Programming Java WebDAV Server Authentication and Authorization

The IT Hit WebDAV Server Engine itself does not contain any authentication or authorization code. All authentication code is provided as part of WebDAV server samples.

You can limit user ability to browse, save documents, create folders, etc inside your WebDAV Server interfaces implementation. To limit browsing you can filter documents in your Folder.getChildren() method implementation and return only items that the user has permissions to see. Please see the getChildren() method here:

Inside your interfaces implementation you can check if the user has enough permissions in the following methods:

Typically you will throw a DavException exception to indicate that the user does not have permissions. For example:

public void createFolder(string name) 
   if(/* user != "User1" */)
       throw new DavException("No Write Permission.", WebDavStatus.FORBIDDEN);

It also make sense to check permissions in other methods: HierarchyItem.copyTo(), HierarchyItem.moveTo(), HierarchyItem.updateProperties(), Lock.refreshLock().

The Engine will process it and return a WebDAV error description to the client. Please note that Windows Explorer (which is in fact Microsoft Mini-redirector driver behind the scenes) and MS Office swallows any error descriptions returned by the server and displays just a generic error message.