Security policy and Subversion ALM

I have tested plugin again but with no result.

I still can view file content and can't see diffs.

Also I have used vievc to check my account rights on svn repo, and diff view worked fine there.

Have you any ideas?

Thanks!

Maybe the problem is in the integration JIRA tab-Polarion. Might you...

1. try to see the diff from the Polarion's browser itself: Browse to the external file, with the right button -> open the file history on a new window (this will unveil the Polarion's url) and try see any diff of the file. Then report please the diff URL.

2. From the issue tab: copy the link pointing to the diff and report it too in order to comapre them.

Here they are:

1. /plugins/servlet/svnwebclient/revisionDetails.jsp?url=%2Ftrunk%2Fgame%2Fdata%2FMechanics%2FGameRoot%2FSampleFile.xdb&crev=300267&rev=300267

It rediretcs me to

/plugins/servlet/svnwebclient/restrictedAccess.jsp?url=%2Ftrunk%2Fgame%2Fdata%2FMechanics%2FGameRoot%2FSampleFile.xdb&crev=300267&rev=300267

2. /secure/SWCTopMenuAction!default.jspa?jsp=changedResource&repoId=33&location=/&url=/trunk/game/data/Mechanics/GameRoot/SampleFile.xdb&rev=300267&action=modify

Both links lead to "Restricted access" message.

Log file does not clarify the situation. It just contains following information:

For the first link:

/plugins/servlet/svnwebclient/revisionDetails.jsp [svnwebclient.authorization.impl.CredentialsManager] Credentials: 

Username: d.apanasevich

/plugins/servlet/svnwebclient/restrictedAccess.jsp [svnwebclient.authorization.impl.CredentialsManager] Credentials: 

Username: d.apanasevich

And for the second one:

/plugins/servlet/svnwebclient/changedResource.jsp [svnwebclient.authorization.impl.CredentialsManager] Credentials: 

Username: d.apanasevich

/plugins/servlet/svnwebclient/fileCompare.jsp [svnwebclient.authorization.impl.CredentialsManager] Credentials: 

Username: d.apanasevich

/plugins/servlet/svnwebclient/restrictedAccess.jsp [svnwebclient.authorization.impl.CredentialsManager] Credentials: 

Username: d.apanasevich

Maybe, but it is strange that you can see the file content and not the diff.

I'm of the same opinion. But...

I will continue to research.

Maybe there is a permissions problem.

"Commit graph" link became to work.

Graphs are 100% built against the cache

when i click on the file in this screen i can see the content.

file contents are always fetched from the Subversion server, so if you can see them, there is not any problem with externals here.

But when i return on "Subversion" tab and click on the file to see the diff i still see "Restricted access" message.

Maybe the problem is in the integration JIRA tab-Polarion. Might you...

1. try to see the diff from the Polarion's browser itself: Browse to the external file, with the right button -> open the file history on a new window (this will unveil the Polarion's url) and try see any diff of the file. Then report please the diff URL.

2. From the issue tab: copy the link pointing to the diff and report it too in order to comapre them.

You may also enable the plugin logs by including these two Java packages into the JIRA logs:

• org.polarion
• com.kintosoft

And really, when I run the Tortoise SVN repo-browser it asks for a login to external repo. Maybe svn:externals is the cause of problem? If not maybe I can gather some log information?

Maybe, but it is strange that you can see the file content and not the diff.

I've installed the new version, and investigated the problem.

So, "Commit graph" link became to work. Also when i click on the file in this screen i can see the content.

But when i return on "Subversion" tab and click on the file to see the diff i still see "Restricted access" message.

I've spoke about this with our admins and they say that they also use svn:externals in this repo. And really, when I run the Tortoise SVN repo-browser it asks for a login to external repo.

Maybe svn:externals is the cause of problem? If not maybe I can gather some log information?

Thanks a lot for your answers!

Thanks!

I've downloaded this version . I'll check it in the near future and report the results.

I've disabled the Comments Cache in this version:

http://www.kintosoft.com/subversion-plus-5.9.1-experimental.jar?attredirects=0&d=1

You might want to download it and install into your JIRA instance. If it resolves your privileges problem I'll release it.

I do not know.

This security constraint is an heritage from the original Polarion's web client optimizations dealing with SVNKit, the Java library used to access to Subversion.

I've looked into the code causing this error [line 97: init()] DataProvider.java and Polarion creates two object pools: one for connections and other for commit messages.

My guess is that this problem is caused by the comments cache optimization as it is configured a root level.

The only way to deal with this would be supporting a new parameter to disable those optimizations and get the commit messages from the Subversion Server direcly rather from the cache.