图 1G就是1000兆,雅虎电邮自助扩容!
Re: Why need read privilege on upstream folders to achieve a writ e permission
Something like this should work: A - grant read to authenticated (gives all valid users access) B1 - nothing. inherits from A. C1 - grant write to Carl B2 - grant read to root (make sure someone has access) - deny read to authenticated (makes this private) When you add Carl as a user he will automatically have read access to A, B1 and C1. You'll need to grant explicit write access to C1, however. -James Yong Hu wrote: James, Thanks for the reply. But I don't quite understand you. 1. Are you doing this manually or with code? 2. If you are doing this with code, then for example, I've a doc tree like: A - B1 - C1 - B2 Now I have a new user Carl and I want to assign write privilege on C1 to Carl, and because Carl is a new user, he has no privileges to the whole doc tree yet. So could you pls tell me what your code will do to end up with having Carl able to write in C1 while he has no privilege in B2 and other folders (other than A and B1). Thanks a lot. regards, Jun - Do You Yahoo!? 150äæMP3ççæïåæéåéäæå çåææåæåæïæéçåãèååéå 1Gåæ1000åïéèçéèåæåï - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: roles and groups
Hi, Carlos! Normally, you could use Groups OR Roles but not both: http://www.mail-archive.com/[EMAIL PROTECTED]/msg04553.html AFAIK, this has not been changed since the aforementioned letter. Yours sincerely, Andrey. > -Original Message- > From: Slide Users Mailing List [mailto:[EMAIL PROTECTED] > Sent: Thursday, August 12, 2004 11:31 PM > To: [EMAIL PROTECTED] > Subject: roles and groups > Importance: Low > > Hi, > > I've seen groups mentioned somewhere in the docs or in the > code itself. > It seems Slide has support for groups in addition to roles. > > Is that functional and what's the different between groups > and roles as far as Slide is concerned. > > Carlos > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
roles and groups
Hi, I've seen groups mentioned somewhere in the docs or in the code itself. It seems Slide has support for groups in addition to roles. Is that functional and what's the different between groups and roles as far as Slide is concerned. Carlos - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Why need read privilege on upstream folders to achieve a writ e permission
James, Thanks for the reply. But I don't quite understand you. 1. Are you doing this manually or with code? 2. If you are doing this with code, then for example, I've a doc tree like: A - B1 - C1 - B2 Now I have a new user Carl and I want to assign write privilege on C1 to Carl, and because Carl is a new user, he has no privileges to the whole doc tree yet. So could you pls tell me what your code will do to end up with having Carl able to write in C1 while he has no privilege in B2 and other folders (other than A and B1). Thanks a lot. regards, Jun - Do You Yahoo!? 150万曲MP3疯狂搜,带您闯入音乐殿堂 美女明星应有尽有,搜遍美图、艳图和酷图 1G就是1000兆,雅虎电邮自助扩容!
Authorization without authentication with Slide2.1B1
Hi, I just installed Slide2.1B1 and having problems with authorization if I switch off the authentication. In Slide 2.1M1 it worked fine. After switching off the authentication by deleting all security elements from web.xml, I can let all users in through Tomcat. But the problem is that if authentication is dis-abled, Slide2.1B1 is taking "unauthenticated" as the principal. I am using webdav client to connect to Slide and I make sure that I set username and password before connecting. Here is the code: Note that I set the userinfo for HttpURL using the call: httpURL.setUserinfo(sRootUser, sRootPwd); Slide 2.1 M1 was taking this user as principal for authorization although Tomcat did not authenticate this user. I was expecting similar behaviour from Slide2.1B1. Is this a bug or has the functionality changed? Should I create a BugZilla issue for this? Can anyone validate if this has been noticed with Slide2.1B1? We want to do custom authentication in web application, which invokes slide from within it. We want to dis-able slide authentication completely, although we want to use the rich authorization features. Is it possible to do this without touching/extending code on the slide server? Any help would be appreciated ... /* Code to connect to slide using Webdav client, picked up from commandline client code **/ private boolean connect(String sURI) throws IOException { if (!sURI.endsWith("/") && !sURI.endsWith("\\")) { // append / to the path sURI+="/"; } // Trace to terminal write("connect " + sURI + "@" + sRootUser + "/" + sRootPwd); try { // Set up for processing WebDAV resources httpURL = uriToHttpURL(sURI); // Set user and pwd for HttpURL httpURL.setUserinfo(sRootUser, sRootPwd); httpURL.setUser("root"); httpURL.setPassword("root"); if (webDavResource == null) { webDavResource = new WebdavResource(httpURL); webDavResource.setDebug(getDebugLevel()); /* Why should I not allow connections to files // is not a collection? if (!((ResourceTypeProperty)webDavResource.getResourceType()).isCollection()) { webDavResource = null; httpURL = null; write("Error: " + sURI + " is not a collection! Use open/connect only for collections!"); return false; } */ } else { webDavResource.close(); webDavResource.setHttpURL(httpURL); } } catch (HttpException we) { write("HttpException.getReasonCode(): "+ we.getReasonCode()); httpURL = null; if(webDavResource != null) { webDavResource.close(); webDavResource = null; } return false; } return true; } thanks, Krishna Krishna Kankipati Software Engineer SSA Global * 1626 Cole Blvd. Golden, CO 80401, USA * 303-274-3027 Fax:303-274-3137 * [EMAIL PROTECTED]
Re: Cache refresh notification in two different instance of Slide running on different boxes.
