Problem get ACL using WVCM API when using Tomcat5
I am using the latest Slide 2.1 b2 and the proposed Wvcm client API to access Slide server. Here is my program: ControllableResource resource = getControllableResource(resPath); List acl = resource.doReadAccessControlList(true); Here is the exception I got: javax.wvcm.WvcmException: Moved Temporarily The problem happens only when I run Slide on tomcat 5. It does not happen when I run Slide on Tomcat 4.1.30. The same for Slide 2.1B1 and Slide 2.1M1. Thanks Frank Li
RE: Solved my hang problem with DB2
I've opened defect 31907 for this problem and submitted the patches for it. I've also opened defect 31908 for the potential problems in hasPermission() so that it will be looked at by someone who knows the security implementation. Warwick > -Original Message- > From: Warwick Burrows [mailto:[EMAIL PROTECTED] > Sent: Tuesday, October 26, 2004 7:28 PM > To: 'Slide Users Mailing List' > Subject: Solved my hang problem with DB2 > > > Hi, > > The problem was that some of the action related methods in > the SecurityImpl class were not "enlisted" to the current > transaction when they made db calls. The "Uri" object > instance that was being used to call the store's retrieve > interface didn't have the current SlideToken set because the > Uri was being created with getUri(String) and not > getUri(SlideToken, String). Without the current token set the > Uri assumes that there is no current transaction going on and > gets another connection to make its requests on. It seems > that it was eventually blocking waiting for the transaction > to complete but the transaction could not complete until it > had performed its db reads. So I modified the path to > loadActions() called from the > matchAction() method which takes a SlideToken and passed this > token through to loadActions() setting Uri's with the > getUri(String) with getUri(SlideToken, String) when I found > it. I also fixed the call path to > loadActions() that came from the PropertyHelper classes. > > I will submit a defect for this and the patch files to bugzilla. > > There are some other places where getUri(String) is used, eg. > getActionNode() in the NamespaceConfig class and > hasPermission() in the SecurityImpl class. The former is > called only during initialization when it seems that there is > no token around to use. But in the latter case > hasPermission() does make calls to the store using three > different Uris it constructs. So for those using the access > control these calls may result in a deadlock just as happened > in my case. > > Warwick > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Solved my hang problem with DB2
Hi, The problem was that some of the action related methods in the SecurityImpl class were not "enlisted" to the current transaction when they made db calls. The "Uri" object instance that was being used to call the store's retrieve interface didn't have the current SlideToken set because the Uri was being created with getUri(String) and not getUri(SlideToken, String). Without the current token set the Uri assumes that there is no current transaction going on and gets another connection to make its requests on. It seems that it was eventually blocking waiting for the transaction to complete but the transaction could not complete until it had performed its db reads. So I modified the path to loadActions() called from the matchAction() method which takes a SlideToken and passed this token through to loadActions() setting Uri's with the getUri(String) with getUri(SlideToken, String) when I found it. I also fixed the call path to loadActions() that came from the PropertyHelper classes. I will submit a defect for this and the patch files to bugzilla. There are some other places where getUri(String) is used, eg. getActionNode() in the NamespaceConfig class and hasPermission() in the SecurityImpl class. The former is called only during initialization when it seems that there is no token around to use. But in the latter case hasPermission() does make calls to the store using three different Uris it constructs. So for those using the access control these calls may result in a deadlock just as happened in my case. Warwick
Re: Adding a non-inheritable permission to a folder using webdav clie nt lib not working
Krishna Kankipati wrote: Michael, I did not get your sentence "So this means that you may be unable to preserve the meaning of existing ACEs when adding a new one." Although it is true that you cannot add/remove/modify each ace individually, . adding a new ace will not alter the meaning of existing aces at all. You cannot add a new ACE. You can only set the entire set of ACEs at once. Since slide's ACEs are more flexible than the webdav ACL protocol allows for, this means you can't preserve all existing ACEs when changing or adding one via the ACL protocol. Correct me if I mis-read you statement So, do you mean to say that slide ACL protocol offers no way to set non-inheritable permissions to collections using webdav client lib. I said that, my other statement (that you can't preserve existing ACEs in all cases) follows directly from this. What is the meaning of the member variable isInherited in Ace class, if it cannot be set to true. Do you mean to say that it has to be set to false all the time? What is the true meaning of this member variable, it is kind of confusing The Ace class is used for more things than just setting ACEs, and the isInherited stuff is meaningful in some of those other uses. Mike - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: lucene, extractor and pdf - HOW?
