Configure Tomcat WebDAV access in 3 easy steps
Web-based Distributed Authoring and Versioning, or WebDAV, is a set of HTTP protocol extensions that allow collaborative editing and management of files stored on a remote server or servers.
The functionality that WebDAV provides is similar to FTP, but is more efficient and supports complex functions such as authentication, encryption without SSH, proxy support and caching, as well as more specialized verb methods such as LOCK and UNLOCK, all over HTTP. Extensions such as Delta-V, DASL, GroupDAV and CalDAV offer additional features under the same protocol, including revision tracking, search, group data stores and calendaring.
In this article, we'll provide an introduction to using WebDAV with applications hosted on Apache Tomcat, so you can begin considering how the WebDAV protocol can best benefit your architecture.
First, we'll walk you through the basic steps required to enable a hosted WebDAV folder on your Apache Tomcat server, including configuration, basic security and connectivity testing.
We'll wrap up with a high-level look at some of the ways you can use WebDAV within your Tomcat applications.
There are a number of reasons why you might want to host a WebDAV mount within your application or on your application server, such as providing upload/download capabilities to your users, or providing you a secure remote way of viewing internal log files.
While the basic servlet provides none of these capabilities in a manner suitable for use with a complex application, the Tomcat implementation can be a useful starting point, rather than building an implementation from scratch.
As WebDAV is an extension of the HTTP protocol, rather than a protocol in its own right, its methods are always interpreted by a helper framework of some kind. In fact, one of the explicit features built-in to WebDAV is that complex features such as versioning and merge are handled either by WebDAV based extensions or by the client itself, making WebDAV itself quite versatile and lightweight.
Tomcat implements the WebDAV specification using a servlet called WebDAV Servlet, which is included with all standard Tomcat distributions.
Let's get to know Tomcat's WebDAV implementation. Follow these simple steps to configure, secure and test connectivity to a Tomcat-hosted WebDAV folder.
Enabling the WebDav servlet
(Note: This tutorial assumes you are running Tomcat 6.x or higher, which are not packaged with the "webdav" example application. If you are using an earlier version of Tomcat, you should be able to test WebDAV by simply deploying this example application. However, you can also follow along below if you would like to take a more hands-on approach.)
As the servlet classes are already included with Tomcat, all that you need to do to enable the WebDAV Servlet is define it in the deployment descriptor of the Context which you want to enable for WebDAV access.
The WebDAV servlet can be used with any application OTHER THAN the root context. In this example, we'll demonstrate how to enable WebDAV access for a generic web application called "myApp". If you don't have any applications to test WebDAV with, use Maven or a similar tool to generate and deploy a simple skeleton application to experiment with.
To define and map the WebDAV servlet to a specific context and URL, add the following to $CATALINA_HOME/webapps/[myApp]/WEB_INF/web.xml:
<!-- Read-Write Access Settings -->
<!-- URL Mapping -->
Use the section commented "Read-Write Access Settings" to set the read-write permissions for the Servlet. You'll most likely want to use the settings we have provided here, which allow read-write access, but if you only want to test connectivity and not play around with WebDAV methods at all, you can set the value of this parameter to "true".
Next, we'll make sure that only authorized users can access WebDAV for this context. You can handle user authentication with Tomcat, or farm the task out to a proxy server such as Apache HTTPD. Both methods are fairly common, so we'll demonstrate both of them in this tutorial.
To provide security for WebDAV using Tomcat realms, add the following to your new WebDAV entry in $CATALINA_HOME/webapps/[myApp]/WEB_INF/web.xml:
<!-- Detect WebDAV Methods in URL For Whole Application -->
<!-- Restrict access by role -->
Next, add a version of the following to conf/tomcat-users.xml:
<user username="webdavuser" password="password" roles="webdav"/>
This configuration will only allow users with the roll "webdav" to access WebDAV URLs.
As noted above, you can also provide security by verifying WebDAV requests with SSL using Apache HTTPD. For the purpose of this tutorial, we'll assume that you have already configured connectivity between Apache HTTPD and Tomcat. (If you have not, check out our Tomcat HTTPD article for an easy-to-follow guide.)
First, add the following entry to $CATALINA_HOME/webapps/[myApp]/WEB_INF/web.xml:
<!-- Detect WebDAV Methods -->
<!-- Force HTTPS -->
Note that the only difference between this configuration and the configuration in which Tomcat provides authentication is that we force HTTPS and do not include any "auth-constraint" element.
Next, edit the Apache HTTPD SSL configuration to provide authentication when Tomcat requests it from our Context. Add the following to your SSL configuration, which will either be found in Apache's main httpd.conf file, or as a separate file called ssl.conf in the "httpd/conf" directory:
<LIMIT PROPFIND PROPPATCH COPY MOVE LOCK UNLOCK>
require group webdav
As you can see, this configuration will require authentication for all SSL requests using WebDAV-specific methods. This user must be an authenticated member of the "webdav" group in order to use webdav methods.
The last step is to create the "webdav" group in Apache HTTPD's "httpd.group" file. Here is an example configuration:
super: clark kent
user: john wayne
webdav: elvis presley
In this example, "elvis" and "presley" both have WebDAV access.
Finally, it's time to test WebDAV access to your application. Although it's possible to do this manually, we recommend using a free open source command-line tool called litmus, which will automatically test your Tomcat server's ability to receive WebDAV connections. litmus is developed under the neon client library project, which is a subset of the WebDAV project itself.
It's also a good idea to run DAVtest, a free, open source testing suite aimed at quickly identifying vulnerabilities in your WebDAV configuration, to make sure that your new WebDAV mount is as secure as possible.
The combination of simple, powerful methods and HTTP protocol make WebDAV a very attractive option to handle any functionality in your web application that requires manipulation of the same data by multiple users. There are a few different ways to approach the implementation of WebDAV into your application.
Milton, an open-source WebDAV library implemented in a Java Servlet, which allows any data from your application to be exposed via WebDAV. Here's an example using Milton, Hibernate and Tomcat together, in which Milton, running on Tomcat, is used to provide WebDAV-based access to Hibernate data. Other Java-based WebDAV projects that may be useful to reference when building your own include Jigsaw, Apache Jackrabbit and the now-retired Jakarta Slide.
WebDAV's usefulness isn't just limited to new applications, though! Because all of its methods work over HTTP, it can easily be used as an interface for underlying functionality. For example, If you are looking to convert an existing file access structure to a more standards-based WebDAV interface, you can start with the Tomcat implementation and delegate the methods to your underlying functionalities by replacing the JNDI-based functionalities with your own logic.
Learn more about using WebDAV with Apache Tomcat
For more information about using Tomcat's WebDAV Servlet methods in your applications, click here to check out the API documentation. You can also read up on the WebDAV specification itself at the WebDAV Project Site.