Security policy and Subversion ALM

Dmitrii Apanasevich
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
April 2, 2014

Hi!

We want to use Subversion ALM on our JIRA, but there is a one problem: most Subversion repository users have no even Read-Only rights on repository root folder. But they have rights to their own subfolder (MyFolder for example).

And when go on Subversion tab and try to see diff on file placed in MyFolder, they get following message:

You have no access to the url: //blablabla

If you want to access restricted folder, you can relogin.

When they get RO rights to repository root, everything becomes fine.

Is there a solution for our security policy?

Thanks a lot!

7 answers

0 votes
Dmitrii Apanasevich
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
May 18, 2014

I have tested plugin again but with no result.

I still can view file content and can't see diffs.

Also I have used vievc to check my account rights on svn repo, and diff view worked fine there.

Have you any ideas?

Thanks!

0 votes
Dmitrii Apanasevich
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
April 9, 2014

Maybe the problem is in the integration JIRA tab-Polarion. Might you...

1. try to see the diff from the Polarion's browser itself: Browse to the external file, with the right button -> open the file history on a new window (this will unveil the Polarion's url) and try see any diff of the file. Then report please the diff URL.

2. From the issue tab: copy the link pointing to the diff and report it too in order to comapre them.

Here they are:

1. /plugins/servlet/svnwebclient/revisionDetails.jsp?url=%2Ftrunk%2Fgame%2Fdata%2FMechanics%2FGameRoot%2FSampleFile.xdb&crev=300267&rev=300267

It rediretcs me to

/plugins/servlet/svnwebclient/restrictedAccess.jsp?url=%2Ftrunk%2Fgame%2Fdata%2FMechanics%2FGameRoot%2FSampleFile.xdb&crev=300267&rev=300267

2. /secure/SWCTopMenuAction!default.jspa?jsp=changedResource&repoId=33&location=/&url=/trunk/game/data/Mechanics/GameRoot/SampleFile.xdb&rev=300267&action=modify

Both links lead to "Restricted access" message.

Log file does not clarify the situation. It just contains following information:

For the first link:

/plugins/servlet/svnwebclient/revisionDetails.jsp [svnwebclient.authorization.impl.CredentialsManager] Credentials: 

Username: d.apanasevich

/plugins/servlet/svnwebclient/restrictedAccess.jsp [svnwebclient.authorization.impl.CredentialsManager] Credentials: 

Username: d.apanasevich

And for the second one:

/plugins/servlet/svnwebclient/changedResource.jsp [svnwebclient.authorization.impl.CredentialsManager] Credentials: 

Username: d.apanasevich

/plugins/servlet/svnwebclient/fileCompare.jsp [svnwebclient.authorization.impl.CredentialsManager] Credentials: 

Username: d.apanasevich

/plugins/servlet/svnwebclient/restrictedAccess.jsp [svnwebclient.authorization.impl.CredentialsManager] Credentials: 

Username: d.apanasevich

Maybe, but it is strange that you can see the file content and not the diff.

I'm of the same opinion. But...

I will continue to research.

Maybe there is a permissions problem.

0 votes
Pablo Beltran
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
April 7, 2014

"Commit graph" link became to work.

Graphs are 100% built against the cache

when i click on the file in this screen i can see the content.

file contents are always fetched from the Subversion server, so if you can see them, there is not any problem with externals here.

But when i return on "Subversion" tab and click on the file to see the diff i still see "Restricted access" message.

Maybe the problem is in the integration JIRA tab-Polarion. Might you...

1. try to see the diff from the Polarion's browser itself: Browse to the external file, with the right button -> open the file history on a new window (this will unveil the Polarion's url) and try see any diff of the file. Then report please the diff URL.

2. From the issue tab: copy the link pointing to the diff and report it too in order to comapre them.

You may also enable the plugin logs by including these two Java packages into the JIRA logs:

  • org.polarion
  • com.kintosoft

And really, when I run the Tortoise SVN repo-browser it asks for a login to external repo. Maybe svn:externals is the cause of problem? If not maybe I can gather some log information?

Maybe, but it is strange that you can see the file content and not the diff.

0 votes
Dmitrii Apanasevich
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
April 6, 2014

I've installed the new version, and investigated the problem.

So, "Commit graph" link became to work. Also when i click on the file in this screen i can see the content.

But when i return on "Subversion" tab and click on the file to see the diff i still see "Restricted access" message.

I've spoke about this with our admins and they say that they also use svn:externals in this repo. And really, when I run the Tortoise SVN repo-browser it asks for a login to external repo.

Maybe svn:externals is the cause of problem? If not maybe I can gather some log information?

Thanks a lot for your answers!

0 votes
Dmitrii Apanasevich
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
April 3, 2014

Thanks!

I've downloaded this version . I'll check it in the near future and report the results.

0 votes
Pablo Beltran
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
April 3, 2014

I've disabled the Comments Cache in this version:

http://www.kintosoft.com/subversion-plus-5.9.1-experimental.jar?attredirects=0&d=1

You might want to download it and install into your JIRA instance. If it resolves your privileges problem I'll release it.

0 votes
Pablo Beltran
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
April 2, 2014

I do not know.

This security constraint is an heritage from the original Polarion's web client optimizations dealing with SVNKit, the Java library used to access to Subversion.

I've looked into the code causing this error [line 97: init()] DataProvider.java and Polarion creates two object pools: one for connections and other for commit messages.

My guess is that this problem is caused by the comments cache optimization as it is configured a root level.

The only way to deal with this would be supporting a new parameter to disable those optimizations and get the commit messages from the Subversion Server direcly rather from the cache.

Suggest an answer

Log in or Sign up to answer