WebDAV - The good, the bad and the evil
Upcoming SlideShare
Loading in...5
×
 

WebDAV - The good, the bad and the evil

on

  • 6,810 views

WebDAV is a nice invention, at least from a users point of view. But who ever had a look at the RFC or even needed to implement a server for it, know about the issues in this Big Ball Of Mud. This ...

WebDAV is a nice invention, at least from a users point of view. But who ever had a look at the RFC or even needed to implement a server for it, know about the issues in this Big Ball Of Mud. This presentation gives an overview on the HTTP extension WebDAV, on the issues you need to ship around while developing a WebDAV server and the architecture of the eZ Webdav component, which solves these issues succesfully.

Statistics

Views

Total Views
6,810
Views on SlideShare
6,798
Embed Views
12

Actions

Likes
3
Downloads
64
Comments
0

3 Embeds 12

http://localhost:1605 6
http://www.slideshare.net 5
http://localhost:50720 1

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

WebDAV - The good, the bad and the evil WebDAV - The good, the bad and the evil Presentation Transcript

  • WebDAV The good, the bad and the evil TobiasSchlitt <toby@php.net> IPC SE 2009 2009-05-30 Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 1 / 32
  • About me Tobias Schlitt <toby@php.net> PHP since 2001 Freelancing consultant Qualified IT Specialist Studying CS at TU Dortmund (expect to finish this year) OSS addicted PHP eZ Components PHPUnit Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 2 / 32
  • Agenda 1 HTTP & WebDAV 2 Development challenges 3 eZ Webdav component 4 Q/A Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 3 / 32
  • Outline 1 HTTP & WebDAV 2 Development challenges 3 eZ Webdav component 4 Q/A Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 4 / 32
  • HTTP Network protocol driving the web Current version: 1.1 RFC 2616 (June 1999) http://tools.ietf.org/html/rfc2616 Originlally invented by Sir Tim Berners-Lee Client / server based Stateless communication Defines Request / response Headers / body Formats / actions Figure: Tim Berners-Lee [Dan] Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 5 / 32
  • WebDAV WebDAV HTTP Extensions for Distributed Authoring (RFC 2518) WebDAV HTTP Extensions for Web Distributed Authoring and Versioning (RFC 4918) IETF Standard Specified in RFC 2518 (February 1999) http://tools.ietf.org/html/rfc2518 Refined in RFC 4918 (June 2007) http://tools.ietf.org/html/rfc4918 Extension to HTTP Distributed editing WebDAV ... allows your users to edit web content easily. Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 6 / 32
  • WebDAV WebDAV HTTP Extensions for Distributed Authoring (RFC 2518) WebDAV HTTP Extensions for Web Distributed Authoring and Versioning (RFC 4918) IETF Standard Specified in RFC 2518 (February 1999) http://tools.ietf.org/html/rfc2518 Refined in RFC 4918 (June 2007) http://tools.ietf.org/html/rfc4918 Extension to HTTP Distributed editing WebDAV ... allows your users to edit web content easily. Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 6 / 32
  • WebDAV WebDAV HTTP Extensions for Distributed Authoring (RFC 2518) WebDAV HTTP Extensions for Web Distributed Authoring and Versioning (RFC 4918) IETF Standard Specified in RFC 2518 (February 1999) http://tools.ietf.org/html/rfc2518 Refined in RFC 4918 (June 2007) http://tools.ietf.org/html/rfc4918 Extension to HTTP Distributed editing WebDAV ... allows your users to edit web content easily. Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 6 / 32
  • Request methods HTTP WebDAV OPTIONS PROPFIND GET PROPPATCH HEAD MKCOL POST COPY PUT MOVE DELETE LOCK TRACE UNLOCK CONNECT Significant methods Not all methods are significant for implementing a WebDAV server. Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 7 / 32
  • Request methods HTTP WebDAV OPTIONS PROPFIND GET PROPPATCH HEAD MKCOL POST COPY PUT MOVE DELETE LOCK TRACE UNLOCK CONNECT Significant methods Not all methods are significant for implementing a WebDAV server. Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 7 / 32
  • Request methods HTTP WebDAV OPTIONS PROPFIND GET PROPPATCH HEAD MKCOL POST COPY PUT MOVE DELETE LOCK TRACE UNLOCK CONNECT Significant methods Not all methods are significant for implementing a WebDAV server. Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 7 / 32
  • Request headers HTTP WebDAV Accept[-*] Depth Authorization Destination If-[None-]Match If If-[Un]Modified-Since Overwrite User-Agent Timeout ... Significant headers Not all headers are significant for implementing a WebDAV server. Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 8 / 32
