Security policy and Subversion ALM

Hi!

We want to use Subversion ALM on our JIRA, but there is a one problem: most Subversion repository users have no even Read-Only rights on repository root folder. But they have rights to their own subfolder (MyFolder for example).

And when go on Subversion tab and try to see diff on file placed in MyFolder, they get following message:

You have no access to the url: //blablabla

If you want to access restricted folder, you can relogin.

When they get RO rights to repository root, everything becomes fine.

Is there a solution for our security policy?

Thanks a lot!

7 answers

I do not know.

This security constraint is an heritage from the original Polarion's web client optimizations dealing with SVNKit, the Java library used to access to Subversion.

I've looked into the code causing this error [line 97: init()] DataProvider.java and Polarion creates two object pools: one for connections and other for commit messages.

My guess is that this problem is caused by the comments cache optimization as it is configured a root level.

The only way to deal with this would be supporting a new parameter to disable those optimizations and get the commit messages from the Subversion Server direcly rather from the cache.

I've disabled the Comments Cache in this version:

http://www.kintosoft.com/subversion-plus-5.9.1-experimental.jar?attredirects=0&d=1

You might want to download it and install into your JIRA instance. If it resolves your privileges problem I'll release it.

Thanks!

I've downloaded this version . I'll check it in the near future and report the results.

I've installed the new version, and investigated the problem.

So, "Commit graph" link became to work. Also when i click on the file in this screen i can see the content.

But when i return on "Subversion" tab and click on the file to see the diff i still see "Restricted access" message.

I've spoke about this with our admins and they say that they also use svn:externals in this repo. And really, when I run the Tortoise SVN repo-browser it asks for a login to external repo.

Maybe svn:externals is the cause of problem? If not maybe I can gather some log information?

Thanks a lot for your answers!

"Commit graph" link became to work.

Graphs are 100% built against the cache

when i click on the file in this screen i can see the content.

file contents are always fetched from the Subversion server, so if you can see them, there is not any problem with externals here.

But when i return on "Subversion" tab and click on the file to see the diff i still see "Restricted access" message.

Maybe the problem is in the integration JIRA tab-Polarion. Might you...

1. try to see the diff from the Polarion's browser itself: Browse to the external file, with the right button -> open the file history on a new window (this will unveil the Polarion's url) and try see any diff of the file. Then report please the diff URL.

2. From the issue tab: copy the link pointing to the diff and report it too in order to comapre them.

You may also enable the plugin logs by including these two Java packages into the JIRA logs:

  • org.polarion
  • com.kintosoft

And really, when I run the Tortoise SVN repo-browser it asks for a login to external repo. Maybe svn:externals is the cause of problem? If not maybe I can gather some log information?

Maybe, but it is strange that you can see the file content and not the diff.

Maybe the problem is in the integration JIRA tab-Polarion. Might you...

1. try to see the diff from the Polarion's browser itself: Browse to the external file, with the right button -> open the file history on a new window (this will unveil the Polarion's url) and try see any diff of the file. Then report please the diff URL.

2. From the issue tab: copy the link pointing to the diff and report it too in order to comapre them.

Here they are:

1. /plugins/servlet/svnwebclient/revisionDetails.jsp?url=%2Ftrunk%2Fgame%2Fdata%2FMechanics%2FGameRoot%2FSampleFile.xdb&crev=300267&rev=300267

It rediretcs me to

/plugins/servlet/svnwebclient/restrictedAccess.jsp?url=%2Ftrunk%2Fgame%2Fdata%2FMechanics%2FGameRoot%2FSampleFile.xdb&crev=300267&rev=300267

2. /secure/SWCTopMenuAction!default.jspa?jsp=changedResource&repoId=33&location=/&url=/trunk/game/data/Mechanics/GameRoot/SampleFile.xdb&rev=300267&action=modify

Both links lead to "Restricted access" message.

Log file does not clarify the situation. It just contains following information:

For the first link:

/plugins/servlet/svnwebclient/revisionDetails.jsp [svnwebclient.authorization.impl.CredentialsManager] Credentials: 

Username: d.apanasevich

/plugins/servlet/svnwebclient/restrictedAccess.jsp [svnwebclient.authorization.impl.CredentialsManager] Credentials: 

Username: d.apanasevich

And for the second one:

/plugins/servlet/svnwebclient/changedResource.jsp [svnwebclient.authorization.impl.CredentialsManager] Credentials: 

Username: d.apanasevich

/plugins/servlet/svnwebclient/fileCompare.jsp [svnwebclient.authorization.impl.CredentialsManager] Credentials: 

Username: d.apanasevich

/plugins/servlet/svnwebclient/restrictedAccess.jsp [svnwebclient.authorization.impl.CredentialsManager] Credentials: 

Username: d.apanasevich

Maybe, but it is strange that you can see the file content and not the diff.

I'm of the same opinion. But...

I will continue to research.

Maybe there is a permissions problem.

I have tested plugin again but with no result.

I still can view file content and can't see diffs.

Also I have used vievc to check my account rights on svn repo, and diff view worked fine there.

Have you any ideas?

Thanks!

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted Sep 18, 2018 in Jira

What modern development practices are at the heart of how your team delivers software?

Hey Community mates! Claire here from the Software Product Marketing team. We all know software development changes rapidly, and it's often tough to keep up. But from our research, we've found the h...

22,121 views 2 7
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you