Subversion authentication issues

1,301 views
Skip to first unread message

Daniel Barbato

unread,
May 3, 2013, 11:44:12 AM5/3/13
to jenkinsci-users
Hi,

I'm having some strange issues with subversion authentication within jenkins. My jenkins system and all plugins are fully up to date, jenkins master and nodes are all running Centos.

We have two different svn servers that Jenkins needs to be able to interact with, let's call them SVN-A and SVN-B. Both servers user the same credentials to authenticate.

From the command line on each node and the master I'm able to successfully authenticate and interact with both servers over https.

Within jenkins I'm able to successfully authenticate against SVN-A and have been for a long time. I'm trying to set up  authentication details for SVN-B, when I attempt the authentication from within Jenkins (using username / password) I constantly get a 403 Forbidden (full log below). Checking the SVN server logs, I can see no sign that any attempt has been made to authenticate. 

Any advice is more than welcome!

Thanks In Advance!

Copy of trace from authentication attempt with server name and repo name obsured :)

Failed to authenticate: svn: E170001: OPTIONS of '/repo/svn/repo/core/trunk': 403 Forbidden (https://SVN-B)
FAILED: svn: E175002: OPTIONS /repo/svn/repo/core/trunk failed

org.tmatesoft.svn.core.SVNException: svn: E175002: OPTIONS /repo/svn/repo/core/trunk failed
	at org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection.request(HTTPConnection.java:379)
	at org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection.request(HTTPConnection.java:364)
	at org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection.request(HTTPConnection.java:352)
	at org.tmatesoft.svn.core.internal.io.dav.DAVConnection.performHttpRequest(DAVConnection.java:708)
	at org.tmatesoft.svn.core.internal.io.dav.DAVConnection.exchangeCapabilities(DAVConnection.java:628)
	at org.tmatesoft.svn.core.internal.io.dav.DAVConnection.open(DAVConnection.java:103)
	at org.tmatesoft.svn.core.internal.io.dav.DAVRepository.openConnection(DAVRepository.java:1018)
	at org.tmatesoft.svn.core.internal.io.dav.DAVRepository.testConnection(DAVRepository.java:99)
	at hudson.scm.SubversionSCM$DescriptorImpl.postCredential(SubversionSCM.java:1939)
	at hudson.scm.SubversionSCM$DescriptorImpl.doPostCredential(SubversionSCM.java:1884)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
	at java.lang.reflect.Method.invoke(Method.java:597)
	at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:288)
	at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:151)
	at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:90)
	at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:111)
	at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
	at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:677)
	at org.kohsuke.stapler.Stapler.invoke(Stapler.java:770)
	at org.kohsuke.stapler.MetaClass$6.doDispatch(MetaClass.java:241)
	at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
	at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:677)
	at org.kohsuke.stapler.Stapler.invoke(Stapler.java:770)
	at org.kohsuke.stapler.MetaClass$6.doDispatch(MetaClass.java:241)
	at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
	at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:677)
	at org.kohsuke.stapler.Stapler.invoke(Stapler.java:770)
	at org.kohsuke.stapler.Stapler.invoke(Stapler.java:583)
	at org.kohsuke.stapler.Stapler.service(Stapler.java:214)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:45)
	at winstone.ServletConfiguration.execute(ServletConfiguration.java:248)
	at winstone.RequestDispatcher.forward(RequestDispatcher.java:333)
	at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:376)
	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:95)
	at hudson.plugins.greenballs.GreenBallFilter.doFilter(GreenBallFilter.java:58)
	at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:98)
	at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:87)
	at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
	at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
	at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:48)
	at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
	at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
	at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51)
	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
	at org.acegisecurity.ui.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:124)
	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
	at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125)
	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
	at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:142)
	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
	at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271)
	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
	at org.acegisecurity.ui.basicauth.BasicProcessingFilter.doFilter(BasicProcessingFilter.java:174)
	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
	at jenkins.security.ApiTokenFilter.doFilter(ApiTokenFilter.java:64)
	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
	at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
	at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67)
	at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
	at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76)
	at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:164)
	at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
	at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
	at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:50)
	at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
	at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
	at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81)
	at winstone.FilterConfiguration.execute(FilterConfiguration.java:194)
	at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:366)
	at winstone.RequestDispatcher.forward(RequestDispatcher.java:331)
	at winstone.RequestHandlerThread.processRequest(RequestHandlerThread.java:227)
	at winstone.RequestHandlerThread.run(RequestHandlerThread.java:150)
	at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:439)
	at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303)
	at java.util.concurrent.FutureTask.run(FutureTask.java:138)
	at winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77)
	at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:895)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:918)
	at java.lang.Thread.run(Thread.java:662)
Caused by: svn: E175002: OPTIONS /repo/svn/repo/core/trunk failed
	at org.tmatesoft.svn.core.SVNErrorMessage.create(SVNErrorMessage.java:208)
	at org.tmatesoft.svn.core.SVNErrorMessage.create(SVNErrorMessage.java:154)
	at org.tmatesoft.svn.core.SVNErrorMessage.create(SVNErrorMessage.java:97)
	... 82 more
Caused by: org.tmatesoft.svn.core.SVNAuthenticationException: svn: E170001: OPTIONS request failed on '/repo/svn/repo/core/trunk'
svn: E170001: OPTIONS of '/repo/svn/repo/core/trunk': 403 Forbidden (https://SVN-B)
	at org.tmatesoft.svn.core.internal.wc.SVNErrorManager.error(SVNErrorManager.java:62)
	at org.tmatesoft.svn.core.internal.wc.SVNErrorManager.error(SVNErrorManager.java:51)
	at org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection._request(HTTPConnection.java:748)
	at org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection.request(HTTPConnection.java:373)
	... 81 more
Caused by: svn: E170001: OPTIONS of '/repo/svn/repo/core/trunk': 403 Forbidden (https://SVN-B)
	at org.tmatesoft.svn.core.SVNErrorMessage.create(SVNErrorMessage.java:208)
	at org.tmatesoft.svn.core.SVNErrorMessage.create(SVNErrorMessage.java:189)
	at org.tmatesoft.svn.core.SVNErrorMessage.create(SVNErrorMessage.java:141)
	at org.tmatesoft.svn.core.internal.io.dav.http.HTTPRequest.createDefaultErrorMessage(HTTPRequest.java:452)
	at org.tmatesoft.svn.core.internal.io.dav.http.HTTPRequest.dispatch(HTTPRequest.java:189)
	at org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection._request(HTTPConnection.java:460)
	... 82 more