  • Request headers HTTP WebDAV Accept[-*] Depth Authorization Destination If-[None-]Match If If-[Un]Modified-Since Overwrite User-Agent Timeout ... Significant headers Not all headers are significant for implementing a WebDAV server. Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 8 / 32
  • Request headers HTTP WebDAV Accept[-*] Depth Authorization Destination If-[None-]Match If If-[Un]Modified-Since Overwrite User-Agent Timeout ... Significant headers Not all headers are significant for implementing a WebDAV server. Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 8 / 32
  • Response headers HTTP WebDAV Accept-Ranges DAV Content-Length Lock-Token Content-Type Timeout ETag Location Retry-After Server WWW-Authenticate ... Significant headers Not all methods are significant for implementing a WebDAV server. Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 9 / 32
  • Response headers HTTP WebDAV Accept-Ranges DAV Content-Length Lock-Token Content-Type Timeout ETag Location Retry-After Server WWW-Authenticate ... Significant headers Not all methods are significant for implementing a WebDAV server. Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 9 / 32
  • Response headers HTTP WebDAV Accept-Ranges DAV Content-Length Lock-Token Content-Type Timeout ETag Location Retry-After Server WWW-Authenticate ... Significant headers Not all methods are significant for implementing a WebDAV server. Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 9 / 32
  • Request / response bodies HTTP Request body mostly not significant Only PUT method needs body (to be stored) Response body usually content to deliver (unspecified) Error responses may contain arbitrary content Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 10 / 32
  • Request / response bodies WebDAV Bodies are significant Many methods require XML bodies Request Response PROPFIND PROPFIND PROPPATCH PROPPATCH COPY (optional) LOCK MOVE (optional) Potentially others (multi-status) LOCK Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 10 / 32
  • Request / response bodies WebDAV Bodies are significant Many methods require XML bodies Request Response PROPFIND PROPFIND PROPPATCH PROPPATCH COPY (optional) LOCK MOVE (optional) Potentially others (multi-status) LOCK Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 10 / 32
  • Request / response bodies WebDAV Bodies are significant Many methods require XML bodies Request Response PROPFIND PROPFIND PROPPATCH PROPPATCH COPY (optional) LOCK MOVE (optional) Potentially others (multi-status) LOCK Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 10 / 32
  • Properties Concept introduced by WebDAV Store meta information about content Usually not directly visible to the user Pre-defined: Live properties Client-specific: Dead properties creationdate May contain arbitrary data displayname Must reside in their own namespace get* XML representation favored lockdiscovery resourcetype source supportedlock Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 11 / 32
  • Properties Concept introduced by WebDAV Store meta information about content Usually not directly visible to the user Pre-defined: Live properties Client-specific: Dead properties creationdate May contain arbitrary data displayname Must reside in their own namespace get* XML representation favored lockdiscovery resourcetype source supportedlock Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 11 / 32
  • Properties Concept introduced by WebDAV Store meta information about content Usually not directly visible to the user Pre-defined: Live properties Client-specific: Dead properties creationdate May contain arbitrary data displayname Must reside in their own namespace get* XML representation favored lockdiscovery resourcetype source supportedlock Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 11 / 32
  • Outline 1 HTTP & WebDAV 2 Development challenges RFC problems Client problems Back end flexibility 3 eZ Webdav component 4 Q/A Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 12 / 32
  • Development challenges Server development in general WebDAV RFCs are a BBOM Unstructured Ambiguous Design fails Misbehaving clients Ignore the specification Different interpretations of RFCs Proprietary BS Figure: Big Ball Of Mud [FY99] Exchangeable back ends Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 13 / 32