When Lucene is not configured then what is used for DASL? When is the indexing performed? Where is that best place to learn more about search configuration, etc... Thanks John -Original Message- From: Unico Hommes [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 26, 2004 9:12 AM To: Slide Users Mailing List Subject: Re: lucene, extractor and pdf - HOW? Markus Maeder wrote: >A colleague and I were planning an archive system mainly based on apache >components. The system should have an extractor architecture and a flexible >permission system. > >Searching for components, we stumbled over slide: most of the work seems to be >already done. :) Thanks to all the developpers. > >We know try to find out the gap between our needs and slide 2.1 > >At the moment, I'm struggling with the extractor framework. > >Question 1: >How can I enable a PDF extractor in Domain.xml? > > > Look at the example configuration http://cvs.apache.org/viewcvs.cgi/jakarta-slide/src/conf/webapp/Extracto r-Domain.xml?view=markup >Question 2: >How can I reindex the documents, when I have added a new extractor? > > > Save them again. There is currenly no other mechanism unfortunately. >Question 3: >Is there an easyer way than using DASL to search the files (e.g. with Windows >Explorer)? > > > No. >Question 4: >Does DASL use the lucene index? > > > Only if you enable the lucene content indexer in the store definition: store/index (Again see the example Domain.xml mentioned above) -- Unico - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Server seems to hang on create new WebdavResource...
Only an UNLOCK method can do this. You can also delete them in the physical stores, but this should not be necessay and will be complicated. Oliver On Tue, 26 Oct 2004 11:22:40 -0400, Nick Longinow <[EMAIL PROTECTED]> wrote: > Wow. So how do you clear the webdav persistent locks, if so needed ? > > > > Nick > > -Original Message- > From: Oliver Zeigermann [mailto:[EMAIL PROTECTED] > Sent: Tuesday, October 26, 2004 11:21 AM > To: Nick Longinow > Subject: Re: Server seems to hang on create new WebdavResource... > > All this is more complicated: next to the WebDAV locks you set there > are other locks internal to the tx file store that guarantee each > single request will be correct and not corrupting anything. You have > cleared the internal locks by restarting as the WebDAV locks are > persistent. > > Just to add to the complextiy I am currently adding a third (in a > certain sense even fifth) kind of locks which are similar to the ones > in the tx file store, but more high level. > > Oliver > > On Tue, 26 Oct 2004 11:16:06 -0400, Nick Longinow > <[EMAIL PROTECTED]> wrote: > > Yes, but in my case I believe I created a lock with an infinite timeout. > > I must be careful using them, it seems. > > > > > > > > Nick > > > > -Original Message- > > From: Oliver Zeigermann [mailto:[EMAIL PROTECTED] > > Sent: Tuesday, October 26, 2004 11:14 AM > > To: Nick Longinow > > Subject: Re: Server seems to hang on create new WebdavResource... > > > > Would be better to have something like a timeout for those locks, but > > this has not been implemented, yet :( > > > > Oliver > > > > On Tue, 26 Oct 2004 11:12:24 -0400, Nick Longinow > > <[EMAIL PROTECTED]> wrote: > > > Yes, and it appears to be working ok now. Its good to know that > > restarting > > > the server actually clears any pending locks. > > > > > > Thanks Oliver > > > > > > > > > Nick > > > > > > -Original Message- > > > From: Oliver Zeigermann [mailto:[EMAIL PROTECTED] > > > Sent: Tuesday, October 26, 2004 11:10 AM > > > To: Nick Longinow > > > Subject: Re: Server seems to hang on create new WebdavResource... > > > > > > If there is restarting the server should clear locks for the tx file > > > store. I suppose you use it? > > > > > > Oliver > > > > > > On Tue, 26 Oct 2004 11:06:53 -0400, Nick Longinow > > > <[EMAIL PROTECTED]> wrote: > > > > I had been using the external transaction feature, but had stopped. > > > > Is it possible there is still a lock pending ? How would one get rid > of > > > it? > > > > > > > > > > > > Nick > > > > > > > > -Original Message- > > > > From: Oliver Zeigermann [mailto:[EMAIL PROTECTED] > > > > Sent: Tuesday, October 26, 2004 3:00 AM > > > > To: Nick Longinow > > > > Cc: Slide Users Mailing List > > > > Subject: Re: Server seems to hang on create new WebdavResource... > > > > > > > > This looks like a live lock in the database used. Do you use the > > > > external transaction