From 2ff8818e2990da0946492f6e651b3583480cd964 Mon Sep 17 00:00:00 2001
From: Paul Millar <paul.millar@desy.de>
Date: Mon, 9 Dec 2013 07:47:50 +0100
Subject: [PATCH] webdav: log why request is rejected with permission denied

Certain configuration can lead to a user's request being rejected
inside the webdav door.  These are currently either not logged or
logged with limited information.  Either way, it is hard to
understand why a request is failing.

Target: master
Request: 2.7
Request: 2.6
Request: 2.2
Patch: http://rb.dcache.org/r/6319/
Acked-by: Gerd Behrmann
---
 .../src/main/java/org/dcache/webdav/SecurityFilter.java   | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/modules/dcache-webdav/src/main/java/org/dcache/webdav/SecurityFilter.java b/modules/dcache-webdav/src/main/java/org/dcache/webdav/SecurityFilter.java
index 3b6d1892f8f..733bf2853cd 100644
--- a/modules/dcache-webdav/src/main/java/org/dcache/webdav/SecurityFilter.java
+++ b/modules/dcache-webdav/src/main/java/org/dcache/webdav/SecurityFilter.java
@@ -85,6 +85,8 @@ public void process(final FilterChain filterChain,
         Subject subject = new Subject();
 
         if (!isAllowedMethod(request.getMethod())) {
+            _log.debug("Failing {} from {} as door is read-only",
+                    request.getMethod(), request.getRemoteAddr());
             manager.getResponseHandler().respondMethodNotAllowed(new EmptyResource(request), response, request);
             return;
         }
@@ -100,7 +102,8 @@ public void process(final FilterChain filterChain,
             subject = login.getSubject();
 
             if (!isAuthorizedMethod(request.getMethod(), login)) {
-                throw new PermissionDeniedCacheException("Permission denied");
+                throw new PermissionDeniedCacheException("Permission denied: " +
+                        "read-only user");
             }
 
             checkRootPath(request, login);
@@ -164,7 +167,8 @@ private void checkRootPath(Request request, LoginReply login) throws CacheExcept
         FsPath fullPath = new FsPath(_rootPath, new FsPath(path));
         if (!fullPath.startsWith(userRoot)) {
             if (!path.equals("/")) {
-                throw new PermissionDeniedCacheException("Permission denied");
+                throw new PermissionDeniedCacheException("Permission denied: " +
+                        "path outside user's root");
             }
 
             try {