为什么 Jenkins SVN 插件在连接到我的 VisualSVN 服务器时会出现错误 E170001?

Why does the Jenkins SVN plugin give error E170001 when connecting to my VisualSVN server?

我对 VisualSVN 服务器的了解:它支持 Windows Active Directory 身份验证和 "basic" 使用我的 Windows 用户名和密码的身份验证。我可以成功使用 TortoiseSVN、CollabNet 和 Mac OS X Subversion 客户端。

要重现错误,请执行以下操作:

  1. 安装 Windows Jenkins package (version 1.616).
  2. 将 SVN 插件更新到 2.5 版。
  3. 创建自由式项目。
  4. 在源代码管理下,选择 Subversion。
  5. 输入存储库URL。
  6. 添加您的 Windows 用户名和密码作为凭据。

然后我在下面看到以下错误 "Credentials":

Unable to access https://<svn-server> : svn: E170001: Negotiate authentication failed: 'No valid credentials provided'

org.tmatesoft.svn.core.SVNAuthenticationException: svn: E170001: Negotiate authentication failed: 'No valid credentials provided'
    at org.tmatesoft.svn.core.internal.wc.SVNErrorManager.error(SVNErrorManager.java:62)
    at org.tmatesoft.svn.core.internal.wc.SVNErrorManager.error(SVNErrorManager.java:51)
    at org.tmatesoft.svn.core.internal.io.dav.http.DefaultHTTPNegotiateAuthentication.run(DefaultHTTPNegotiateAuthentication.java:175)
    at org.tmatesoft.svn.core.internal.io.dav.http.DefaultHTTPNegotiateAuthentication.run(DefaultHTTPNegotiateAuthentication.java:166)
    at org.tmatesoft.svn.core.internal.io.dav.http.DefaultHTTPNegotiateAuthentication.authenticate(DefaultHTTPNegotiateAuthentication.java:221)
    at org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection.request(HTTPConnection.java:450)
    at org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection.request(HTTPConnection.java:371)
    at org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection.request(HTTPConnection.java:359)
    at org.tmatesoft.svn.core.internal.io.dav.DAVConnection.performHttpRequest(DAVConnection.java:710)
    at org.tmatesoft.svn.core.internal.io.dav.DAVConnection.exchangeCapabilities(DAVConnection.java:627)
    at org.tmatesoft.svn.core.internal.io.dav.DAVConnection.open(DAVConnection.java:102)
    at org.tmatesoft.svn.core.internal.io.dav.DAVRepository.openConnection(DAVRepository.java:1032)
    at org.tmatesoft.svn.core.internal.io.dav.DAVRepository.testConnection(DAVRepository.java:94)
    at hudson.scm.SubversionSCM$DescriptorImpl.checkRepositoryPath(SubversionSCM.java:2282)
    at hudson.scm.SubversionSCM$ModuleLocation$DescriptorImpl.checkCredentialsId(SubversionSCM.java:3043)
    at hudson.scm.SubversionSCM$ModuleLocation$DescriptorImpl.doCheckCredentialsId(SubversionSCM.java:3016)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
    at java.lang.reflect.Method.invoke(Unknown Source)
    at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:298)
    at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:161)
    at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:96)
    at org.kohsuke.stapler.MetaClass.doDispatch(MetaClass.java:121)
    at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
    at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:746)
    at org.kohsuke.stapler.Stapler.invoke(Stapler.java:876)
    at org.kohsuke.stapler.MetaClass.doDispatch(MetaClass.java:249)
    at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
    at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:746)
    at org.kohsuke.stapler.Stapler.invoke(Stapler.java:876)
    at org.kohsuke.stapler.MetaClass.doDispatch(MetaClass.java:249)
    at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:53)
    at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:746)
    at org.kohsuke.stapler.Stapler.invoke(Stapler.java:876)
    at org.kohsuke.stapler.Stapler.invoke(Stapler.java:649)
    at org.kohsuke.stapler.Stapler.service(Stapler.java:238)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:848)
    at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:686)
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1494)
    at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:123)
    at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:114)
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
    at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:48)
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
    at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:84)
    at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76)
    at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:171)
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
    at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:49)
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
    at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81)
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
    at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30)
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1474)
    at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:499)
    at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:137)
    at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:533)
    at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:231)
    at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1086)
    at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:428)
    at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:193)
    at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1020)
    at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)
    at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)
    at org.eclipse.jetty.server.Server.handle(Server.java:370)
    at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:489)
    at org.eclipse.jetty.server.AbstractHttpConnection.headerComplete(AbstractHttpConnection.java:949)
    at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.headerComplete(AbstractHttpConnection.java:1011)
    at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:644)
    at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:235)
    at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)
    at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:668)
    at org.eclipse.jetty.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:52)
    at winstone.BoundedExecutorService.run(BoundedExecutorService.java:77)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
    at java.lang.Thread.run(Unknown Source)

