Bug 41489 - 207 instead of 403 response for MOVE/COPY/DELETE (+ suggested fix)
Summary: 207 instead of 403 response for MOVE/COPY/DELETE (+ suggested fix)
Status: NEW
Alias: None
Product: Slide
Classification: Unclassified
Component: WebDAV Server (show other bugs)
Version: 2.1
Hardware: All All
: P2 major (vote)
Target Milestone: ---
Assignee: Slide Developer List
Keywords: RFC
Depends on:
Reported: 2007-01-29 02:22 UTC by Andrew Spencer
Modified: 2007-02-25 12:39 UTC (History)
0 users


Note You need to log in before you can comment on or make changes to this bug.
Description Andrew Spencer 2007-01-29 02:22:26 UTC
For some WebDAV requests we get a 207 Multistatus returned when we would expect
a 403 Forbidden.

Steps to reproduce:
 - incoming request is MOVE, COPY or DELETE
 - object being moved/copied/deleted is a collection
 - user does not have the rights to make this operation

Actual results:
 - generation of a 207 Multi Status response

Apparent cause:
 - org.apache.slide.webdav.method.AbstractMultistatusResponseMethod 
Method generateMultiStatusResponse()
line 121 :
   isMultiStatus =  ! resourceURI.equals(MethodUtil.getURI(unpackedException));
is inconsistent with the method's Javadoc comment.  We should be generating a
multi status response when the two values are equal, not when they are unequal
(as now).  Deleting the operator ! on the above line corrects the bug described
above: a 403 response is generated as expected.

Expected results:
 - generation of a 403 Forbidden reponse

The bug was observed on v2.1 but the offending line is still present in the
latest version on the repository.
Comment 1 Antoine Levy-Lambert 2007-02-25 12:39:26 UTC

you are saying that the javadoc of the method contradicts the implementation.

I have had a look at http://www.webdav.org/specs/rfc2518.html#rfc.section.8.9.2

It looks like the javadoc is wrong and the implementation is right.

I have decided to change the javadoc.

Please comment citing RFCs as basis if you still have a problem with this issue.

Best regards,