  • Outline - Development challenges 1 HTTP & WebDAV 2 Development challenges RFC problems Client problems Back end flexibility 3 eZ Webdav component 4 Q/A Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 14 / 32
  • COPY / MOVE methods Errors on COPY “[...] if an error occurs while copying an internal collection, the server MUST NOT copy any resources identified by members of this collection (i.e., the server must skip this subtree) [...]” [YG99] MOVE “[...] is the logical equivalent of a copy (COPY), followed by consistency maintenance processing, followed by a delete of the source,[...]” [YG99] MOVE errors “[...] after detecting the error, the move operation SHOULD try to finish as much of the original move as possible [...]” [YG99] Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 15 / 32
  • COPY / MOVE methods Errors on COPY “[...] if an error occurs while copying an internal collection, the server MUST NOT copy any resources identified by members of this collection (i.e., the server must skip this subtree) [...]” [YG99] MOVE “[...] is the logical equivalent of a copy (COPY), followed by consistency maintenance processing, followed by a delete of the source,[...]” [YG99] MOVE errors “[...] after detecting the error, the move operation SHOULD try to finish as much of the original move as possible [...]” [YG99] Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 15 / 32
  • COPY / MOVE methods Errors on COPY “[...] if an error occurs while copying an internal collection, the server MUST NOT copy any resources identified by members of this collection (i.e., the server must skip this subtree) [...]” [YG99] MOVE “[...] is the logical equivalent of a copy (COPY), followed by consistency maintenance processing, followed by a delete of the source,[...]” [YG99] MOVE errors “[...] after detecting the error, the move operation SHOULD try to finish as much of the original move as possible [...]” [YG99] Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 15 / 32
  • The If header The If header Makes operations conditional. Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 16 / 32
  • The If header The If header Makes operations conditional. Apply operation only if ... ... all conditions are met ... none of the conditions is met If header EBNF If = ” I f ” ” : ” ( 1∗No−tag− l i s t | 1∗ Tagged− l i s t ) No−tag− l i s t = List Tagged− l i s t = R e s o u r c e 1∗ L i s t Resource = Coded−URL List = ” ( ” 1 ∗ ( [ ” Not ” ] ( S t a t e −t o k e n | ” [ ” e n t i t y −t a g ” ] ” ) ) ”) ” S t a t e −t o k e n = Coded−URL Coded−URL = ”<” a b s o l u t e U R I ”>” Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 16 / 32
  • The If header The If header Makes operations conditional. Can contain lock tokens entity tags No-tag list If header I f : (< l o c k t o k e n : a−w r i t e −l o c k −t o k e n > [ ” I am an ETag ” ] ) ( [ ” I am a n o t h e r ETag ” ] ) Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 16 / 32
  • The If header The If header Makes operations conditional. Conditions can apply to single resources sets of resources all affected resources Negated tagged list If header <h t t p : / / e x a m p l e . com/ r e s o u r c e 1 > (< l o c k t o k e n : a−w r i t e −l o c k −t o k e n > [W/”A weak ETag ” ] ) ( Not [ ” s t r o n g ETag ” ] ) Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 16 / 32
  • The If header The If header Makes operations conditional. Required own parser implementation Parser is about 150 LOC Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 16 / 32
  • Locking 2 different types of locks Exclusive Shared Lock conditions must be validated before anything else Timeout refresh on every lock use (successful or not) (Fixed in RCF 4918) Not specified how to associate principles with lock tokens Lock-Null-Resources (Partly fixed in RFC 4918) Do not behave like real resources Must vanish when the lock is released A collection can be created on them Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 17 / 32
  • Locking 2 different types of locks Exclusive Shared Lock conditions must be validated before anything else Timeout refresh on every lock use (successful or not) (Fixed in RCF 4918) Not specified how to associate principles with lock tokens Lock-Null-Resources (Partly fixed in RFC 4918) Do not behave like real resources Must vanish when the lock is released A collection can be created on them Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 17 / 32