Can you explain what you mean by the term "clustered environment"? You can setup a Slide instance to notify itself when something changes, but that wouldn't make much sense. -James Daniel Varghese wrote: So What I undestood after a long discussion thru mail, cache refresh notification is possible only if there is a clustered environment. If I'm wrong please correct me. On Wed, 11 Aug 2004 12:11:03 -0700, James Mason <[EMAIL PROTECTED]> wrote: Just to clarify this, you no longer need to set the cache-mode parameter to cluster. You can actually remove the parameter entirely. Clustering is now enabled using an event listener. See the wiki for details. -James Warwick Burrows wrote: That was my understanding too, Carlos. James has improved the cluster cache solution to send updates notifications to the cluster participants. Cache update notifications are only sent when you are running in clustered mode as that is the only operating mode in which sending the notifications makes sense. It is also the case that caching in clustered mode, to my understanding, is now enabled. Clustered cache mode in 2.1 M1 meant simply that the global cache was turned off altogether so that no caching was done. This was to get around the problem of an update in one servers cache not being reflected in the caches of the rest of the servers in the cluster. Now, because of James addition of cache update notifications for cluster participants the global cache now works and is turned on for clustered mode. Daniel, is there a downside to running in clustered mode that you specifically don't want? Warwick -Original Message- From: Carlos Villegas [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 11, 2004 11:21 AM To: Slide Users Mailing List Subject: Re: Cache refresh notification in two different instance of Slide running on different boxes. Well, I don't know about the synchronization feature but I would think that it's not possible to synchronize caches if the servers are not configured in a special mode which allows that. My understanding is that that special mode is precisely the clustering feature. Thus you can't have one without the other. Well, maybe I'm wrong and there's another mode of operation... Carlos Daniel Varghese wrote: Hello James, Once again I will tell you, what I'm looking for We have two instance of Slide running on two different Unix boxes and I'm not planing to use Cluster, In this senario how do we notify the cache information between different server instances. So How do I configure this in Domain.xml for cache synchronization refresh between servers. rgds Daniel - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Why need read privilege on upstream folders to achieve a writ e permission
This is true. What I've ended up doing is granting read privileges to all at the root level and then denying read to all for sections that should be private. Before you deny everyone read permissions, though, be sure to explicitly grant read to someone who has write access as well. Otherwise you lock yourself out of that collection. -James Yong Hu wrote: Peter, Thanks for your reply. So you are telling me if I want to assign write privilege to a folder, I will have to assign read privileges to all its upstream folders to make that write privilege work, is it correct? But this brings another problem, if I assign the read privileges on those upstream folders using webdav client, I found those read privileges are assigned with "inheritable=true", it's hard coded in the source NodePermission np = new NodePermission(objectUri, subjectUri, actionUri, true, negative); I don't have a chance to grant a non-inheritable read privilege to those upstream folders. So this means if I want to grant user a write privilege on some folder, then the whole slide document repository will become readable by this user (because all the folders will have inherited read privilege). Is this true? Or I have some misunderstanding there? Thanks for the help. regards, Jun - Do You Yahoo!? 150äæMP3ççæïåæéåéäæå çåææåæåæïæéçåãèååéå 1Gåæ1000åïéèçéèåæåï - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to find out about roles (see 16.-19. July) still no solution
[EMAIL PROTECTED] wrote: Hi there, I still have the problem that I don't get the group-member-set property. Nothing helped so far, also a lot of people replied. Here is a list what was posted yet: - It's because of the commandline client. it can not display XML. But I also don't get it when using the java client api. No chance. I see that there is a property, but the String's always empty The problem was in the webdav library, not the commandline client. Since the client uses the library it effected both, though. - One pointed out that in HIS version it works well. Ok I thought, I'm using 2.0 Maybe it's already fixed in 2.1. But when updating to 2.1, the problem still exists. No change at all. Did you upgrade to 2.1M1 or 2.1b1? It should be fixed in the latest beta release. -James - Others posted, that I should just write a custom store, or add some help nodes below the collection of that role, keeping the users in that role. I can not work with that, as my Client is a CLIENT not a server. I don't wnat to touch the server side, so that I can log into any slide server, or even other acl webdav servers, if there are any. - James Mason said it IS actually returned, but not with a propgetall response but only with a propget request for a single property and that this behaviour could be disabled in the web.xml of slide. I disabled it and I do a propfind on that very specific property (not a propgetall) and still I only get empty Strings. Or, to be exact, it is Strings with a lot of spaces in it. Actualy there is something, because when I misspell the property name I dond't get that empty Strings. So is it possible that the client api can not display the xml stuff either?? My test-code for this property looks like that: WebdavResource resource=...; try { Enumeration enum=resource.propfindMethod("DAV:group-member-jet"); if (enum!=null&&enum.hasMoreElements()) { while (enum.hasMoreElements()) { out.write((String)enum.nextElement()+""); } } else out.write("enum was empty!"); } catch ( Exception e){ out.write(e.toString());} Do I have to use different methods of WebdavResource, or do I have to specify the property name differently? I realy need to find out how to get this thing, and it seems some of you did already. Please help. I'm already over the time for this project and I realy got stuck on that thing. Regards, Frank - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: write implies write-acl?
