I am attempting to configure Tomcat's WebDav application (http://localhost:8080/webdav) to allow everyone to view the directory. However I need authorized users to be able to edit the content of the directory.

Mark Shead

Here some additional info regarding the problem.
First I set the property in the webapps/webdav/web.xml file to allow read and write access. By default this gives everyone access to change content.


I tested this and it worked as expected--everyone was able to make changes to the content. Next I attempted to change the security settings for the directory so only certian users could make changes.

      <web-resource-name>The Entire Web Application</web-resource-name>

    <realm-name>Tomcat Supported Realm</realm-name>

      An example role defined in "conf/tomcat-users.xml"

This modified things so you need to login as a user defined as having a role of "tomcat" in conf/tomcat-users.xml in order to edit or view anything in the webdav directory.

I need it to allow anyone to access the file over the web, but only prompt for a password if they try to modify the file.

Trying to remove the <security-role> section doesn't work.

Basically whithin the <web-resource-colletion> section of the web.xml file you can define waht methods are protected. So you could protect the PUT command while leaving the GET command open to everyone.

I added the following and the behavior is what I was trying for:

This prompts for authentication when a user tries to lock a file for editing as well as POSTing and PUTting. I'm not sure if this will have any effect on forms ability to function and send stuff to a jsp page. (For example: will the user be asked for a password if they fill out and submit a form.) This isn't really a problem because all my webdav content will be in a separate folder at this point.

Hopefully that is useful to some other people as well.

[Sure it is, thanks. AG]