W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > January to March 2001

Re: unlock question

From: Dan Brotsky <dbrotsky@Adobe.COM>
Date: Fri, 2 Mar 2001 11:12:23 -0800
Message-Id: <p04330100b6c596ea200c@[153.32.35.102]>
To: Greg Stein <gstein@lyra.org>
Cc: w3c-dist-auth@w3.org
At 2:49 PM -0800 3/1/01, Greg Stein wrote:
>  > >mod_dav returns 400 (Bad Request) whether the resource has other 
>locks on it
>>  >or not. The client should have submitted an UNLOCK with a proper 
>>lock token.
>>  >
>>  >Cheers,
>>  >-g
>>
>>  Greg,
>>
>>  Why not 412?  I thought servers were always supposed to return 412 to
>>  requests that provided invalid state preconditions?
>
>The Lock-Token: header is not a precondition. It is an input parameter to
>the UNLOCK method.

Sorry I wasn't clear enough.  I wasn't contesting that 400 is a valid 
response.  I was trying to ask you for your design rationale in 
choosing to return 400 rather than 412.

One of the problems I have with the spec is that it's very vague 
about specific error responses in some situations, and very precise 
in others, with no apparent rationale.  For example, it specifically 
says that 412 must be returned when the server can't honor the type 
of lock request a client makes, but says nothing about which error 
should be returned in the case of a missing (or incorrect) token with 
unlock.  In general, it's a lot easier to write clients if known 
modes of failure that relate to the semantics of the request get 
specific error returns.

In this particular case, the spec is very clear in section 7.6 that 
all methods which "interact with" (interpreted as "change") a 
write-locked resource must include an IF header specifying the lock 
token.  If the lock token is missing, they are to get a 412 (since 
it's an IF).  Unfortunately, the example for UNLOCK does not show any 
such IF header, so presumably the LOCK-TOKEN header is supposed to be 
doing double duty here (both specifying what to unlock and specifying 
the required precondition for every "interacting" method).  Thus a 
missing or incorrect lock token might well receive a 412.  This would 
have some advantages for clients, since it could be specifically 
interpreted as meaning "that's the wrong lock token" but 400 could 
mean anything.

Note that there's a separate issue here for servers that support 
non-exclusive locks and also support write locks.  The issue is that 
both LOCK and UNLOCK are clearly "interacting methods" in the sense 
of section 7.6, but UNLOCK is not shown to need an IF header.  If a 
server issues a write lock on a resource that has some other kind of 
non-exclusive lock on it, then it ought to reject an unlock for that 
other kind of lock if the UNLOCK call doesn't specify an IF header 
with the token of the write lock.  But then why shouldn't it reject 
an UNLOCK of the write lock itself if it doesn't have such an IF 
header?

JimW: Can you add these issues (maybe as one issue) to the issues list?

1. Does UNLOCK require IF header specifying applicable write lock token?

2. UNLOCK should return 412 if valid lock token is not supplied as 
UNLOCK-TOKEN.

     dan
-- 
Daniel Brotsky, Adobe Systems
tel 408-536-4150, pager 888-461-0237
2-way pager email: <mailto:page-dbrotsky@adobe.com>
Received on Friday, 2 March 2001 14:13:10 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:43:55 GMT