Carlos Villegas wrote: James Mason wrote: Guido Casper wrote: Carlos Villegas wrote: James Mason wrote: There seems to be some bug on writing ACLs through the command line client. But I think it's a different issue. Sometimes all the non-inherited ACEs are deleted when I issue a grant command and afterwards only the one granted remains. Which version of the client and server are you using? There was a bug in the server that could cause this, but it should be squashed in the latest release (2.1b1). 2.0. I'll upgrade during the following days and I'll report whether the issue is still there. Hmm, isn't this the way supposed to be (on the server)? You always have to specify all your ACEs. If you want to add an ACE you have to read the ACL, add the ACE and submit the new complete ACL. So this shouldn't really be an issue on the server? The problem was the inherritedFrom field on an ace was being set to the uri of the object. This would confuse the client (and maybe the server) since if that property is set it assumes that the ace can't be changed/removed (since it's inheritted). You end up in a situation where you add an ace and any old aces get ignored during the proppath (since they're "inherrited") and the acl ends up containing only the last ace you added. -James Yes, that's exactly the problem. I noticed this and thought it was odd, so I removed the inherited field on the custom GUI client I'm writing if the inheritedFrom maches the current uri. That's why my custom client was working correctly but the slide command line client was not. I had forgotten I implemented that workaround. I assume this is now fixed in the latest release and I don't need my workaround anymore. I assume that too :). It's working for me at least. -James Carlos - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Error on 2.1M1 domain.xml in Slide 2.1b1
Hi All, My old domain.xml is throwing ObjectNotFoundException exceptions with the new version os Slide 2.1b1. Can anyone advise me as to why this is occuring? The stack trace is as follows (see domain.xml attached). 12 Aug 2004 15:45:22 - org.apache.slide.common.XMLUnmarshaller - INFO - Loading object / 12 Aug 2004 15:45:22 - org.apache.slide.store.impl.rdbms.StandardRDBMSAdapter - ERROR - Failed to insert permission (/,/roles/root,all) 12 Aug 2004 15:45:22 - org.apache.slide.store.impl.rdbms.StandardRDBMSAdapter - ERROR - Failed to insert permission (/,all,/actions/read-acl) 12 Aug 2004 15:45:22 - org.apache.slide.store.impl.rdbms.StandardRDBMSAdapter - ERROR - Failed to insert permission (/,all,/actions/write-acl) 12 Aug 2004 15:45:22 - org.apache.slide.store.impl.rdbms.StandardRDBMSAdapter - ERROR - Failed to insert permission (/,all,/actions/unlock) 12 Aug 2004 15:45:22 - org.apache.slide.store.impl.rdbms.StandardRDBMSAdapter - ERROR - Failed to insert permission (/,all,/actions/read) 12 Aug 2004 15:45:22 - org.apache.slide.common.XMLUnmarshaller - INFO - Loading object /users 12 Aug 2004 15:45:22 - org.apache.slide.common.XMLUnmarshaller - WARNING - org.apache.slide.structure.ObjectNotFoundException: No object found at / org.apache.slide.structure.ObjectNotFoundException: No object found at / at org.apache.slide.store.impl.rdbms.StandardRDBMSAdapter.storeObject(StandardRDBMSAdapter.java:90) at org.apache.slide.store.impl.rdbms.AbstractRDBMSStore.storeObject(AbstractRDBMSStore.java:431) at org.apache.slide.store.AbstractStore.storeObject(AbstractStore.java:639) at org.apache.slide.store.ExtendedStore.storeObject(ExtendedStore.java:590) at org.apache.slide.structure.StructureImpl.store(StructureImpl.java:491) at org.apache.slide.structure.StructureImpl.create(StructureImpl.java:379) at org.apache.slide.common.XMLUnmarshaller.loadObjectNode(XMLUnmarshaller.java:158) at org.apache.slide.common.XMLUnmarshaller.loadObjectNode(XMLUnmarshaller.java:280) at org.apache.slide.common.XMLUnmarshaller.unmarshal(XMLUnmarshaller.java:90) at org.apache.slide.common.NamespaceAccessTokenImpl.importData(NamespaceAccessTokenImpl.java:272) at org.apache.slide.common.Namespace.loadBaseData(Namespace.java:804) at org.apache.slide.common.Domain.initNamespace(Domain.java:845) at org.apache.slide.common.Domain.init(Domain.java:432) at org.apache.slide.common.Domain.init(Domain.java:366) at org.apache.slide.common.Domain.init(Domain.java:329) at org.apache.slide.webdav.WebdavServlet.init(WebdavServlet.java:263) at javax.servlet.GenericServlet.init(GenericServlet.java:211) at org.apache.slide.webdav.WebdavServlet.init(WebdavServlet.java:205) at net.sf.jexus.server.slide.JexusWebdavServlet.init(JexusWebdavServlet.java:47) at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1019) at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:862) at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:3991) at org.apache.catalina.core.StandardContext.start(StandardContext.java:4335) at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:823) at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:807) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:595) at org.apache.catalina.core.StandardHostDeployer.addChild(StandardHostDeployer.java:903) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:324) at