apache web dav
TRANSCRIPT
-
8/12/2019 Apache Web Dav
1/59
WebDAV and Apache
Greg Stein
[email protected]://www.lyra.org/greg/
-
8/12/2019 Apache Web Dav
2/59
November 21, 2002 ApacheCon US 2002 2
Agenda
Overview Benefits
How does it work? Some scenarios
DAV software Setting up mod_dav
Futures
-
8/12/2019 Apache Web Dav
3/59
November 21, 2002 ApacheCon US 2002 3
What is WebDAV?(1 of 2)
Web-based Distributed Authoring andVersioning
DAV is the usual short form
Goal: enable interoperability of tools for
distributed web authoring
Turns the Web into a writeable medium
-
8/12/2019 Apache Web Dav
4/59
November 21, 2002 ApacheCon US 2002 4
What is WebDAV?(2 of 2)
Applies to all kinds of content - not justHTML and images
Based on extensions to HTTP
Uses XML for properties, control, status
RFC 2518
-
8/12/2019 Apache Web Dav
5/59
November 21, 2002 ApacheCon US 2002 5
Benefits
Benefits for all web users: Users
Authors
Server administrators
Technical benefits for developers, network
administrators, and security personnel
-
8/12/2019 Apache Web Dav
6/59
November 21, 2002 ApacheCon US 2002 6
User Benefits
User: defined here as a web surfer Document metadata available
More intelligent directory listings
-
8/12/2019 Apache Web Dav
7/59
November 21, 2002 ApacheCon US 2002 7
Author Benefits
Author: the person who writes the content Standard way to place content on server
Move/copy the content around Tag the content with metadata
Overwrite protection in group scenarios
-
8/12/2019 Apache Web Dav
8/59
November 21, 2002 ApacheCon US 2002 8
Administrator Benefits
Administrator: the person running the server All interaction via the protocol
Divorces local system layout, config, andstructure from the authors conceptual space
HTTP-based authentication instead of
system accounts
-
8/12/2019 Apache Web Dav
9/59
November 21, 2002 ApacheCon US 2002 9
Technical BenefitsOverview
Properties (metadata) Overwrite protection
Namespace management Versioning
Infrastructure: old and new Replacement protocol
-
8/12/2019 Apache Web Dav
10/59
November 21, 2002 ApacheCon US 2002 10
Technical BenefitsTerminology
Collection A collection of resources
A collection is also a resource
Resource
Generic name for collections or member
resources
Member Resource
Leaves in a URL namespace
-
8/12/2019 Apache Web Dav
11/59
November 21, 2002 ApacheCon US 2002 11
Technical BenefitsProperties
Properties are name/value pairs Names are uniquely identified with URIs
Values are well-formed XML fragments
All resources have properties
Files and directories
Server-defined/maintained, or client-defined
Records metadata such as author, title,
modification time, or size
-
8/12/2019 Apache Web Dav
12/59
November 21, 2002 ApacheCon US 2002 12
Technical BenefitsOverwrite Protection
Shared and exclusive locks Locks have characteristics such as timeouts,
owners, and depth
Identified by authentication and lock token
Apply to whole resources, not portions
-
8/12/2019 Apache Web Dav
13/59
November 21, 2002 ApacheCon US 2002 13
Technical BenefitsNamespace Management
Namespace refers to the URL hierarchy DAV provides mechanisms to create, move,
copy, and delete resources
-
8/12/2019 Apache Web Dav
14/59
November 21, 2002 ApacheCon US 2002 14
Technical BenefitsVersioning
Woah big topic DeltaV RFC 3253
Simple, linear versioning, or complexconfiguration management
Client-side and server-side workspaces
Baselines are snapshots
Activities can act as change sets
-
8/12/2019 Apache Web Dav
15/59
November 21, 2002 ApacheCon US 2002 15
Technical BenefitsExisting Infrastructure
Receives benefits of HTTP infrastructure Strong authentication
Encryption
Proxy/firewall navigation
Worldwide deployment
Huge talent pool; numerous tools, apps, etc
More on this later
-
8/12/2019 Apache Web Dav
16/59
November 21, 2002 ApacheCon US 2002 16
Technical BenefitsNew Infrastructure
DAV can provide infrastructure for: Collaboration
Metadata
Namespace management Versioning
Ordered collections
Access control
Searching
-
8/12/2019 Apache Web Dav
17/59
November 21, 2002 ApacheCon US 2002 17
Technical BenefitsReplacement Protocol
DAV providers read/write to the web server Can obsolete other mechanisms:
FTP
FrontPage and Fusion proprietary protocols
Custom or one-off solutions
Robust enough for future enhancements
-
8/12/2019 Apache Web Dav
18/59
November 21, 2002 ApacheCon US 2002 18
How Does it Work?