  • Locking 2 different types of locks Exclusive Shared Lock conditions must be validated before anything else Timeout refresh on every lock use (successful or not) (Fixed in RCF 4918) Not specified how to associate principles with lock tokens Lock-Null-Resources (Partly fixed in RFC 4918) Do not behave like real resources Must vanish when the lock is released A collection can be created on them Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 17 / 32
  • Locking 2 different types of locks Exclusive Shared Lock conditions must be validated before anything else Timeout refresh on every lock use (successful or not) (Fixed in RCF 4918) Not specified how to associate principles with lock tokens Lock-Null-Resources (Partly fixed in RFC 4918) Do not behave like real resources Must vanish when the lock is released A collection can be created on them Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 17 / 32
  • Locking 2 different types of locks Exclusive Shared Lock conditions must be validated before anything else Timeout refresh on every lock use (successful or not) (Fixed in RCF 4918) Not specified how to associate principles with lock tokens Lock-Null-Resources (Partly fixed in RFC 4918) Do not behave like real resources Must vanish when the lock is released A collection can be created on them Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 17 / 32
  • Outline - Development challenges 1 HTTP & WebDAV 2 Development challenges RFC problems Client problems Back end flexibility 3 eZ Webdav component 4 Q/A Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 18 / 32
  • Konqueror / Nautilus Konqueror (KDE) Does not decode URLs properly Requires Apache like error messages for 404 Nautilus (Gnome) Cannot cope with charset=quot;...quot; info in MIME types Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 19 / 32
  • Konqueror / Nautilus Konqueror (KDE) Does not decode URLs properly Requires Apache like error messages for 404 Nautilus (Gnome) Cannot cope with charset=quot;...quot; info in MIME types Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 19 / 32
  • Windows / InternetExplorer At least 3 different WebDAV user agents in Windows Loaded depending on how you initialize connection Transparently switched occasionally Requires custom header MS-Author-Via on every response Requires custom namespaces set on live properties Requires special namespace shortcut to be used (sic!) Requires different shortcuts for DAV: namespace Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 20 / 32
  • Windows / InternetExplorer At least 3 different WebDAV user agents in Windows Loaded depending on how you initialize connection Transparently switched occasionally Requires custom header MS-Author-Via on every response Requires custom namespaces set on live properties Requires special namespace shortcut to be used (sic!) Requires different shortcuts for DAV: namespace Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 20 / 32
  • Windows / InternetExplorer At least 3 different WebDAV user agents in Windows Loaded depending on how you initialize connection Transparently switched occasionally Requires custom header MS-Author-Via on every response Requires custom namespaces set on live properties Requires special namespace shortcut to be used (sic!) Requires different shortcuts for DAV: namespace Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 20 / 32
  • Windows / InternetExplorer II Cannot cope with non-significant white spaces in XML bodies Requires newline at the end of every XML body Occasionally sends invalid PROPFIND requests Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 21 / 32
  • Windows / InternetExplorer II Cannot cope with non-significant white spaces in XML bodies Requires newline at the end of every XML body Occasionally sends invalid PROPFIND requests Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 21 / 32
  • Windows / InternetExplorer II Cannot cope with non-significant white spaces in XML bodies Requires newline at the end of every XML body Occasionally sends invalid PROPFIND requests Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 21 / 32
  • Windows / InternetExplorer II Cannot cope with non-significant white spaces in XML bodies Requires newline at the end of every XML body Occasionally sends invalid PROPFIND requests Figure: WTF? [Nad99] Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 21 / 32
  • Outline - Development challenges 1 HTTP & WebDAV 2 Development challenges RFC problems Client problems Back end flexibility 3 eZ Webdav component 4 Q/A Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 22 / 32