org.apache.commons.beanutils.MethodUtils.invokeMethod(MethodUtils.java:252) at org.apache.commons.digester.SetNextRule.end(SetNextRule.java:256) at org.apache.commons.digester.Rule.end(Rule.java:276) at org.apache.commons.digester.Digester.endElement(Digester.java:1058) at org.apache.catalina.util.CatalinaDigester.endElement(CatalinaDigester.java:76) at org.apache.xerces.parsers.AbstractSAXParser.endElement(Unknown Source) at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanEndElement(Unknown Source) at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch(Unknown Source) at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown Source) at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source) at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source) at org.apache.xerces.parsers.XMLParser.parse(Unknown Source) at org.apache.xerces.parsers.AbstractSAXParser.parse(Unknown Source) at org.apache.commons.digester.Digester.parse(Digester.java:1567) at org.apache.catalina.core.StandardHostDeployer.install(StandardHostDeployer.java:488) at org.apache.catalina.core.StandardHost.install(StandardHost.java:863) at org.apache.catalina.startup.
Re: Re: Cache refresh notification in two different instance of Slide running on different boxes.
So What I undestood after a long discussion thru mail, cache refresh notification is possible only if there is a clustered environment. If I'm wrong please correct me. On Wed, 11 Aug 2004 12:11:03 -0700, James Mason <[EMAIL PROTECTED]> wrote: > Just to clarify this, you no longer need to set the cache-mode parameter > to cluster. You can actually remove the parameter entirely. > > Clustering is now enabled using an event listener. See the wiki for details. > > -James > > > > Warwick Burrows wrote: > > > That was my understanding too, Carlos. James has improved the cluster cache > > solution to send updates notifications to the cluster participants. Cache > > update notifications are only sent when you are running in clustered mode as > > that is the only operating mode in which sending the notifications makes > > sense. > > > > It is also the case that caching in clustered mode, to my understanding, is > > now enabled. Clustered cache mode in 2.1 M1 meant simply that the global > > cache was turned off altogether so that no caching was done. This was to get > > around the problem of an update in one servers cache not being reflected in > > the caches of the rest of the servers in the cluster. Now, because of James > > addition of cache update notifications for cluster participants the global > > cache now works and is turned on for clustered mode. > > > > Daniel, is there a downside to running in clustered mode that you > > specifically don't want? > > > > Warwick > > > > > > -Original Message- > > From: Carlos Villegas [mailto:[EMAIL PROTECTED] > > Sent: Wednesday, August 11, 2004 11:21 AM > > To: Slide Users Mailing List > > Subject: Re: Cache refresh notification in two different instance of Slide > > running on different boxes. > > > > > > Well, I don't know about the synchronization feature but I would think > > that it's not possible to synchronize caches if the servers are not > > configured in a special mode which allows that. My understanding is that > > that special mode is precisely the clustering feature. Thus you can't > > have one without the other. > > > > Well, maybe I'm wrong and there's another mode of operation... > > > > Carlos > > > > Daniel Varghese wrote: > > > > > >>Hello James, > >> > >>Once again I will tell you, what I'm looking for > >> > >>We have two instance of Slide running on two different Unix boxes > > > > and > > > >>I'm not planing to use Cluster, In this senario how do we notify the > >>cache information between different server instances. > >> > >>So How do I configure this in Domain.xml for cache synchronization > >>refresh between servers. > >> > >>rgds > >>Daniel > >> > >> > >> > > > > > > > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to find out about roles (see 16.-19. July) still no solution
[EMAIL PROTECTED] wrote: Hi Ingo, Hm, when I use a property that works (e.g. "displayname") it makes no difference wheither I add "DAV:" or not. Both work fine. What exactly do you mean by "or better use a PropertyName" ? Isn't "group-member-set" a property name? I'm not so familiar with the expressions used when talking about slide and webdav. One thing I noticed in WebdavResource is that at least one of the propfindMethod 's returns return an enumeration of Property.getPropertyAsString() instead of Property objects or Responses. Depending on the property type, the client lib returns a different Property class that may not get handled correctly by converting it to String. I ended up subclassing WebdavResource and implementing my version of propfindMethod the returns a list of Property objects, which I think is better. Well, that might not be the case here. You may modify WebdavResource or subclass it and print out the raw request and response from the server or use a TCP monitor as suggested. Carlos - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: write implies write-acl?
