WebDAV is a nice invention, at least from a users point of view. But who ever had a look at the RFC or even needed to implement a server for it, know about the issues in this Big Ball Of Mud. This presentation gives an overview on the HTTP extension WebDAV, on the issues you need to ship around while developing a WebDAV server and the architecture of the eZ Webdav component, which solves these issues succesfully.
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
WebDAV - The good, the bad and the evil
1. WebDAV
The good, the bad and the evil
TobiasSchlitt <toby@php.net>
IPC SE 2009
2009-05-30
Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 1 / 32
2. About me
Tobias Schlitt <toby@php.net>
PHP since 2001
Freelancing consultant
Qualified IT Specialist
Studying CS at TU Dortmund
(expect to finish this year)
OSS addicted
PHP
eZ Components
PHPUnit
Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 2 / 32
3. Agenda
1 HTTP & WebDAV
2 Development challenges
3 eZ Webdav component
4 Q/A
Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 3 / 32
4. Outline
1 HTTP & WebDAV
2 Development challenges
3 eZ Webdav component
4 Q/A
Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 4 / 32
5. HTTP
Network protocol driving the web
Current version: 1.1
RFC 2616 (June 1999)
http://tools.ietf.org/html/rfc2616
Originlally invented by Sir Tim Berners-Lee
Client / server based
Stateless communication
Defines
Request / response
Headers / body
Formats / actions Figure: Tim Berners-Lee [Dan]
Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 5 / 32
6. WebDAV
WebDAV HTTP Extensions for Distributed Authoring (RFC 2518)
WebDAV HTTP Extensions for Web Distributed Authoring and
Versioning (RFC 4918)
IETF Standard
Specified in RFC 2518 (February 1999)
http://tools.ietf.org/html/rfc2518
Refined in RFC 4918 (June 2007)
http://tools.ietf.org/html/rfc4918
Extension to HTTP
Distributed editing
WebDAV
... allows your users to edit web content easily.
Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 6 / 32
7. WebDAV
WebDAV HTTP Extensions for Distributed Authoring (RFC 2518)
WebDAV HTTP Extensions for Web Distributed Authoring and
Versioning (RFC 4918)
IETF Standard
Specified in RFC 2518 (February 1999)
http://tools.ietf.org/html/rfc2518
Refined in RFC 4918 (June 2007)
http://tools.ietf.org/html/rfc4918
Extension to HTTP
Distributed editing
WebDAV
... allows your users to edit web content easily.
Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 6 / 32
8. WebDAV
WebDAV HTTP Extensions for Distributed Authoring (RFC 2518)
WebDAV HTTP Extensions for Web Distributed Authoring and
Versioning (RFC 4918)
IETF Standard
Specified in RFC 2518 (February 1999)
http://tools.ietf.org/html/rfc2518
Refined in RFC 4918 (June 2007)
http://tools.ietf.org/html/rfc4918
Extension to HTTP
Distributed editing
WebDAV
... allows your users to edit web content easily.
Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 6 / 32
9. Request methods
HTTP WebDAV
OPTIONS PROPFIND
GET PROPPATCH
HEAD MKCOL
POST COPY
PUT MOVE
DELETE LOCK
TRACE UNLOCK
CONNECT
Significant methods
Not all methods are significant for implementing a WebDAV server.
Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 7 / 32
10. Request methods
HTTP WebDAV
OPTIONS PROPFIND
GET PROPPATCH
HEAD MKCOL
POST COPY
PUT MOVE
DELETE LOCK
TRACE UNLOCK
CONNECT
Significant methods
Not all methods are significant for implementing a WebDAV server.
Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 7 / 32
11. Request methods
HTTP WebDAV
OPTIONS PROPFIND
GET PROPPATCH
HEAD MKCOL
POST COPY
PUT MOVE
DELETE LOCK
TRACE UNLOCK
CONNECT
Significant methods
Not all methods are significant for implementing a WebDAV server.
Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 7 / 32
12. Request headers
HTTP WebDAV
Accept[-*] Depth
Authorization Destination
If-[None-]Match If
If-[Un]Modified-Since Overwrite
User-Agent Timeout
...