当我构建项目时,我得到以下输出:

Started by user anonymous
Building in workspace C:\Program Files (x86)\Jenkins\jobs\asdf\workspace
Checking out a fresh workspace because there's no workspace at C:\Program Files (x86)\Jenkins\jobs\asdf\workspace
Cleaning local Directory .
Checking out https://<svn-server> at revision '2015-06-08T15:40:47.620 -0400'
ERROR: Failed to check out https://<svn-server>
org.tmatesoft.svn.core.SVNAuthenticationException: svn: E170001: Negotiate authentication failed: 'No valid credentials provided'
    at org.tmatesoft.svn.core.internal.wc.SVNErrorManager.error(SVNErrorManager.java:62)
    at org.tmatesoft.svn.core.internal.wc.SVNErrorManager.error(SVNErrorManager.java:51)
    at org.tmatesoft.svn.core.internal.io.dav.http.DefaultHTTPNegotiateAuthentication.run(DefaultHTTPNegotiateAuthentication.java:175)
    at org.tmatesoft.svn.core.internal.io.dav.http.DefaultHTTPNegotiateAuthentication.run(DefaultHTTPNegotiateAuthentication.java:166)
    at org.tmatesoft.svn.core.internal.io.dav.http.DefaultHTTPNegotiateAuthentication.authenticate(DefaultHTTPNegotiateAuthentication.java:221)
    at org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection.request(HTTPConnection.java:450)
    at org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection.request(HTTPConnection.java:371)
    at org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection.request(HTTPConnection.java:359)
    at org.tmatesoft.svn.core.internal.io.dav.DAVConnection.performHttpRequest(DAVConnection.java:710)
    at org.tmatesoft.svn.core.internal.io.dav.DAVConnection.exchangeCapabilities(DAVConnection.java:627)
    at org.tmatesoft.svn.core.internal.io.dav.DAVConnection.open(DAVConnection.java:102)
    at org.tmatesoft.svn.core.internal.io.dav.DAVRepository.openConnection(DAVRepository.java:1032)
    at org.tmatesoft.svn.core.internal.io.dav.DAVRepository.getLatestRevision(DAVRepository.java:175)
    at org.tmatesoft.svn.core.internal.wc2.ng.SvnNgRepositoryAccess.getRevisionNumber(SvnNgRepositoryAccess.java:118)
    at org.tmatesoft.svn.core.internal.wc2.SvnRepositoryAccess.getLocations(SvnRepositoryAccess.java:184)
    at org.tmatesoft.svn.core.internal.wc2.ng.SvnNgRepositoryAccess.createRepositoryFor(SvnNgRepositoryAccess.java:45)
    at org.tmatesoft.svn.core.internal.wc2.ng.SvnNgAbstractUpdate.checkout(SvnNgAbstractUpdate.java:756)
    at org.tmatesoft.svn.core.internal.wc2.ng.SvnNgCheckout.run(SvnNgCheckout.java:26)
    at org.tmatesoft.svn.core.internal.wc2.ng.SvnNgCheckout.run(SvnNgCheckout.java:11)
    at org.tmatesoft.svn.core.internal.wc2.ng.SvnNgOperationRunner.run(SvnNgOperationRunner.java:20)
    at org.tmatesoft.svn.core.internal.wc2.SvnOperationRunner.run(SvnOperationRunner.java:21)