A protocol layered on HTTP/1.1 HTTP/1.1 clarifies the extension process
HTTP extensions
New HTTP headers
New HTTP methods
Additional semantics for existing methods
-
8/12/2019 Apache Web Dav
19/59
November 21, 2002 ApacheCon US 2002 19
New HTTP Headers
Destination: Lock-Token:
Timeout: Status-URI:
DAV: If:
Depth: Overwrite:
-
8/12/2019 Apache Web Dav
20/59
November 21, 2002 ApacheCon US 2002 20
New HTTP MethodsOverview
COPY, MOVE MKCOL
PROPPATCH, PROPFIND LOCK, UNLOCK
Eleven new methods for DeltaV
-
8/12/2019 Apache Web Dav
21/59
November 21, 2002 ApacheCon US 2002 21
New HTTP MethodsCOPY, MOVE
Pretty obvious: copy or move resources Copying collections uses Depth: header
Destination: header specifies target Also uses Overwrite: header
Optional request body controls the handling
of live properties
-
8/12/2019 Apache Web Dav
22/59
November 21, 2002 ApacheCon US 2002 22
New HTTP MethodsMKCOL
Create a new collection Avoids overloading PUT method
-
8/12/2019 Apache Web Dav
23/59
November 21, 2002 ApacheCon US 2002 23
New HTTP MethodsPROPPATCH, PROPFIND
PROPPATCH is used to set, change, ordelete properties on a single resource
PROPFIND fetches one or more properties
for one or more resources
-
8/12/2019 Apache Web Dav
24/59
November 21, 2002 ApacheCon US 2002 24
More on PROPFIND
Using PROPFIND anonymously allowsusers to discover files
Best to require authentication
In the future:
Browsers will want it for nice directories
Clients will want PROPFIND for metadata
Server will have finer granularity to hide items
-
8/12/2019 Apache Web Dav
25/59
November 21, 2002 ApacheCon US 2002 25
New HTTP MethodsLOCK, UNLOCK
Add and remove locks on resources Both use the Lock-Token: header
-
8/12/2019 Apache Web Dav
26/59
November 21, 2002 ApacheCon US 2002 26
Futures: WebDAV
Access Control (submitted; Q4 2002?) Advanced Collections
Bindings (restarting)
Ordering (idle)
References (idle)
Searching (progressing; Q2 2003?)
-
8/12/2019 Apache Web Dav
27/59
November 21, 2002 ApacheCon US 2002 27
Scenarios
Departmental Server Web Hosting
Software development teams
Remote collaboration
Network file system
Unified repository-access protocol
Application protocol
-
8/12/2019 Apache Web Dav
28/59
November 21, 2002 ApacheCon US 2002 28
Scenario: Departmental Server(1 of 2)
Department of 20 staff They operate a private web server
Web server acts as a repository
File servers used to play this role
Everybody needs to author documents
Web server (vs file server) provides better
navigation, overviews, and offsite links
-
8/12/2019 Apache Web Dav
29/59
November 21, 2002 ApacheCon US 2002 29
Scenario: Departmental Server(2 of 2)
Web site is DAV-enabled Allows remote authoring and maintenance
Allows tagging documents with metadata
Security can be used to limit or partition
areas for specific users
Documents drop right onto the server
New pages for summaries and overviews
-
8/12/2019 Apache Web Dav
30/59
November 21, 2002 ApacheCon US 2002 30
Scenario: Web Hosting(1 of 2)
5000 users http://www.someisp.com/username/
No need to enter users into /etc/passwd
Use any Apache mod_auth_* module
User directories can be distributed, shifted,
updated as needed across the filesystem
-
8/12/2019 Apache Web Dav
31/59
November 21, 2002 ApacheCon US 2002 31
Scenario: Web Hosting(2 of 2)
Apaches httpd.conf gets complicated Need section for each user
Something like UserDir would be great
For now, include a generated file
-
8/12/2019 Apache Web Dav
32/59
November 21, 2002 ApacheCon US 2002 32
WebDAV SoftwareClients
Joe Orton: cadaver, sitecopy, Neon
Nautilus, GNOME, KDE, Goliath
SkunkDAV, DAVExplorer
APIs: Python, Perl, C, Java
Commercial: Microsoft, Adobe,
Macromedia
-
8/12/2019 Apache Web Dav
33/59
November 21, 2002 ApacheCon US 2002 33
WebDAV SoftwareServers
Apache 2.0, and Apache 1.3/mod_dav Zope
Magi
Tomcat, Jakarta Slide(?)