James Nord (jnord)

unread,
May 3, 2013, 11:54:53 AM5/3/13
to jenkins...@googlegroups.com

HI Daniel,

 

Have you tried entering the credentials at ${jenkinsURL}/scm/SubversionSCM/enterCredential ?

 

Althought the servers may use the same credentials the challenge that will be sent from the server will be for a different repository – and so Jenkins will probably not know anything about it and use what it knows which is nothing.

 

/James

 

--
You received this message because you are subscribed to the Google Groups "Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-use...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

Daniel Barbato

unread,
May 3, 2013, 11:59:40 AM5/3/13
to jenkinsci-users
Hi James,

That's exactly where I'm trying to enter the credentials (well linked to by the config job page, but I just tried going directly to that URI too), and then getting the error I pasted when I submit it that page being ${jenkinsURL}/scm/SubversionSCM/postCredential

Dan

James Nord (jnord)

unread,
May 3, 2013, 12:05:39 PM5/3/13
to jenkins...@googlegroups.com

Ahh I should have looked more closely at the stack trace – sorry.

 

I have seen this happen when there is a proxy in between the server and the request for svnb goes via the proxy and svna goes direct.  (in which case it was the proxy denying the operation rather than the subversion server – and there where differences between Jenkins and the command line).   Other than that hopefully someone else may have some better ideas.

 

Regards,

Daniel Barbato

unread,
May 3, 2013, 12:34:40 PM5/3/13
to jenkinsci-users
If it were the proxy getting in the way, do I just need to go to ${jenkinsURL}/pluginManager/advanced and the server to the No Proxy Host field, or do I need to do it elsewhere?

If that's where I do need to do it, then it's not worked :/
Reply all
Reply to author
Forward
0 new messages