Significant headers
Not all headers are significant for implementing a WebDAV server.
Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 8 / 32
13. Request headers
HTTP WebDAV
Accept[-*] Depth
Authorization Destination
If-[None-]Match If
If-[Un]Modified-Since Overwrite
User-Agent Timeout
...
Significant headers
Not all headers are significant for implementing a WebDAV server.
Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 8 / 32
14. Request headers
HTTP WebDAV
Accept[-*] Depth
Authorization Destination
If-[None-]Match If
If-[Un]Modified-Since Overwrite
User-Agent Timeout
...
Significant headers
Not all headers are significant for implementing a WebDAV server.
Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 8 / 32
15. Response headers
HTTP WebDAV
Accept-Ranges DAV
Content-Length Lock-Token
Content-Type Timeout
ETag
Location
Retry-After
Server
WWW-Authenticate
...
Significant headers
Not all methods are significant for implementing a WebDAV server.
Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 9 / 32
16. Response headers
HTTP WebDAV
Accept-Ranges DAV
Content-Length Lock-Token
Content-Type Timeout
ETag
Location
Retry-After
Server
WWW-Authenticate
...
Significant headers
Not all methods are significant for implementing a WebDAV server.
Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 9 / 32
17. Response headers
HTTP WebDAV
Accept-Ranges DAV
Content-Length Lock-Token
Content-Type Timeout
ETag
Location
Retry-After
Server
WWW-Authenticate
...
Significant headers
Not all methods are significant for implementing a WebDAV server.
Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 9 / 32
18. Request / response bodies
HTTP
Request body mostly not significant
Only PUT method needs body (to be stored)
Response body usually content to deliver (unspecified)
Error responses may contain arbitrary content
Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 10 / 32
19. Request / response bodies
WebDAV
Bodies are significant
Many methods require XML bodies
Request Response
PROPFIND PROPFIND
PROPPATCH PROPPATCH
COPY (optional) LOCK
MOVE (optional) Potentially others
(multi-status)
LOCK
Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 10 / 32
20. Request / response bodies
WebDAV
Bodies are significant
Many methods require XML bodies
Request Response
PROPFIND PROPFIND
PROPPATCH PROPPATCH
COPY (optional) LOCK
MOVE (optional) Potentially others
(multi-status)
LOCK
Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 10 / 32
21. Request / response bodies
WebDAV
Bodies are significant
Many methods require XML bodies
Request Response
PROPFIND PROPFIND
PROPPATCH PROPPATCH
COPY (optional) LOCK
MOVE (optional) Potentially others
(multi-status)
LOCK
Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 10 / 32
22. Properties
Concept introduced by WebDAV
Store meta information about content
Usually not directly visible to the user
Pre-defined: Live properties Client-specific: Dead properties
creationdate May contain arbitrary data
displayname Must reside in their own namespace
get* XML representation favored
lockdiscovery
resourcetype
source
supportedlock
Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 11 / 32
23. Properties
Concept introduced by WebDAV
Store meta information about content
Usually not directly visible to the user
Pre-defined: Live properties Client-specific: Dead properties
creationdate May contain arbitrary data
displayname Must reside in their own namespace
get* XML representation favored
lockdiscovery
resourcetype
source
supportedlock
Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 11 / 32
24. Properties
Concept introduced by WebDAV
Store meta information about content
Usually not directly visible to the user
Pre-defined: Live properties Client-specific: Dead properties
creationdate May contain arbitrary data
displayname Must reside in their own namespace
get* XML representation favored
lockdiscovery
resourcetype
source
supportedlock
Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 11 / 32