feature? > > > > > > > > Oliver > > > > > > > > On Mon, 25 Oct 2004 15:33:05 -0400, Nick Longinow > > > > <[EMAIL PROTECTED]> wrote: > > > > > This is behaviour that I've not pinned down yet, but it seems that > > > > > periodically when I attempt to create a WebdavResource object in my > > > client > > > > > code, the call to "new WebdavResource(HTTPUrl)" never returns, or at > > > least > > > > > takes more than 10-15 minutes to do so. > > > > > > > > > > I see no log errors displayed in the Tomcat screen logs . Is there > > > > > somewhere else that might be indicating what it is waiting for, or > > what > > > is > > > > > going on during this time ? (I'm using the Tomcat bundled 2.1B2 > > > server). > > > > > Thanks Nick > > > > > > > > > > -Original Message- > > > > > From: Oliver Zeigermann [mailto:[EMAIL PROTECTED] > > > > > Sent: Monday, October 25, 2004 11:31 AM > > > > > To: Slide Users Mailing List > > > > > Subject: Re: Repository being reset after restart, how to get back > > > content > > > > ? > > > > > > > > > > Maybe the store configured in your Domain.xml points to another > > > > > location than the one you have looked into? E.g. Domain.xml says > > > > > c:/tmp and you find something in store. Try saving a file a have a > > > > > look if it appears in the directory you expect to be your store > > > > > directory. > > > > > > > > > > Oliver > > > > > > > > > > On Mon, 25 Oct 2004 10:17:10 -0400, Nick Longinow > > > > > <[EMAIL PROTECTED]> wrote: > > > > > > Ok, this is a very beginner level question. > > > > > > > > > > > > I am using the basic Tx store given in the downloadable Tomcat > > version > > > > of > > > > > > Slide, and have created a set of users and collections. When I > > > > restarted > > > > > > Tomcat, they are all gone when I look at the Url for slide, but if > I > > > > look > > > > > > into the directory tree for 'store' it is all in there. > > > > > > > > > > > > How can I get it all back ? > > > > > > > > > > > > > > --
RE: Adding a non-inheritable permission to a folder using webdav clie nt lib not working
Jason, Sorry I mis-spelt a sentence. Here is the corrected version ***8 Do you mean to say that it is not possible to set a permission to a folder that "would not inherit" to its children. Somehow if I set a permission in Domain.xml with inheritable=false, it does the job (I know it uses slide API directly). This contradicts your statement. Also, I am using webdav client-lib API. Do you think this would be a bug in the webdav client-lib API? ***8 Krishna -Original Message- From: Krishna Kankipati Sent: Tuesday, October 26, 2004 9:26 AM To: 'Slide Users Mailing List' Subject: RE: Adding a non-inheritable permission to a folder using webdav clie nt lib not working Jason, Do you mean to say that it is not possible to set a permission to a folder that "would not inherit" to its children. Somehow if I set a permission in Domain.xml with inheritable=false, it does not job (I know it uses slide API directly). This contradicts your statement. Also, I am using webdav client-lib API. Do you think this would be a bug in the webdav client-lib API? Thanks, Krishna -Original Message- From: James Mason [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 26, 2004 12:34 AM To: Slide Users Mailing List Subject: Re: Adding a non-inheritable permission to a folder using webdav clie nt lib not working Krishna, As far as I know Slide always sets permissions on collections to inheritable. -James On Mon, 2004-10-25 at 16:49 -0400, Krishna Kankipati wrote: > Hi, > I have been trying for quiet some time to add a permission to a > folder using webdav client-lib that does not inherit to the downstream > folders. I have taken the code from client-lib that is shipped with slide > and am using slide 2.1 B1. In my code I use the following fragment to create > an ACE object and bind it to ACL. > > The code works perfectly if 4th parameter (isInherited) is set to false > > // Create new ACE object bIsInherited = false > aceNew = new Ace(sPrincipal, bDenyPrivilege, false, bIsInherited, null); > > > The code does not work if 4th parameter (isInherited) is set to true. I am > assuming that you set the 4th parameter to true if you are trying to make > the permission non-inheritable (not allow it to percolate to the downstream > folders). > > With 4th parameter set to true, webdav client does not throw any error but > does not add the permission. Later when I get the ACL for the resource I > find that the