James Mason wrote: Guido Casper wrote: Carlos Villegas wrote: James Mason wrote: There seems to be some bug on writing ACLs through the command line client. But I think it's a different issue. Sometimes all the non-inherited ACEs are deleted when I issue a grant command and afterwards only the one granted remains. Which version of the client and server are you using? There was a bug in the server that could cause this, but it should be squashed in the latest release (2.1b1). 2.0. I'll upgrade during the following days and I'll report whether the issue is still there. Hmm, isn't this the way supposed to be (on the server)? You always have to specify all your ACEs. If you want to add an ACE you have to read the ACL, add the ACE and submit the new complete ACL. So this shouldn't really be an issue on the server? The problem was the inherritedFrom field on an ace was being set to the uri of the object. This would confuse the client (and maybe the server) since if that property is set it assumes that the ace can't be changed/removed (since it's inheritted). You end up in a situation where you add an ace and any old aces get ignored during the proppath (since they're "inherrited") and the acl ends up containing only the last ace you added. -James Yes, that's exactly the problem. I noticed this and thought it was odd, so I removed the inherited field on the custom GUI client I'm writing if the inheritedFrom maches the current uri. That's why my custom client was working correctly but the slide command line client was not. I had forgotten I implemented that workaround. I assume this is now fixed in the latest release and I don't need my workaround anymore. Carlos - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: client-api-problems with WebdavResource.propfindMethod(int depth, java.util.Vector properties)
Frank, I would like to advise you like a hundred people before to capture and post the traffic. That way one quickly can see wheter the client sends some garbage and what response the server sends back. Ingo > Hi Ingo, > > thanks for your help. Seems you already found out how to work with that > api :o) > > But it didn't get me further. > No I fetched the property via > > Vector vec=new Vector(); > org.apache.webdav.lib.PropertyName propName= > new org.apache.webdav.lib.PropertyName("DAV:", "group-member-set"); > vec.add(propName); > Enumeration enum= > > resource.propfindMethod(org.apache.webdav.lib.methods.DepthSupport.DEPTH_INFINITY,vec); > > But all I got is an completly empty org.w3c.dom.Element with not nodes in > it :o( > > I realy don't understand why only this propgetall works, and all more > specific propget fail. I would be ok with the propget all and parsing the > xml myself, but it does only return the group-member-set, when this slide > parameter is set to testing mode. > > I also tried the method only with the vector, without the depth int, but > this returned the same empty String as the one with the String-argument. > > Didn't anybody solve this issue yet?? > Regards, > Frank - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
client-api-problems with WebdavResource.propfindMethod(int depth, java.util.Vector properties)
Hi Ingo, thanks for your help. Seems you already found out how to work with that api :o) But it didn't get me further. No I fetched the property via Vector vec=new Vector(); org.apache.webdav.lib.PropertyName propName= new org.apache.webdav.lib.PropertyName("DAV:", "group-member-set"); vec.add(propName); Enumeration enum= resource.propfindMethod(org.apache.webdav.lib.methods.DepthSupport.DEPTH_INFINITY,vec); But all I got is an completly empty org.w3c.dom.Element with not nodes in it :o( I realy don't understand why only this propgetall works, and all more specific propget fail. I would be ok with the propget all and parsing the xml myself, but it does only return the group-member-set, when this slide parameter is set to testing mode. I also tried the method only with the vector, without the depth int, but this returned the same empty String as the one with the String-argument. Didn't anybody solve this issue yet?? Regards, Frank - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Collactions clash with slide 2.1b and MySql 4.1
I have an error when I install slide and reboot the system. It is repeatable: I canrun slide once, but the second time I have this error and I cannot browse /files or /history. Collaction sweish is the default: I did not set it up myself. 