WebDAV - The good, the bad and the evil

1. WebDAV The good, the bad and the evil TobiasSchlitt <toby@php.net> IPC SE 2009 2009-05-30 Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 1 / 32

2. About me Tobias Schlitt <toby@php.net> PHP since 2001 Freelancing consultant Qualiﬁed IT Specialist Studying CS at TU Dortmund (expect to ﬁnish this year) OSS addicted PHP eZ Components PHPUnit Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 2 / 32

3. Agenda 1 HTTP & WebDAV 2 Development challenges 3 eZ Webdav component 4 Q/A Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 3 / 32

4. Outline 1 HTTP & WebDAV 2 Development challenges 3 eZ Webdav component 4 Q/A Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 4 / 32

5. HTTP Network protocol driving the web Current version: 1.1 RFC 2616 (June 1999) http://tools.ietf.org/html/rfc2616 Originlally invented by Sir Tim Berners-Lee Client / server based Stateless communication Deﬁnes Request / response Headers / body Formats / actions Figure: Tim Berners-Lee [Dan] Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 5 / 32

6. WebDAV WebDAV HTTP Extensions for Distributed Authoring (RFC 2518) WebDAV HTTP Extensions for Web Distributed Authoring and Versioning (RFC 4918) IETF Standard Speciﬁed in RFC 2518 (February 1999) http://tools.ietf.org/html/rfc2518 Reﬁned in RFC 4918 (June 2007) http://tools.ietf.org/html/rfc4918 Extension to HTTP Distributed editing WebDAV ... allows your users to edit web content easily. Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 6 / 32

9. Request methods HTTP WebDAV OPTIONS PROPFIND GET PROPPATCH HEAD MKCOL POST COPY PUT MOVE DELETE LOCK TRACE UNLOCK CONNECT Signiﬁcant methods Not all methods are signiﬁcant for implementing a WebDAV server. Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 7 / 32

12. Request headers HTTP WebDAV Accept[-*] Depth Authorization Destination If-[None-]Match If If-[Un]Modified-Since Overwrite User-Agent Timeout ... Significant headers Not all headers are significant for implementing a WebDAV server. Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 8 / 32

15. Response headers HTTP WebDAV Accept-Ranges DAV Content-Length Lock-Token Content-Type Timeout ETag Location Retry-After Server WWW-Authenticate ... Signiﬁcant headers Not all methods are signiﬁcant for implementing a WebDAV server. Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 9 / 32

18. Request / response bodies HTTP Request body mostly not signiﬁcant Only PUT method needs body (to be stored) Response body usually content to deliver (unspeciﬁed) Error responses may contain arbitrary content Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 10 / 32

19. Request / response bodies WebDAV Bodies are signiﬁcant Many methods require XML bodies Request Response PROPFIND PROPFIND PROPPATCH PROPPATCH COPY (optional) LOCK MOVE (optional) Potentially others (multi-status) LOCK Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 10 / 32

22. Properties Concept introduced by WebDAV Store meta information about content Usually not directly visible to the user Pre-deﬁned: Live properties Client-speciﬁc: Dead properties creationdate May contain arbitrary data displayname Must reside in their own namespace get* XML representation favored lockdiscovery resourcetype source supportedlock Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 11 / 32

25. Outline 1 HTTP & WebDAV 2 Development challenges RFC problems Client problems Back end ﬂexibility 3 eZ Webdav component 4 Q/A Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 12 / 32

26. Development challenges Server development in general WebDAV RFCs are a BBOM Unstructured Ambiguous Design fails Misbehaving clients Ignore the speciﬁcation Diﬀerent interpretations of RFCs Proprietary BS Figure: Big Ball Of Mud [FY99] Exchangeable back ends Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 13 / 32

27. Outline - Development challenges 1 HTTP & WebDAV 2 Development challenges RFC problems Client problems Back end ﬂexibility 3 eZ Webdav component 4 Q/A Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 14 / 32

28. COPY / MOVE methods Errors on COPY “[...] if an error occurs while copying an internal collection, the server MUST NOT copy any resources identiﬁed by members of this collection (i.e., the server must skip this subtree) [...]” [YG99] MOVE “[...] is the logical equivalent of a copy (COPY), followed by consistency maintenance processing, followed by a delete of the source,[...]” [YG99] MOVE errors “[...] after detecting the error, the move operation SHOULD try to ﬁnish as much of the original move as possible [...]” [YG99] Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 15 / 32

31. The If header The If header Makes operations conditional. Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 16 / 32

32. The If header The If header Makes operations conditional. Apply operation only if ... ... all conditions are met ... none of the conditions is met If header EBNF If = ” I f ” ” : ” ( 1∗No−tag− l i s t | 1∗ Tagged− l i s t ) No−tag− l i s t = List Tagged− l i s t = R e s o u r c e 1∗ L i s t Resource = Coded−URL List = ” ( ” 1 ∗ ( [ ” Not ” ] ( S t a t e −t o k e n | ” [ ” e n t i t y −t a g ” ] ” ) ) ”) ” S t a t e −t o k e n = Coded−URL Coded−URL = ”<” a b s o l u t e U R I ”>” Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 16 / 32

