how to use webdav to access source code
Tuesday Dec 09, 2008
Sometimes, we like to allow people to access source code with webdav.
To do this in web 6.1, you turn on webdav, see docs at
http://docs.sun.com/app/docs/doc/820-5714/bhavk?l=en&a=view&q=webdav
e.g. in my env, I created a dir. under my docroot,
1. APPLE:/export/home/iws6.1sp10/httpacl> ls -l ../docs
total 56
.....
drwxrwxrwx 2 root other 512 Dec 9 14:16 test3cu
lrwxrwxrwx 1 root other 36 Dec 9 14:20 test3cu-src -> /export/home/iws6.1sp10/docs/test3cu
APPLE:/export/home/iws6.1sp10/httpacl> ls -l ../docs/test3cu
total 2
-rw-r--r-- 1 root other 423 Dec 9 14:16 check-heap-mem.jsp
(So, test3cu-src will map to runtime test3cu .
We need two different uri above for different ACLs later for source and runtime access.)
2. then I added it into my webdav collection,
then my server.xml looks like:
<DAV lockdb="/export/home/iws6.1sp10/https-dav/lock-db/https-dav" minlockt
imeout="0" maxxmlrequestbodysize="8192" maxpropdepth="1" enabled="true" lockdbup
dateinterval="0" propdbupdateinterval="0" maxpropdbsize="8192">
<DAVCOLLECTION uri="/test3cu" sourceuri="/test3cu-src" enabled="true"/>
</DAV>
3. then , I added my ACLs,
APPLE:/export/home/iws6.1sp10/httpacl> cat generated.https-dav.acl
version 3.0;
acl "default";
authenticate (user, group) {
prompt = "Sun ONE Web Server";
};
allow (read, execute, info) user = "anyone";
allow (list, write, delete) user = "all";
acl "es-internal";
allow (read, execute, info) user = "anyone";
deny (list, write, delete) user = "anyone";
acl "dav-src";
deny (all) user = "anyone";
....
acl "uri=/test3cu/";
authenticate (user,group) {
database = "default";
method = "basic";
prompt = "webdav testcu3 execution path";
};
deny (all)
(user = "anyone" ›;
allow (all)
(user = "u1" ›;
acl "uri=/test3cu-src/";
authenticate (user,group) {
database = "default";
method = "basic";
prompt = "webdav for source uri test3cu-src";
};
deny (all)
(user = "anyone" ›;
allow (all)
(user = "u2" ›;
----
so, u1 can run the jsp, and u2 can access the source code of the jsp.
4. then I tested
a/ the runtime,
http://apple.asia.sun.com:60105/test3cu/check-heap-mem.jsp
then login as u1, passwd = u1
will show the jsp runtime results properly
b/ access the jsp source
http://apple.asia.sun.com:60105/test3cu-src/check-heap-mem.jsp
if login as u1, then it will be forbidden
if login as u2, then it will be ok and fine.
and show the source of the jsp instead of the runtime result.
5. If I use the same uri in my server.xml webdav collection, e.g.
<DAVCOLLECTION uri="/test" sourceuri="/test"
enabled="true"/>
and ACL:
acl "dav-src";
deny (all) user = "anyone";
acl "uri=/test/";
authenticate (user,group) {
method = "basic";
prompt = "webdav PURE uri test";
};
deny (all)
(user = "anyone"›;
allow (all)
(user = "u1"›;
then the default will be source code access.
e.g.
http://apple.asia.sun.com:60105/test/check-heap-mem.jsp
will ASK auth and prompt asking uid/passwd, then enter uid/passwd ok,
and will show the
jsp source code, instead of jsp results because sourceuri="/test" default behavior is source access.
6. if you do not have sourceuri="/test" , then it will run the jsp and show the runtime results,
e.g.
<DAVCOLLECTION uri="/test2" enabled="true"/>
and ACL:
http://apple.asia.sun.com:60105/test2/check-heap-mem.jsp
will run the jsp results and no auth prompt asking uid/passwd
because we use acl "default";
Feel free to try the webdav collection.
|
|
|
|