12 Aug 2004 11:23:45 - org.apache.slide.store.impl.rdbms.MySqlRDBMSAdapter - ERROR - SQL error 1267 on /: General error, message from server: "Illegal mix of collations (utf8_general_ci,IMPLICIT) and (latin1_swedish_ci,COERCIBLE) for operation 'substr_index'" org.apache.slide.common.ServiceAccessException: Service [EMAIL PROTECTED] access error : General error, message from server: "Illegal mix of collations (utf8_general_ci,IMPLICIT) and (latin1_swedish_ci,COERCIBLE) for operation 'substr_index'" at org.apache.slide.store.impl.rdbms.MySqlRDBMSAdapter.createException(MySqlRDBMSAdapter.java:66) at org.apache.slide.store.impl.rdbms.StandardRDBMSAdapter.retrieveRevisionDescriptors(StandardRDBMSAdapter.java:942) at org.apache.slide.store.impl.rdbms.AbstractRDBMSStore.retrieveRevisionDescriptors(AbstractRDBMSStore.java:654) at org.apache.slide.store.AbstractStore.retrieveRevisionDescriptors(AbstractStore.java:996) at org.apache.slide.store.ExtendedStore.retrieveRevisionDescriptors(ExtendedStore.java:816) at org.apache.slide.content.ContentImpl.retrieve(ContentImpl.java:168) at org.apache.slide.common.XMLUnmarshaller.loadObjectRevision(XMLUnmarshaller.java:346) at org.apache.slide.common.XMLUnmarshaller.loadDefaultObjectRevision(XMLUnmarshaller.java:313) at org.apache.slide.common.XMLUnmarshaller.loadObjectNode(XMLUnmarshaller.java:243) at org.apache.slide.common.XMLUnmarshaller.unmarshal(XMLUnmarshaller.java:90) at org.apache.slide.common.NamespaceAccessTokenImpl.importData(NamespaceAccessTokenImpl.java:272) at org.apache.slide.common.Namespace.loadBaseData(Namespace.java:804) at org.apache.slide.common.Domain.initNamespace(Domain.java:845) at org.apache.slide.common.Domain.init(Domain.java:432) at org.apache.slide.common.Domain.init(Domain.java:366) at org.apache.slide.common.Domain.init(Domain.java:329) at org.apache.slide.webdav.WebdavServlet.init(WebdavServlet.java:263) at javax.servlet.GenericServlet.init(GenericServlet.java:256) at org.apache.slide.webdav.WebdavServlet.init(WebdavServlet.java:205) at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1019) at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:862) at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:3991) at org.apache.catalina.core.StandardContext.start(StandardContext.java:4335) at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:823) at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:807) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:595) at org.apache.catalina.core.StandardHostDeployer.install(StandardHostDeployer.java:277) at org.apache.catalina.core.StandardHost.install(StandardHost.java:832) at org.apache.catalina.startup.HostConfig.deployWARs(HostConfig.java:613) at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:431) at org.apache.catalina.startup.HostConfig.start(HostConfig.java:964) at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:349) at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1091) at org.apache.catalina.core.StandardHost.start(StandardHost.java:789) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1083) at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:478) at org.apache.catalina.core.StandardService.start(StandardService.java:476) at org.apache.catalina.core.StandardServer.start(StandardServer.java:2298) at org.apache.catalina.startup.Catalina.start(Catalina.java:556) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:324) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:284) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:422) -- Michele Costabile http://proxybar.net - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to find out about roles (see 16.-19. July) still no solution
Ah, I see the problem is the bad documentation of the methods in WebdavResource. I meant you should create a 'new PropertyName("DAV:", "group-member-set")', put that into a Vector "propVec" and then call propfindMethod(DepthSupport.DEPTH_0, propVec). This should yield something you can work with. If unsure search the archive for a code snippet I posted a few days ago for finding out if a resource is checked-out. Regards, Ingo > Hi Ingo, > Hm, when I use a property that works (e.g. "displayname") it makes no > difference wheither I add "DAV:" or not. Both work fine. > What exactly do you mean by "or better use a PropertyName" ? > Isn't "group-member-set" a property name? > I'm not so familiar with the expressions used when talking about slide and > webdav. > > Regards, > Frank - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: How to find out about roles - Now I got something
Hi there again. Now I have something: When I disabled this "extendedAllprop" Parameter in the web.xml of slide, and used the code: Enumeration enum=resource.propfindMethod(org.apache.webdav.lib.methods.DepthSupport.DEPTH_INFINITY); instead of giving the "group-member-set" directly, I get an huge xml result, also including the necessary "group-member-set" information. Somehow, I'm not willing to parse this xml manually. Any idea, how I could request just this property?? In the xml result, the property is some levels inside other properties. How can I tell the propfindMethod(String) method about that levels? I'm realy quite confused, with that mix of objects and xml. I thought I might get the information parsed into objects. But it's just one huge xml-String. I attached the xml String, so that you can see the levels I'm speaking of. XML result of the propfindMethod(org.apache.webdav.lib.methods.DepthSupport.DEPTH_INFINITY) /slide/roles/user user /slide/actions /slide/users/example /slide/users/root
Re: write implies write-acl?