ace has not been added. > > Please let me know if I am missing something ... or if it is possible at all > to create a permission(ace) in a ACL which does not percolate to downstream > folders using webdav client lib. > > I found that adding a inheritable(false) permission in domain.xml does the > job as desired. I am wondering why it is not working from webdav client lib. > > Any help is appreciated !! > > /*** code fragment */ > > // Fetch ACL from slide for a folder > AclProperty acl = webDavResource.aclfindMethod(sResourcePath); > > // Fetch the ACE's (access control entities) of the existing ACL > Ace[] aces = acl.getAces(); > > // Create new ACE object none exists > if (aces == null) >aces = new Ace[0]; > > Ace[] oldAces = aces; > // Create a new ace array (larger then the earlier ace array by 1) > aces = new Ace[oldAces.length + 1]; > > // Copy the old array into the new array > System.arraycopy(oldAces,0,aces,0,oldAces.length); > > // Create new ACE object bIsInherited = true > aceNew = new Ace(sPrincipal, bDenyPrivilege, false, bIsInherited, null); > > // Copy the new ace into the new ace array > aces[oldAces.length] = aceMatchingPrincipal; > > // Create a new privilege > Privilege privilegeNew = new Privilege(qnPermission.getNamespaceURI(), > qnPermission.getLocalName(), null); > > // Update the ace object with the new privilege settings > > aceNew.addPrivilege(privilegeNew); > > // Update repository with new acl for the resource > bSuccess = webDavResource.aclMethod(sResourcePath, aces); > > > > Krishna > (303) 274 3027 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Adding a non-inheritable permission to a folder using webdav clie nt lib not working
Ingo, Why is Ace class exposing its isInherited member variable if cannot be set explicitly. It also has a mutator method called setIsInherited(). If value set to false, it works. If set to true it just doesn't do anything (does not throw error too). Seems like a bug. Also, using domain.xml you can create non-inheritable permissions. I have tried that and it works. All I am asking is if I can achieve the same using webdav client lib. Thanks, Krishna -Original Message- From: Ingo Brunberg [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 26, 2004 1:22 AM To: Slide Users Mailing List Subject: Re: Adding a non-inheritable permission to a folder using webdav clie nt lib not working You can't set a permission that is inherited. Inherited means the ACE is really inherited (believe me) from a parent resource. In fact you should filter the ACEs with the inherited flag set before calling the aclMethod(). Luckily the client library does this for you. Ingo > Hi, > I have been trying for quiet some time to add a permission to a > folder using webdav client-lib that does not inherit to the downstream > folders. I have taken the code from client-lib that is shipped with slide > and am using slide 2.1 B1. In my code I use the following fragment to create > an ACE object and bind it to ACL. > > The code works perfectly if 4th parameter (isInherited) is set to false > > // Create new ACE object bIsInherited = false > aceNew = new Ace(sPrincipal, bDenyPrivilege, false, bIsInherited, null); > > > The code does not work if 4th parameter (isInherited) is set to true. I am > assuming that you set the 4th parameter to true if you are trying to make > the permission non-inheritable (not allow it to percolate to the downstream > folders). > > With 4th parameter set to true, webdav client does not throw any error but > does not add the permission. Later when I get the ACL for the resource I > find that the ace has not been added. > > Please let me know if I am missing something ... or if it is possible at all > to create a permission(ace) in a ACL which does not percolate to downstream > folders using webdav client lib. > > I found that adding a inheritable(false) permission in domain.xml does the > job as desired. I am wondering why it is not working from webdav client lib. > > Any help is appreciated !! > > /*** code fragment */ > > // Fetch ACL from slide for a folder > AclProperty acl = webDavResource.aclfindMethod(sResourcePath); > > // Fetch the ACE's (access control entities) of the existing ACL > Ace[] aces = acl.getAces(); > > // Create new ACE object none exists > if (aces == null) >aces = new Ace[0]; > > Ace[] oldAces = aces; > // Create a new ace array (larger then the earlier ace array by 1) > aces = new Ace[oldAces.length + 1]; > > // Copy the old array into