  • Back end flexibility Exchangeable back end File system Memory (testing) SQL Database? Subversion? Independent of client issues Protocol enhancements back end independent Easy implementation Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 23 / 32
  • Back end flexibility Exchangeable back end File system Memory (testing) SQL Database? Subversion? Independent of client issues Protocol enhancements back end independent Easy implementation Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 23 / 32
  • Back end flexibility Exchangeable back end File system Memory (testing) SQL Database? Subversion? Independent of client issues Protocol enhancements back end independent Easy implementation Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 23 / 32
  • Back end flexibility Exchangeable back end File system Memory (testing) SQL Database? Subversion? Independent of client issues Protocol enhancements back end independent Easy implementation Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 23 / 32
  • Outline 1 HTTP & WebDAV 2 Development challenges 3 eZ Webdav component 4 Q/A Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 24 / 32
  • eZ Components General purpose component library for PHP 5.1+ Open source and GPL friendly (New BSD license) Vital open source community Highly tested Extensive docs Professional support available Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 25 / 32
  • The Webdav component General purpose WebDAV server Easy integration and customization Work around client issues Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 26 / 32
  • eZ Webdav architecture Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 27 / 32
  • Setup a simple WebDAV server $ s e r v e r = ezcWebdavServer : : g e t I n s t a n c e ( ) ; $ b a c k e n d = new e z c W e b d a v F i l e B a c k e n d ( dirname ( FILE ) . ’ / backend ’ ); $ s e r v e r −>h a n d l e ( $ b a c k e n d ) ; Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 28 / 32
  • WebDAV server with locking require once ’ c u s t o m l o c k a u t h . php ’ ; $ s e r v e r = ezcWebdavServer : : g e t I n s t a n c e ( ) ; $ s e r v e r −>a u t h = new myCustomLockAuth ( // Some c o n f i g u r a t i o n d i r e c t o r y h e r e dirname ( FILE ) . ’ / t o k e n s . php ’ ); $ s e r v e r −>p l u g i n R e g i s t r y −>r e g i s t e r P l u g i n ( new e z c W e b d a v L o c k P l u g i n C o n f i g u r a t i o n ( ) ); $ b a c k e n d = new e z c W e b d a v F i l e B a c k e n d ( // Your WebDAV d i r e c t o r y h e r e dirname ( FILE ) . ’ / backend ’ ); $ s e r v e r −>h a n d l e ( $ b a c k e n d ) ; Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 29 / 32
  • Outline 1 HTTP & WebDAV 2 Development challenges 3 eZ Webdav component 4 Q/A Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 30 / 32
  • Q/A Thank you for listening! Are there any questions left? Did the session satisfy your needs? Contact me: Tobias Schlitt <toby@php.net> Enjoy the rest of the conference! Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 31 / 32
  • Q/A Thank you for listening! Are there any questions left? Did the session satisfy your needs? Contact me: Tobias Schlitt <toby@php.net> Enjoy the rest of the conference! Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 31 / 32
  • Q/A Thank you for listening! Are there any questions left? Did the session satisfy your needs? Contact me: Tobias Schlitt <toby@php.net> Enjoy the rest of the conference! Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 31 / 32
  • Q/A Thank you for listening! Are there any questions left? Did the session satisfy your needs? Contact me: Tobias Schlitt <toby@php.net> Enjoy the rest of the conference! Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 31 / 32
  • Q/A Thank you for listening! Are there any questions left? Did the session satisfy your needs? Contact me: Tobias Schlitt <toby@php.net> Enjoy the rest of the conference! Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 31 / 32
  • Outline 5 Attribution Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 32 / 32
  • Enrique Dans, Tim berners-lee, http://en.wikipedia.org/wiki/File: Tim_Berners-Lee_April_2009.jpg. Brian Foote and Joseph Yoder, Big ball of mud, http://www.laputan.org/mud/mud.html#BigBallOfMud, 1999. Andreas Nadler, Ich will andere geschenke ..., http://www.flickr.com/photos/tobi_digital/3145179282/, 1999. A. Faizi S. Carter D. Jensen Y. Goland, E. Whitehead, Http extensions for distributed authoring – webdav, IETF, Network Working Group, 1999. Tobias Schlitt (IPC SE 2009) WebDAV 2009-05-30 32 / 32