33. The If header The If header Makes operations conditional. Can contain lock tokens entity tags No-tag list If header I f : (< l o c k t o k e n : a−w r i t e −l o c k −t o k e n > [ ” I am an ETag ” ] ) ( [ ” I am a n o t h e r ETag ” ] ) Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 16 / 32

34. The If header The If header Makes operations conditional. Conditions can apply to single resources sets of resources all aﬀected resources Negated tagged list If header <h t t p : / / e x a m p l e . com/ r e s o u r c e 1 > (< l o c k t o k e n : a−w r i t e −l o c k −t o k e n > [W/”A weak ETag ” ] ) ( Not [ ” s t r o n g ETag ” ] ) Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 16 / 32

35. The If header The If header Makes operations conditional. Required own parser implementation Parser is about 150 LOC Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 16 / 32

36. Locking 2 different types of locks Exclusive Shared Lock conditions must be validated before anything else Timeout refresh on every lock use (successful or not) (Fixed in RCF 4918) Not specified how to associate principles with lock tokens Lock-Null-Resources (Partly fixed in RFC 4918) Do not behave like real resources Must vanish when the lock is released A collection can be created on them Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 17 / 32

42. Konqueror / Nautilus Konqueror (KDE) Does not decode URLs properly Requires Apache like error messages for 404 Nautilus (Gnome) Cannot cope with charset=quot;...quot; info in MIME types Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 19 / 32

43. Konqueror / Nautilus Konqueror (KDE) Does not decode URLs properly Requires Apache like error messages for 404 Nautilus (Gnome) Cannot cope with charset=quot;...quot; info in MIME types Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 19 / 32

44. Windows / InternetExplorer At least 3 diﬀerent WebDAV user agents in Windows Loaded depending on how you initialize connection Transparently switched occasionally Requires custom header MS-Author-Via on every response Requires custom namespaces set on live properties Requires special namespace shortcut to be used (sic!) Requires diﬀerent shortcuts for DAV: namespace Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 20 / 32

47. Windows / InternetExplorer II Cannot cope with non-signiﬁcant white spaces in XML bodies Requires newline at the end of every XML body Occasionally sends invalid PROPFIND requests Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 21 / 32

50. Windows / InternetExplorer II Cannot cope with non-signiﬁcant white spaces in XML bodies Requires newline at the end of every XML body Occasionally sends invalid PROPFIND requests Figure: WTF? [Nad99] Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 21 / 32

52. Back end ﬂexibility Exchangeable back end File system Memory (testing) SQL Database? Subversion? Independent of client issues Protocol enhancements back end independent Easy implementation Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 23 / 32

57. eZ Components General purpose component library for PHP 5.1+ Open source and GPL friendly (New BSD license) Vital open source community Highly tested Extensive docs Professional support available Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 25 / 32

58. The Webdav component General purpose WebDAV server Easy integration and customization Work around client issues Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 26 / 32

59. eZ Webdav architecture Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 27 / 32

60. Setup a simple WebDAV server $ s e r v e r = ezcWebdavServer : : g e t I n s t a n c e ( ) ; $ b a c k e n d = new e z c W e b d a v F i l e B a c k e n d ( dirname ( FILE ) . ’ / backend ’ ); $ s e r v e r −>h a n d l e ( $ b a c k e n d ) ; Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 28 / 32

61. WebDAV server with locking require once ’ c u s t o m l o c k a u t h . php ’ ; $ s e r v e r = ezcWebdavServer : : g e t I n s t a n c e ( ) ; $ s e r v e r −>a u t h = new myCustomLockAuth ( // Some c o n f i g u r a t i o n d i r e c t o r y h e r e dirname ( FILE ) . ’ / t o k e n s . php ’ ); $ s e r v e r −>p l u g i n R e g i s t r y −>r e g i s t e r P l u g i n ( new e z c W e b d a v L o c k P l u g i n C o n f i g u r a t i o n ( ) ); $ b a c k e n d = new e z c W e b d a v F i l e B a c k e n d ( // Your WebDAV d i r e c t o r y h e r e dirname ( FILE ) . ’ / backend ’ ); $ s e r v e r −>h a n d l e ( $ b a c k e n d ) ; Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 29 / 32

63. Q/A Thank you for listening! Are there any questions left? Did the session satisfy your needs? Contact me: Tobias Schlitt <toby@php.net> Enjoy the rest of the conference! Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 31 / 32

68. Outline 5 Attribution Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 32 / 32

69. Enrique Dans, Tim berners-lee, http://en.wikipedia.org/wiki/File: Tim_Berners-Lee_April_2009.jpg. Brian Foote and Joseph Yoder, Big ball of mud, http://www.laputan.org/mud/mud.html#BigBallOfMud, 1999. Andreas Nadler, Ich will andere geschenke ..., http://www.flickr.com/photos/tobi_digital/3145179282/, 1999. A. Faizi S. Carter D. Jensen Y. Goland, E. Whitehead, Http extensions for distributed authoring – webdav, IETF, Network Working Group, 1999. Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 32 / 32

WebDAV - The good, the bad and the evil

Recomendados

Recomendados

Más contenido relacionado

La actualidad más candente

La actualidad más candente (20)

Similar a WebDAV - The good, the bad and the evil

Similar a WebDAV - The good, the bad and the evil (20)

Más de Tobias Schlitt

Más de Tobias Schlitt (8)

Último

Último (20)

WebDAV - The good, the bad and the evil