The approach we took and I have heard others took was to create a separate web application (we used an extended Struts framework) and to use the webdavResource, aka "Client Library". We designed a "Wrapper" for the library to allow it to be instantiated and stored in the session when a successful login to the slide server occurred and all our actions looked for that "Client" in the session and used it to talk to Slide. Then all our pages accessed Struts Actions to do their work and those actions all used the "Client" object's public methods that wrapped the webdavResource for simple methods and obtained the underlying webdavResource object itself for more complex methods. Works well.
Michael Oliver CTO Matrix Intermedia Inc. 3325 N. Nellis Blvd, #1 Las Vegas, NV 89115 Phone:(702)643-7425 Fax:(520)844-1036 -----Original Message----- From: Ricardo Gladwell [mailto:[EMAIL PROTECTED] Sent: Monday, July 19, 2004 9:38 AM To: Slide Users Mailing List Subject: Slide Security Questions Hi All, I'm in the process of developing a web application that has a Slide WebdavServlet-run WebDAV repository and a JSP-based HTML front-end. The front-end needs to integrate with the repository for security purposes (users need to be able log into the WebDAV repository using the same uid/password they log into the front-end, administrators can give users access to otherwise restricted parts of the WebDAV repository, etc). With this in mind I would like to be able to access and modify priviliges using the WebDAV repository from the HTML front-end. What is the best method to access the WebDAV server API from another part of the web application? I discovered it is possible to obtain a reference to the root NAT from the ServletContext as follows: NamespaceAccessToken nat = (NamespaceAccessToken) context.getAttribute(WebdavServlet.ATTRIBUTE_NAME); I can then obtain a reference to the SlideToken using the WebdavUtils class and from their manage the WEbDAV repository. I'm slightly puzzled as to how I might 'fake' and HTTP authentication to log in as say, root, from the application to carry out some of the privileged tasks? I also noticed that Slide has a JMX MBean interface, although I am unsure as to whether accessing via JMX would be preferable in anyway to simply obtaining the NAT reference. BTW, what does a SubjectNode represent? There is no documentation in the JavaDoc. Kind regards... -- Ricardo Gladwell --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]