the new array > System.arraycopy(oldAces,0,aces,0,oldAces.length); > > // Create new ACE object bIsInherited = true > aceNew = new Ace(sPrincipal, bDenyPrivilege, false, bIsInherited, null); > > // Copy the new ace into the new ace array > aces[oldAces.length] = aceMatchingPrincipal; > > // Create a new privilege > Privilege privilegeNew = new Privilege(qnPermission.getNamespaceURI(), > qnPermission.getLocalName(), null); > > // Update the ace object with the new privilege settings > > aceNew.addPrivilege(privilegeNew); > > // Update repository with new acl for the resource > bSuccess = webDavResource.aclMethod(sResourcePath, aces); > > > > Krishna > (303) 274 3027 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Adding a non-inheritable permission to a folder using webdav clie nt lib not working
Michael, I did not get your sentence "So this means that you may be unable to preserve the meaning of existing ACEs when adding a new one." Although it is true that you cannot add/remove/modify each ace individually, . adding a new ace will not alter the meaning of existing aces at all. Correct me if I mis-read you statement So, do you mean to say that slide ACL protocol offers no way to set non-inheritable permissions to collections using webdav client lib. What is the meaning of the member variable isInherited in Ace class, if it cannot be set to true. Do you mean to say that it has to be set to false all the time? What is the true meaning of this member variable, it is kind of confusing Krishna -Original Message- From: Michael Smith [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 26, 2004 1:10 AM To: Slide Users Mailing List Subject: Re: Adding a non-inheritable permission to a folder using webdav clie nt lib not working James Mason wrote: > Krishna, > > As far as I know Slide always sets permissions on collections to > inheritable. > > -James Right. The webdav ACL protocol has a strange asymmetry here: it can tell you whether a permission is inheritable or not, but it has no way to specify that (either way) when _setting_ an ACL (whether the ACEs set are inheritable or not is implementation defined). This is particularly troubling since you have to set all the ACEs at once, you can't just add/remove/modify one at a time. So this means that you may be unable to preserve the meaning of existing ACEs when adding a new one. Mike - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Adding a non-inheritable permission to a folder using webdav clie nt lib not working
Jason, Do you mean to say that it is not possible to set a permission to a folder that "would not inherit" to its children. Somehow if I set a permission in Domain.xml with inheritable=false, it does not job (I know it uses slide API directly). This contradicts your statement. Also, I am using webdav client-lib API. Do you think this would be a bug in the webdav client-lib API? Thanks, Krishna -Original Message- From: James Mason [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 26, 2004 12:34 AM To: Slide Users Mailing List Subject: Re: Adding a non-inheritable permission to a folder using webdav clie nt lib not working Krishna, As far as I know Slide always sets permissions on collections to inheritable. -James On Mon, 2004-10-25 at 16:49 -0400, Krishna Kankipati wrote: > Hi, > I have been trying for quiet some time to add a permission to a > folder using webdav client-lib that does not inherit to the downstream > folders. I have taken the code from client-lib that is shipped with slide > and am using slide 2.1 B1. In my code I use the following fragment to create > an ACE object and bind it to ACL. > > The code works perfectly if 4th parameter (isInherited) is set to false > > // Create new ACE object bIsInherited = false > aceNew = new Ace(sPrincipal, bDenyPrivilege, false, bIsInherited, null); > > > The code does not work if 4th parameter (isInherited) is set to true. I am > assuming that you set the 4th parameter to true if you are trying to make > the permission non-inheritable (not allow it to percolate to the downstream > folders). > > With 4th parameter set to true, webdav client does not throw any error but > does not add the permission. Later when I get the ACL for the resource I > find that the ace has not been added. > > Please let me know if I am missing something ... or if it is possible at all > to create a permission(ace) in a ACL which does not percolate to downstream > folders using webdav client lib. > > I found that adding