James Mason wrote: Guido Casper wrote: Carlos Villegas wrote: James Mason wrote: There seems to be some bug on writing ACLs through the command line client. But I think it's a different issue. Sometimes all the non-inherited ACEs are deleted when I issue a grant command and afterwards only the one granted remains. Which version of the client and server are you using? There was a bug in the server that could cause this, but it should be squashed in the latest release (2.1b1). 2.0. I'll upgrade during the following days and I'll report whether the issue is still there. Hmm, isn't this the way supposed to be (on the server)? You always have to specify all your ACEs. If you want to add an ACE you have to read the ACL, add the ACE and submit the new complete ACL. So this shouldn't really be an issue on the server? The problem was the inherritedFrom field on an ace was being set to the uri of the object. This would confuse the client (and maybe the server) since if that property is set it assumes that the ace can't be changed/removed (since it's inheritted). You end up in a situation where you add an ace and any old aces get ignored during the proppath (since they're "inherrited") and the acl ends up containing only the last ace you added. Ah, makes sense. Thanks Guido - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: write implies write-acl?
Guido Casper wrote: Carlos Villegas wrote: James Mason wrote: There seems to be some bug on writing ACLs through the command line client. But I think it's a different issue. Sometimes all the non-inherited ACEs are deleted when I issue a grant command and afterwards only the one granted remains. Which version of the client and server are you using? There was a bug in the server that could cause this, but it should be squashed in the latest release (2.1b1). 2.0. I'll upgrade during the following days and I'll report whether the issue is still there. Hmm, isn't this the way supposed to be (on the server)? You always have to specify all your ACEs. If you want to add an ACE you have to read the ACL, add the ACE and submit the new complete ACL. So this shouldn't really be an issue on the server? The problem was the inherritedFrom field on an ace was being set to the uri of the object. This would confuse the client (and maybe the server) since if that property is set it assumes that the ace can't be changed/removed (since it's inheritted). You end up in a situation where you add an ace and any old aces get ignored during the proppath (since they're "inherrited") and the acl ends up containing only the last ace you added. -James Guido - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Need Help for Websphere 5.1
Hi all, If anybody has deployed slide 2.0 binary on the Websphere App Server 5.1 with BASIC authentication then please guide me with steps how to do it. I am able to deploy the binary by disabling the authentication part but When I try put any file or try to create any folder under “files” directory It is giving me Forbidden error (503). I have gone through the previous emails regarding this issue and what I found Is there is no problem in either slide or WAS 5.1, but only some user and role Creation is required to configured in the WAS 5.1 So anybody please help me for the same then it would be great help. Thanks Mihir Sr. Software Engineer SBU: eBiz, Gandhinagar "Imaginations... its limits are only those of the mind itself" _ This e-mail message may contain proprietary, confidential or legally privileged information for the sole use of the person or entity to whom this message was originally addressed. Any review, e-transmission dissemination or other use of or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you have received this e-mail in error kindly delete this e-mail from your records. If it appears that this mail has been forwarded to you without proper authority, please notify us immediately at <[EMAIL PROTECTED] > and delete this mail. __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to find out about roles (see 16.-19. July) still no solution
Hi Ingo, Hm, when I use a property that works (e.g. "displayname") it makes no difference wheither I add "DAV:" or not. Both work fine. What exactly do you mean by "or better use a PropertyName" ? Isn't "group-member-set" a property name? I'm not so familiar with the expressions used when talking about slide and webdav. Regards, Frank - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to find out about roles (see 16.-19. July) still no solution
One thing that strikes me immediately when looking over your post is the argument to propfindMethod() "DAV:group-member-set". Either omit the namespace or better use a PropertyName. Ingo > Hi there, > I still have the problem that I don't get the group-member-set property. > Nothing helped so far, also a lot of people replied. > > Here is a list what was posted yet: > > - It's because of the commandline client. it can not display XML. > But I also don't get it when using the java client api. No chance. I see > that there is a property, but the String's always empty > > - One pointed out that in HIS version it works well. Ok I thought, I'm > using 2.0 Maybe it's already fixed in 2.1. > But when updating to 2.1, the problem still exists. No change at all. > > - Others posted, that I should just write a custom store, or add some help > nodes below the collection of that role, keeping the users in that role. > I can not work with that, as my Client is a CLIENT not a server. I don't > wnat to touch the server side, so that I can log into any slide server, or > even other acl webdav servers, if there are any. > > - James Mason said it IS actually returned, but not with a propgetall > response but only with a propget request for a single property and that > this behaviour could be disabled in the web.xml of slide. I disabled it > and I do a propfind on that very specific property (not a propgetall) and > still I only get empty Strings. Or, to be exact, it is Strings with a lot > of spaces in it. Actualy there is something, because when I misspell the > property name I dond't get that empty Strings. > > So is it possible that the client api can not display the xml stuff either?? > My test-code for this property looks like that: > >WebdavResource resource=...; >try { > Enumeration enum=resource.propfindMethod("DAV:group-member-jet"); > if (enum!