25. Outline
1 HTTP & WebDAV
2 Development challenges
RFC problems
Client problems
Back end flexibility
3 eZ Webdav component
4 Q/A
Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 12 / 32
26. Development challenges
Server development in general
WebDAV RFCs are a BBOM
Unstructured
Ambiguous
Design fails
Misbehaving clients
Ignore the specification
Different interpretations of RFCs
Proprietary BS
Figure: Big Ball Of Mud [FY99]
Exchangeable back ends
Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 13 / 32
27. Outline - Development challenges
1 HTTP & WebDAV
2 Development challenges
RFC problems
Client problems
Back end flexibility
3 eZ Webdav component
4 Q/A
Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 14 / 32
28. COPY / MOVE methods
Errors on COPY
“[...] if an error occurs while copying an internal collection, the server
MUST NOT copy any resources identified by members of this collection
(i.e., the server must skip this subtree) [...]” [YG99]
MOVE
“[...] is the logical equivalent of a copy (COPY), followed by consistency
maintenance processing, followed by a delete of the source,[...]” [YG99]
MOVE errors
“[...] after detecting the error, the move operation SHOULD try to finish
as much of the original move as possible [...]” [YG99]
Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 15 / 32
29. COPY / MOVE methods
Errors on COPY
“[...] if an error occurs while copying an internal collection, the server
MUST NOT copy any resources identified by members of this collection
(i.e., the server must skip this subtree) [...]” [YG99]
MOVE
“[...] is the logical equivalent of a copy (COPY), followed by consistency
maintenance processing, followed by a delete of the source,[...]” [YG99]
MOVE errors
“[...] after detecting the error, the move operation SHOULD try to finish
as much of the original move as possible [...]” [YG99]
Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 15 / 32
30. COPY / MOVE methods
Errors on COPY
“[...] if an error occurs while copying an internal collection, the server
MUST NOT copy any resources identified by members of this collection
(i.e., the server must skip this subtree) [...]” [YG99]
MOVE
“[...] is the logical equivalent of a copy (COPY), followed by consistency
maintenance processing, followed by a delete of the source,[...]” [YG99]
MOVE errors
“[...] after detecting the error, the move operation SHOULD try to finish
as much of the original move as possible [...]” [YG99]
Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 15 / 32
31. The If header
The If header
Makes operations conditional.
Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 16 / 32
32. The If header
The If header
Makes operations conditional.
Apply operation only if ...
... all conditions are met
... none of the conditions is met
If header EBNF
If = ” I f ” ” : ” ( 1∗No−tag− l i s t | 1∗ Tagged− l i s t )
No−tag− l i s t = List
Tagged− l i s t = R e s o u r c e 1∗ L i s t
Resource = Coded−URL
List = ” ( ” 1 ∗ ( [ ” Not ” ] ( S t a t e −t o k e n | ” [ ” e n t i t y −t a g
” ] ” ) ) ”) ”
S t a t e −t o k e n = Coded−URL
Coded−URL = ”<” a b s o l u t e U R I ”>”
Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 16 / 32
33. The If header
The If header
Makes operations conditional.
Can contain
lock tokens
entity tags
No-tag list If header
I f : (< l o c k t o k e n : a−w r i t e −l o c k −t o k e n > [ ” I am an ETag ” ] ) ( [ ” I am
a n o t h e r ETag ” ] )
Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 16 / 32
34. The If header
The If header
Makes operations conditional.
Conditions can apply to
single resources
sets of resources
all affected resources
Negated tagged list If header
<h t t p : / / e x a m p l e . com/ r e s o u r c e 1 > (< l o c k t o k e n : a−w r i t e −l o c k −t o k e n
> [W/”A weak ETag ” ] ) ( Not [ ” s t r o n g ETag ” ] )
Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 16 / 32
35. The If header
The If header
Makes operations conditional.