a inheritable(false) permission in domain.xml does the > job as desired. I am wondering why it is not working from webdav client lib. > > Any help is appreciated !! > > /*** code fragment */ > > // Fetch ACL from slide for a folder > AclProperty acl = webDavResource.aclfindMethod(sResourcePath); > > // Fetch the ACE's (access control entities) of the existing ACL > Ace[] aces = acl.getAces(); > > // Create new ACE object none exists > if (aces == null) >aces = new Ace[0]; > > Ace[] oldAces = aces; > // Create a new ace array (larger then the earlier ace array by 1) > aces = new Ace[oldAces.length + 1]; > > // Copy the old array into the new array > System.arraycopy(oldAces,0,aces,0,oldAces.length); > > // Create new ACE object bIsInherited = true > aceNew = new Ace(sPrincipal, bDenyPrivilege, false, bIsInherited, null); > > // Copy the new ace into the new ace array > aces[oldAces.length] = aceMatchingPrincipal; > > // Create a new privilege > Privilege privilegeNew = new Privilege(qnPermission.getNamespaceURI(), > qnPermission.getLocalName(), null); > > // Update the ace object with the new privilege settings > > aceNew.addPrivilege(privilegeNew); > > // Update repository with new acl for the resource > bSuccess = webDavResource.aclMethod(sResourcePath, aces); > > > > Krishna > (303) 274 3027 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[Streaming/Chunking] Can I customize Slide?
Hello! Slide is for me brand new. Perhaps anyone from you can answer me two questions about Slide: 1. Can I customize Streaming/Chunking. Is it correct, that this is part of the Servlet-Container? 2. Supports Slide "RE"-GET/PUT after a broken connection? Best regards Tobias - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: About using LDAP server to store user info
Jun, sorry for the late answer. The value is the absolute path of the user entry. E.g.: [EMAIL PROTECTED],CN=Users,DC=...,DC=...,DC=de I don't know your LDAP configuration. But you can read this value from the LDAP browser. Regards Stefan Am Sun, 24 Oct 2004 06:25:42 -0700 (PDT) schrieb Gao Jun <[EMAIL PROTECTED]>: Stefan, If I have created the root role node in my LDAP server, and I want to add two users [EMAIL PROTECTED] and [EMAIL PROTECTED] to this role, then what's the value forthe "member" attribute of the root node in LDAP server? Just "[EMAIL PROTECTED];[EMAIL PROTECTED]"? Thanks. regards, Jun Stefan Fromm <[EMAIL PROTECTED]> wrote: Hello Jun, if you fetch roles from the LDAP server too then the users have the roles defined in the LDAP server. That means you do not assign any roles to users via Slide because this information should be contained in the LDAP directory. JNDIPrincipalStore is readonly anyway, so you cannot change anything via Slide/WebDAV. If you want to assign a role to a user you have to create that role in the LDAP directory and assign the appropriate users as members. The roles store definition in Domain.xml looks very similar to the users store definition. For roles you use an additional store parameter like e.g. member This means that the membership of users in roles is read from the given LDAP attribute "member". It can contain several paths to user nodes. In our environment users and roles are stored under the same LDAP node. The distinction is made by the object class: (objectClass=user) (for users) (objectClass=group) (for roles) In my last mail there was an example Domain.xml about how to configure users and roles for LDAP. I would recommend to change the store definitions as needed. Please make sure, that no users and roles are contained in the data section (subnodes of /users and /roles). Last step is to change all node permissions according to your available users and roles from the LDAP directory. So your "root" role will be any admin role coming from the LDAP directory. Hope this helps, best regards, Stefan Am Thu, 21 Oct 2004 19:42:23 -0700 (PDT) schrieb Gao Jun : Stefan, I'm now trying to set up the roles store in LDAP server as well, but I don't know how to do that. For example, if I have a user defined in LDAP server: [EMAIL PROTECTED] I want assign the root role to this user, then what should I do in LDAP server? And is there any attribute I need to modify in the Domain.xml? Thanks. regards, Jun - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - Do you Yahoo!? vote.yahoo.com - Register online to vote today! - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to setup authentication at collection level in slide?
