W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > October to December 2008

Re: unclear on shared lock support

From: Julian Reschke <julian.reschke@gmx.de>
Date: Wed, 05 Nov 2008 23:01:31 +0100
Message-ID: <491217BB.2010904@gmx.de>
To: John Meissen <john@meissen.org>
CC: litmus@lists.manyfish.co.uk, WebDAV <w3c-dist-auth@w3.org>

John Meissen wrote:
>> No, I don't think this would be correct.
>>
>> If a server doesn't allow shared locks, it should reject the request. 
>> That's it.
>>
>> And yes, making Litmus smarter with respect to shared lock functionality 
>> would be good.
>>
>> Best regards, Julian
>>
> 
> On the other hand, while there is explicit language detailing what other
> conditions constitute failure there is nothing about shared vs exclusive.
> And it's not clear to me that any of the listed potential responses would
> fit such a failure.

That list is not exhaustive. From 
<http://greenbytes.de/tech/webdav/rfc4918.html#rfc.section.9.11.1>:

"In addition to the general status codes possible, the following status 
codes have specific applicability to UNLOCK:"

In general, when a client sends a request, and the server can't fulfill 
it, it has to return an appropriate failure code, and *not* do something 
else.

The timeout value is a special case, and that's why the spec says so.

> Conceptually, the server is being asked to lock a resource and also allow
> other clients to lock it. I'm willing to grant a lock to this client, but
> I won't allow other clients to also lock it.

In which case you need to fail the request, and then the client can 
retry an exclusive lock.

> If a client cared about the lock scope they would retrieve the 
> lockdiscovery property first to find out whether shared locks are
> supported. I suspect that most clients will neither note nor care about 

That is not true. I personally have written a client that assumes that 
success means success, and this works with all the servers I've tested 
against back then (those that do support shared locks, and those that 
don't).

Your interpretation is creative, but it would be your job to prove that 
you're not introducing an interop problem for those clients that want 
shared locks. (and you do).

> this distinction, and would only be aware that they were unable to lock
> the resource (as I encountered with litmus).

Yes, that's an example that misleading test suites can cause 
implementors to make the wrong choices. Shared locks are optional, so 
Litmus should just state that the server doesn't support them, instead 
of misleading implementers to do the wrong thing.

> I real-world situations it would seem to me preferrable to grant a lock
> of the supported type rather than fail the request. It will almost certainly
> make no difference to the requesting client, where to do otherwise has
> the potential to break existing applications.

Sorry, but that is nonsense.

If it doesn't make a difference, the client wouldn't have asked for a 
shared lock in the first place. If it does make a difference, the client 
would have either checked DAV:supportedlock first, and then made a 
choice, or just tried and checked for the status code. This works today 
with Apache/mod_dav, Slide, Jackrabbit, SAP KM, Xythos and Microsoft IIS.

BR, Julian
Received on Wednesday, 5 November 2008 22:08:56 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:44:16 GMT