Required own parser implementation
Parser is about 150 LOC
Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 16 / 32
36. Locking
2 different types of locks
Exclusive
Shared
Lock conditions must be validated before anything else
Timeout refresh on every lock use (successful or not)
(Fixed in RCF 4918)
Not specified how to associate principles with lock tokens
Lock-Null-Resources
(Partly fixed in RFC 4918)
Do not behave like real resources
Must vanish when the lock is released
A collection can be created on them
Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 17 / 32
37. Locking
2 different types of locks
Exclusive
Shared
Lock conditions must be validated before anything else
Timeout refresh on every lock use (successful or not)
(Fixed in RCF 4918)
Not specified how to associate principles with lock tokens
Lock-Null-Resources
(Partly fixed in RFC 4918)
Do not behave like real resources
Must vanish when the lock is released
A collection can be created on them
Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 17 / 32
38. Locking
2 different types of locks
Exclusive
Shared
Lock conditions must be validated before anything else
Timeout refresh on every lock use (successful or not)
(Fixed in RCF 4918)
Not specified how to associate principles with lock tokens
Lock-Null-Resources
(Partly fixed in RFC 4918)
Do not behave like real resources
Must vanish when the lock is released
A collection can be created on them
Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 17 / 32
39. Locking
2 different types of locks
Exclusive
Shared
Lock conditions must be validated before anything else
Timeout refresh on every lock use (successful or not)
(Fixed in RCF 4918)
Not specified how to associate principles with lock tokens
Lock-Null-Resources
(Partly fixed in RFC 4918)
Do not behave like real resources
Must vanish when the lock is released
A collection can be created on them
Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 17 / 32
40. Locking
2 different types of locks
Exclusive
Shared
Lock conditions must be validated before anything else
Timeout refresh on every lock use (successful or not)
(Fixed in RCF 4918)
Not specified how to associate principles with lock tokens
Lock-Null-Resources
(Partly fixed in RFC 4918)
Do not behave like real resources
Must vanish when the lock is released
A collection can be created on them
Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 17 / 32
41. Outline - Development challenges
1 HTTP & WebDAV
2 Development challenges
RFC problems
Client problems
Back end flexibility
3 eZ Webdav component
4 Q/A
Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 18 / 32
42. Konqueror / Nautilus
Konqueror (KDE)
Does not decode URLs properly
Requires Apache like error messages for 404
Nautilus (Gnome)
Cannot cope with charset=quot;...quot; info in MIME types
Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 19 / 32
43. Konqueror / Nautilus
Konqueror (KDE)
Does not decode URLs properly
Requires Apache like error messages for 404
Nautilus (Gnome)
Cannot cope with charset=quot;...quot; info in MIME types
Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 19 / 32
44. Windows / InternetExplorer
At least 3 different WebDAV user agents in Windows
Loaded depending on how you initialize connection
Transparently switched occasionally
Requires custom header MS-Author-Via on every response
Requires custom namespaces set on live properties
Requires special namespace shortcut to be used (sic!)
Requires different shortcuts for DAV: namespace
Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 20 / 32
45. Windows / InternetExplorer
At least 3 different WebDAV user agents in Windows
Loaded depending on how you initialize connection
Transparently switched occasionally
Requires custom header MS-Author-Via on every response
Requires custom namespaces set on live properties
Requires special namespace shortcut to be used (sic!)
Requires different shortcuts for DAV: namespace
Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 20 / 32
46. Windows / InternetExplorer
At least 3 different WebDAV user agents in Windows
Loaded depending on how you initialize connection
Transparently switched occasionally
Requires custom header MS-Author-Via on every response
Requires custom namespaces set on live properties
Requires special namespace shortcut to be used (sic!)
Requires different shortcuts for DAV: namespace
Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 20 / 32
47. Windows / InternetExplorer II
Cannot cope with non-significant white spaces
in XML bodies
Requires newline at the end of every XML body
Occasionally sends invalid PROPFIND requests
Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 21 / 32
48. Windows / InternetExplorer II
Cannot cope with non-significant white spaces
in XML bodies
Requires newline at the end of every XML body
Occasionally sends invalid PROPFIND requests
Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 21 / 32
49. Windows / InternetExplorer II
Cannot cope with non-significant white spaces
in XML bodies
Requires newline at the end of every XML body
Occasionally sends invalid PROPFIND requests
Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 21 / 32
50. Windows / InternetExplorer II
Cannot cope with non-significant white spaces
in XML bodies
Requires newline at the end of every XML body
Occasionally sends invalid PROPFIND requests
Figure: WTF? [Nad99]
Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 21 / 32
51. Outline - Development challenges
1 HTTP & WebDAV
2 Development challenges
RFC problems
Client problems
Back end flexibility
3 eZ Webdav component
4 Q/A
Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 22 / 32
52. Back end flexibility
Exchangeable back end
File system
Memory (testing)
SQL Database?
Subversion?
Independent of client issues
Protocol enhancements back end independent
Easy implementation
Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 23 / 32
53. Back end flexibility
Exchangeable back end
File system
Memory (testing)
SQL Database?