Commercial: many
-
8/12/2019 Apache Web Dav
34/59
November 21, 2002 ApacheCon US 2002 34
WebDAV SoftwareSystems
Subversion
Microsoft Outlook/Exchange
-
8/12/2019 Apache Web Dav
35/59
November 21, 2002 ApacheCon US 2002 35
WebDAV SoftwareJoe Ortons cadaver
Interactive command-line tool
Provides listing, moving, copying, and
deleting of resources on the server
Manages properties
Can lock and unlock resources
-
8/12/2019 Apache Web Dav
36/59
November 21, 2002 ApacheCon US 2002 36
WebDAV SoftwareJoe Ortons sitecopy
Edit web site locally
Update remote web site
Operates via FTP or WebDAV
More/better functionality via WebDAV
Does not do two-way synchronization
-
8/12/2019 Apache Web Dav
37/59
November 21, 2002 ApacheCon US 2002 37
WebDAV SoftwareNautilus
Nautilus is the file manager for GNOME
Uses gnome-vfs
Virtual File System
Can target WebDAV repositories
GUI-based management of a DAV server
KDE is DAV-enabled, too
-
8/12/2019 Apache Web Dav
38/59
November 21, 2002 ApacheCon US 2002 38
WebDAV SoftwareGoliath
Goliath is a DAV client for classic MacOS
Finder-like
Drag and drop
Browsing
Manages locks and properties
-
8/12/2019 Apache Web Dav
39/59
November 21, 2002 ApacheCon US 2002 39
WebDAV SoftwareSkunkDAV and DAVExplorer
Java explorer style WebDAV clients
SkunkDAV supports content editing
Both support properties and locks
SkunkDAV provides a separable library
-
8/12/2019 Apache Web Dav
40/59
November 21, 2002 ApacheCon US 2002 40
WebDAV SoftwareLanguage APIs
Good for experimenting and building apps
Most are layered onto existing HTTP APIs
Python API from Greg Stein
Perl API from Patrick Collins
C API (Neon) from Joe Orton
Java APIs from SkunkDAV or Jakarta Slide
-
8/12/2019 Apache Web Dav
41/59
November 21, 2002 ApacheCon US 2002 41
WebDAV SoftwareInternet Explorer 5.0
Enabled with the Web Folders add-on
Adds Web Folders section into Windows
Explorer, under My Computer
Allows drag and drop of files
Standard move/copy/delete/rename of files
-
8/12/2019 Apache Web Dav
42/59
November 21, 2002 ApacheCon US 2002 42
WebDAV SoftwareMicrosoft Office 2000
Broad distribution
Word, Excel, etc are DAV-enabled
Open/save files directly from/to web server
Uses DAV locks for overwrite protection
First round of Microsofts move to DAV
Also: IIS5, Exchange 2000
-
8/12/2019 Apache Web Dav
43/59
November 21, 2002 ApacheCon US 2002 43
WebDAV SoftwareAdobe GoLive 5.0
One of the first Web authoring tools to
support the DAV protocol
Page design, authoring, construction
Uses locking to assist authoring teams
Site management
-
8/12/2019 Apache Web Dav
44/59
November 21, 2002 ApacheCon US 2002 44
WebDAV SoftwareApache and mod_dav
mod_dav provides the DAV support
Installed on about 250k (public) sites
De facto reference implementation
Class 1 and class 2
Extensions for versioning
Experimental code for binding, DASL
b f
-
8/12/2019 Apache Web Dav
45/59
November 21, 2002 ApacheCon US 2002 45
WebDAV SoftwareZope and Tomcat
Both are application servers
Zope is written in Python
Tomcat is written in Java
Zope uses WebDAV to manage content
Tomcat makes it available, but a good deal
of coding is required
W bDAV S f
-
8/12/2019 Apache Web Dav
46/59
November 21, 2002 ApacheCon US 2002 46
WebDAV SoftwareSubversion