Hello Girish, I want to add some things regarding your XML snippets: Where "gn" was a user I defined in the domain.xml http://jakarta.apache.org/slide/"; name="password">gn You create a user "/users/gn" but in the permissions of the object node you refer to user "user/gn". The same applies for "/user/john". For "john" having write access he also needs explicitely given read access. But I guess that the read access is given in a superior node of "/files/girish". With this setup, I can't login with gn/gn nor does using john2/john2 prevents me from creating a subfolder under /files/girish. I cannot see any permission for "/users/john2". Is it possible to setup authenication so that "writing" to certain folders are allowed to only the specified users? Yes it is possible. If you want to restrict write access on a certain folder to a certain user then do something like this: 1. Make sure the user is given read access (somewhere in a superior node, inheritable). 2. Explicitely grant write access to that special user. 3. Deny write access to everybody else. Example: ... ... The strategy for evaluating the ACLs is to find the first entry which matches the current user and the action to be executed. If /users/john would try to write on /files/john then the first entry would match. Because this entry is not negative the action would be permitted. After having found this matching entry no further ACL entries are evaluated. As another user the first ACL entry doesn't match. So the next entry is checked. This applies to all users and denies the write access. So this the other user would not be permitted to write. The helpers do not distinguish whether a read operation was initiated by another helper or by a WebDAV request. Therefore read access is needed because the Slide helpers perform read accesses to fulfill write operations and because giving write access does not imply read access. Regards, Stefan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: lucene, extractor and pdf - HOW?
Markus Maeder wrote: A colleague and I were planning an archive system mainly based on apache components. The system should have an extractor architecture and a flexible permission system. Searching for components, we stumbled over slide: most of the work seems to be already done. :) Thanks to all the developpers. We know try to find out the gap between our needs and slide 2.1 At the moment, I'm struggling with the extractor framework. Question 1: How can I enable a PDF extractor in Domain.xml? Look at the example configuration http://cvs.apache.org/viewcvs.cgi/jakarta-slide/src/conf/webapp/Extractor-Domain.xml?view=markup Question 2: How can I reindex the documents, when I have added a new extractor? Save them again. There is currenly no other mechanism unfortunately. Question 3: Is there an easyer way than using DASL to search the files (e.g. with Windows Explorer)? No. Question 4: Does DASL use the lucene index? Only if you enable the lucene content indexer in the store definition: store/index (Again see the example Domain.xml mentioned above) -- Unico - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
lucene, extractor and pdf - HOW?
A colleague and I were planning an archive system mainly based on apache components. The system should have an extractor architecture and a flexible permission system. Searching for components, we stumbled over slide: most of the work seems to be already done. :) Thanks to all the developpers. We know try to find out the gap between our needs and slide 2.1 At the moment, I'm struggling with the extractor framework. Question 1: How can I enable a PDF extractor in Domain.xml? Question 2: How can I reindex the documents, when I have added a new extractor? Question 3: Is there an easyer way than using DASL to search the files (e.g. with Windows Explorer)? Question 4: Does DASL use the lucene index? Markus - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Adding a non-inheritable permission to a folder using webdav clie nt lib not working
You can't set a permission that is inherited. Inherited means the ACE is really inherited (believe me) from a parent resource. In fact you should filter the ACEs with the inherited flag set before calling the aclMethod(). Luckily the client library does this for you. Ingo > Hi, > I have been trying for quiet some time to add a permission to a > folder using webdav client-lib that does not inherit to the downstream > folders. I have taken the code from client-lib that is shipped with slide > and am using slide 2.1 B1. In my code I use the following fragment to create > an ACE object and bind it to ACL. > > The code works perfectly if 4th parameter (isInherited) is set to false > > // Create new ACE object bIsInherited = false > aceNew = new Ace(sPrincipal, bDenyPrivilege, false, bIsInherited, null); > > > The code does not work if 4th parameter (isInherited) is set to true. I am > assuming that you set the 4th parameter to true if you are trying to make > the permission non-inheritable (not allow it to percolate to the downstream > folders). > > With 4th parameter set to