Subversion?
Independent of client issues
Protocol enhancements back end independent
Easy implementation
Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 23 / 32
54. Back end flexibility
Exchangeable back end
File system
Memory (testing)
SQL Database?
Subversion?
Independent of client issues
Protocol enhancements back end independent
Easy implementation
Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 23 / 32
55. Back end flexibility
Exchangeable back end
File system
Memory (testing)
SQL Database?
Subversion?
Independent of client issues
Protocol enhancements back end independent
Easy implementation
Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 23 / 32
56. Outline
1 HTTP & WebDAV
2 Development challenges
3 eZ Webdav component
4 Q/A
Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 24 / 32
57. eZ Components
General purpose component library for PHP 5.1+
Open source and GPL friendly (New BSD license)
Vital open source community
Highly tested
Extensive docs
Professional support available
Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 25 / 32
58. The Webdav component
General purpose WebDAV server
Easy integration and customization
Work around client issues
Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 26 / 32
60. Setup a simple WebDAV server
$ s e r v e r = ezcWebdavServer : : g e t I n s t a n c e ( ) ;
$ b a c k e n d = new e z c W e b d a v F i l e B a c k e n d (
dirname ( FILE ) . ’ / backend ’
);
$ s e r v e r −>h a n d l e ( $ b a c k e n d ) ;
Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 28 / 32
61. WebDAV server with locking
require once ’ c u s t o m l o c k a u t h . php ’ ;
$ s e r v e r = ezcWebdavServer : : g e t I n s t a n c e ( ) ;
$ s e r v e r −>a u t h = new myCustomLockAuth (
// Some c o n f i g u r a t i o n d i r e c t o r y h e r e
dirname ( FILE ) . ’ / t o k e n s . php ’
);
$ s e r v e r −>p l u g i n R e g i s t r y −>r e g i s t e r P l u g i n (
new e z c W e b d a v L o c k P l u g i n C o n f i g u r a t i o n ( )
);
$ b a c k e n d = new e z c W e b d a v F i l e B a c k e n d (
// Your WebDAV d i r e c t o r y h e r e
dirname ( FILE ) . ’ / backend ’
);
$ s e r v e r −>h a n d l e ( $ b a c k e n d ) ;
Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 29 / 32
62. Outline
1 HTTP & WebDAV
2 Development challenges
3 eZ Webdav component
4 Q/A
Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 30 / 32
63. Q/A
Thank you for listening!
Are there any questions left?
Did the session satisfy your needs?
Contact me: Tobias Schlitt <toby@php.net>
Enjoy the rest of the conference!
Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 31 / 32
64. Q/A
Thank you for listening!
Are there any questions left?
Did the session satisfy your needs?
Contact me: Tobias Schlitt <toby@php.net>
Enjoy the rest of the conference!
Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 31 / 32
65. Q/A
Thank you for listening!
Are there any questions left?
Did the session satisfy your needs?
Contact me: Tobias Schlitt <toby@php.net>
Enjoy the rest of the conference!
Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 31 / 32
66. Q/A
Thank you for listening!
Are there any questions left?
Did the session satisfy your needs?
Contact me: Tobias Schlitt <toby@php.net>
Enjoy the rest of the conference!
Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 31 / 32
67. Q/A
Thank you for listening!
Are there any questions left?
Did the session satisfy your needs?
Contact me: Tobias Schlitt <toby@php.net>
Enjoy the rest of the conference!
Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 31 / 32
69. Enrique Dans, Tim berners-lee,
http://en.wikipedia.org/wiki/File:
Tim_Berners-Lee_April_2009.jpg.
Brian Foote and Joseph Yoder, Big ball of mud,
http://www.laputan.org/mud/mud.html#BigBallOfMud, 1999.
Andreas Nadler, Ich will andere geschenke ...,
http://www.flickr.com/photos/tobi_digital/3145179282/,
1999.
A. Faizi S. Carter D. Jensen Y. Goland, E. Whitehead, Http
extensions for distributed authoring – webdav, IETF, Network Working
Group, 1999.
Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 32 / 32