Open Source version control system
Intended to replace CVS
Fixes CVS problems, adds improvements
Subset of DeltaV for its network protocol
Lots of leverage: Apache 2.0, Berkeley DB
Reusable libraries
S i A h / d d
-
8/12/2019 Apache Web Dav
47/59
November 21, 2002 ApacheCon US 2002 47
Setting up Apache/mod_davOverview
Grab and install tarball
One simple directive:DAV On
Use within or
Need to change file/dir ownership and privs
Enable locking
Add security as appropriate
-
8/12/2019 Apache Web Dav
48/59
November 21, 2002 ApacheCon US 2002 48
Basic Installation
Grab tarball
http://www.apache.org/dist/httpd/
Pass --enable-dav and --enable-dav-fs to
the ./configure script
May also want --enable-auth-digest
-
8/12/2019 Apache Web Dav
49/59
November 21, 2002 ApacheCon US 2002 49
Example Configuration
Alias /gstein /home/apache/davdirs/gstein
DAV On
-
8/12/2019 Apache Web Dav
50/59
November 21, 2002 ApacheCon US 2002 50
Filesystem Changes
Assume Apache is run with UID nobody
and GID www
% ls -la /home/apache/davdirs/gsteintotal 3drwxr-s--- 3 nobody www 1024 Jun 25 14:32 .drwxr-s--- 3 nobody www 1024 Jun 28 17:26 ..-rw-r--r-- 1 nobody www 424 Jun 26 16:36 index.html
drwxr-s--- 4 nobody www 1024 Jun 26 13:05 specs
-
8/12/2019 Apache Web Dav
51/59
November 21, 2002 ApacheCon US 2002 51
Enable Locking
Additional directive for the lock databaseDAVLockDB /home/apache/davdirs/lock.db
Lock databases are per-server
-
8/12/2019 Apache Web Dav
52/59
November 21, 2002 ApacheCon US 2002 52
Security Considerations
Disable bad operations (CGI, includes, etc)Options None
Prevent .htaccess
AllowOverride None Limit the users method access
-
8/12/2019 Apache Web Dav
53/59
November 21, 2002 ApacheCon US 2002 53
Limiting PROPFIND
Note that PROPFIND is in the
directive
Limits the use of PROPFIND to authorized
users Based on concerns mentioned earlier about
discoverability of a web site
-
8/12/2019 Apache Web Dav
54/59
November 21, 2002 ApacheCon US 2002 54
Example ConfigurationAllowOverride None
Options NoneDAV On
AuthName my web siteAuthType basic
Auth_MySQL onAuth_MySQL http_auth
Require user gstein
-
8/12/2019 Apache Web Dav
55/59
November 21, 2002 ApacheCon US 2002 55
Implementing mod_dav
Apache has great extensibility
But:
Hard to add new methods
Security: file ownership, SUID helpers, etc
Alternate access to repository
Security issues led to private repository Module provides excellent speed
-
8/12/2019 Apache Web Dav
56/59
November 21, 2002 ApacheCon US 2002 56
Futures: mod_dav
mod_dav 1.0 was released on June 13, 2000
Apache 2.0 includes core DAV features
fully integrated
better plug-in system
updated, complete versioning hooks
Apache 2.1 Other DAV extensions
-
8/12/2019 Apache Web Dav
57/59
November 21, 2002 ApacheCon US 2002 57
Review
WebDAV can change the very nature of
how people interact with the Web
Great standard, replaces many protocols
with a single protocol
mod_dav brings DAV to Apache
Tools and apps are common and moreappearing every day
-
8/12/2019 Apache Web Dav
58/59
November 21, 2002 ApacheCon US 2002 58
Resources
http://www.webdav.org/
Everythingyou need is on this web site, or
linked from it.
-
8/12/2019 Apache Web Dav
59/59
November 21, 2002 ApacheCon US 2002 59
Q&A