true, webdav client does not throw any error but > does not add the permission. Later when I get the ACL for the resource I > find that the ace has not been added. > > Please let me know if I am missing something ... or if it is possible at all > to create a permission(ace) in a ACL which does not percolate to downstream > folders using webdav client lib. > > I found that adding a inheritable(false) permission in domain.xml does the > job as desired. I am wondering why it is not working from webdav client lib. > > Any help is appreciated !! > > /*** code fragment */ > > // Fetch ACL from slide for a folder > AclProperty acl = webDavResource.aclfindMethod(sResourcePath); > > // Fetch the ACE's (access control entities) of the existing ACL > Ace[] aces = acl.getAces(); > > // Create new ACE object none exists > if (aces == null) >aces = new Ace[0]; > > Ace[] oldAces = aces; > // Create a new ace array (larger then the earlier ace array by 1) > aces = new Ace[oldAces.length + 1]; > > // Copy the old array into the new array > System.arraycopy(oldAces,0,aces,0,oldAces.length); > > // Create new ACE object bIsInherited = true > aceNew = new Ace(sPrincipal, bDenyPrivilege, false, bIsInherited, null); > > // Copy the new ace into the new ace array > aces[oldAces.length] = aceMatchingPrincipal; > > // Create a new privilege > Privilege privilegeNew = new Privilege(qnPermission.getNamespaceURI(), > qnPermission.getLocalName(), null); > > // Update the ace object with the new privilege settings > > aceNew.addPrivilege(privilegeNew); > > // Update repository with new acl for the resource > bSuccess = webDavResource.aclMethod(sResourcePath, aces); > > > > Krishna > (303) 274 3027 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Adding a non-inheritable permission to a folder using webdav clie nt lib not working
James Mason wrote: Krishna, As far as I know Slide always sets permissions on collections to inheritable. -James Right. The webdav ACL protocol has a strange asymmetry here: it can tell you whether a permission is inheritable or not, but it has no way to specify that (either way) when _setting_ an ACL (whether the ACEs set are inheritable or not is implementation defined). This is particularly troubling since you have to set all the ACEs at once, you can't just add/remove/modify one at a time. So this means that you may be unable to preserve the meaning of existing ACEs when adding a new one. Mike - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Server seems to hang on create new WebdavResource...
Most likely this hasn't got anything to do with your problem... Oliver On Mon, 25 Oct 2004 15:39:39 -0400, Nick Longinow <[EMAIL PROTECTED]> wrote: > Modified:src/webdav/client/src/org/apache/commons/httpclient/methods > PutMethod.java > Log: > - Don't make any reading and writing to the input and output stream the > current > connection. > (It make the web-server hang or conflict after that) > - Bug reported by Elodie Tasia > All > > Here is more info, perhaps it will help ? > From: http://www.mail-archive.com/[EMAIL PROTECTED]/msg03024.html > Log: Don't make any reading and writing to the input and output stream the > current connection. (It make the web-server hang or conflict after that) Bug > reported by Elodie Tasia > Nick > > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Server seems to hang on create new WebdavResource...
This looks like a live lock in the database used. Do you use the external transaction feature? Oliver On Mon, 25 Oct 2004 15:33:05 -0400, Nick Longinow <[EMAIL PROTECTED]> wrote: > This is behaviour that I've not pinned down yet, but it seems that > periodically when I attempt to create a WebdavResource object in my client > code, the call to "new WebdavResource(HTTPUrl)" never returns, or at least > takes more than 10-15 minutes to do so. > > I see no log errors displayed in the Tomcat screen logs . Is there > somewhere else that might be indicating what it is waiting for, or what is > going on during this time ? (I'm using the Tomcat bundled 2.1B2 server). > Thanks Nick > > -Original Message- > From: Oliver Zeigermann [mailto:[EMAIL PROTECTED] > Sent: Monday, October 25, 2004 11:31 AM > To: Slide Users Mailing List > Subject: Re: Repository being reset after restart, how to get back content ? > > Maybe the store configured in your Domain.xml points to another > location than the one you have looked into? E.g. Domain.xml says > c:/tmp and you find something in store. Try saving a file a have a > look if it appears in the directory you expect to be your store > directory. > > Oliver > > On Mon, 25 Oct 2004 10:17:10 -0400, Nick Longinow > <[EMAIL PROTECTED]> wrote: > > Ok, this is a very beginner level question. > > > > I am using the basic Tx store given in the downloadable Tomcat version of > > Slide, and have created a set of users and collections. When I restarted > > Tomcat, they are all gone when I look at the Url for slide, but if I look > > into the directory tree for 'store' it is all in there. > > > > How can I get it all back ? > > > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