=null&&enum.hasMoreElements()) { > while (enum.hasMoreElements()) { > out.write((String)enum.nextElement()+""); > } > } > else out.write("enum was empty!"); >} >catch ( Exception e){ out.write(e.toString());} > > Do I have to use different methods of WebdavResource, or do I have to > specify the property name differently? > I realy need to find out how to get this thing, and it seems some of you > did already. Please help. > I'm already over the time for this project and I realy got stuck on that > thing. > Regards, > Frank - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Why need read privilege on upstream folders to achieve a writ e permission
Peter, Thanks for your reply. So you are telling me if I want to assign write privilege to a folder, I will have to assign read privileges to all its upstream folders to make that write privilege work, is it correct? But this brings another problem, if I assign the read privileges on those upstream folders using webdav client, I found those read privileges are assigned with "inheritable=true", it's hard coded in the source NodePermission np = new NodePermission(objectUri, subjectUri, actionUri, true, negative); I don't have a chance to grant a non-inheritable read privilege to those upstream folders. So this means if I want to grant user a write privilege on some folder, then the whole slide document repository will become readable by this user (because all the folders will have inherited read privilege). Is this true? Or I have some misunderstanding there? Thanks for the help. regards, Jun - Do You Yahoo!? 150万曲MP3疯狂搜,带您闯入音乐殿堂 美女明星应有尽有,搜遍美图、艳图和酷图 1G就是1000兆,雅虎电邮自助扩容!
RE: How to find out about roles (see 16.-19. July) still no solution
Hi there, I still have the problem that I don't get the group-member-set property. Nothing helped so far, also a lot of people replied. Here is a list what was posted yet: - It's because of the commandline client. it can not display XML. But I also don't get it when using the java client api. No chance. I see that there is a property, but the String's always empty - One pointed out that in HIS version it works well. Ok I thought, I'm using 2.0 Maybe it's already fixed in 2.1. But when updating to 2.1, the problem still exists. No change at all. - Others posted, that I should just write a custom store, or add some help nodes below the collection of that role, keeping the users in that role. I can not work with that, as my Client is a CLIENT not a server. I don't wnat to touch the server side, so that I can log into any slide server, or even other acl webdav servers, if there are any. - James Mason said it IS actually returned, but not with a propgetall response but only with a propget request for a single property and that this behaviour could be disabled in the web.xml of slide. I disabled it and I do a propfind on that very specific property (not a propgetall) and still I only get empty Strings. Or, to be exact, it is Strings with a lot of spaces in it. Actualy there is something, because when I misspell the property name I dond't get that empty Strings. So is it possible that the client api can not display the xml stuff either?? My test-code for this property looks like that: WebdavResource resource=...; try { Enumeration enum=resource.propfindMethod("DAV:group-member-jet"); if (enum!=null&&enum.hasMoreElements()) { while (enum.hasMoreElements()) { out.write((String)enum.nextElement()+""); } } else out.write("enum was empty!"); } catch ( Exception e){ out.write(e.toString());} Do I have to use different methods of WebdavResource, or do I have to specify the property name differently? I realy need to find out how to get this thing, and it seems some of you did already. Please help. I'm already over the time for this project and I realy got stuck on that thing. Regards, Frank - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Client & NTLM Authentication
In WebdavResource there are constructors where you can supply your credentials, for example: public WebdavResource(String escapedHttpURL, Credentials credentials) And I have got at least one report that it works. Ingo > I'm trying to figure out how to use NTLM authentication with the Slide = > client. It seemed straightforward enough at first: use = > retrieveSessionInstance() to get at the underlying HttpClient, then tell = > it to use NTLM credentials. > > But I've run into a chicken-and-egg problem: you must supply = > WebdavResource with some sort of URI in order to construct it, and for = > me that URI will fail (throw a 401 exception) until the correct = > credentials have been supplied. But, there's no way to get to the = > underlying HttpClient and set the credentials until after the object has = > been successfully constructed! How do I get around this? > > --Matthew Beermann - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]