    at org.tmatesoft.svn.core.wc2.SvnOperationFactory.run(SvnOperationFactory.java:1259)
    at org.tmatesoft.svn.core.wc2.SvnOperation.run(SvnOperation.java:294)
    at hudson.scm.subversion.CheckoutUpdater.perform(CheckoutUpdater.java:115)
    at hudson.scm.subversion.WorkspaceUpdater$UpdateTask.delegateTo(WorkspaceUpdater.java:162)
    at hudson.scm.subversion.WorkspaceUpdater$UpdateTask.delegateTo(WorkspaceUpdater.java:170)
    at hudson.scm.subversion.UpdateUpdater$TaskImpl.perform(UpdateUpdater.java:133)
    at hudson.scm.subversion.WorkspaceUpdater$UpdateTask.delegateTo(WorkspaceUpdater.java:162)
    at hudson.scm.SubversionSCM$CheckOutTask.perform(SubversionSCM.java:991)
    at hudson.scm.SubversionSCM$CheckOutTask.invoke(SubversionSCM.java:972)
    at hudson.scm.SubversionSCM$CheckOutTask.invoke(SubversionSCM.java:948)
    at hudson.FilePath.act(FilePath.java:991)
    at hudson.FilePath.act(FilePath.java:969)
    at hudson.scm.SubversionSCM.checkout(SubversionSCM.java:897)
    at hudson.scm.SubversionSCM.checkout(SubversionSCM.java:833)
    at hudson.scm.SCM.checkout(SCM.java:485)
    at hudson.model.AbstractProject.checkout(AbstractProject.java:1280)
    at hudson.model.AbstractBuild$AbstractBuildExecution.defaultCheckout(AbstractBuild.java:610)
    at jenkins.scm.SCMCheckoutStrategy.checkout(SCMCheckoutStrategy.java:86)
    at hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:532)
    at hudson.model.Run.execute(Run.java:1744)
    at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43)
    at hudson.model.ResourceController.execute(ResourceController.java:98)
    at hudson.model.Executor.run(Executor.java:374)
java.io.IOException: Failed to check out https://<svn-server>
    at hudson.scm.subversion.CheckoutUpdater.perform(CheckoutUpdater.java:126)
    at hudson.scm.subversion.WorkspaceUpdater$UpdateTask.delegateTo(WorkspaceUpdater.java:162)
    at hudson.scm.subversion.WorkspaceUpdater$UpdateTask.delegateTo(WorkspaceUpdater.java:170)
    at hudson.scm.subversion.UpdateUpdater$TaskImpl.perform(UpdateUpdater.java:133)
    at hudson.scm.subversion.WorkspaceUpdater$UpdateTask.delegateTo(WorkspaceUpdater.java:162)
    at hudson.scm.SubversionSCM$CheckOutTask.perform(SubversionSCM.java:991)
    at hudson.scm.SubversionSCM$CheckOutTask.invoke(SubversionSCM.java:972)
    at hudson.scm.SubversionSCM$CheckOutTask.invoke(SubversionSCM.java:948)
    at hudson.FilePath.act(FilePath.java:991)
    at hudson.FilePath.act(FilePath.java:969)
    at hudson.scm.SubversionSCM.checkout(SubversionSCM.java:897)
    at hudson.scm.SubversionSCM.checkout(SubversionSCM.java:833)
    at hudson.scm.SCM.checkout(SCM.java:485)
    at hudson.model.AbstractProject.checkout(AbstractProject.java:1280)
    at hudson.model.AbstractBuild$AbstractBuildExecution.defaultCheckout(AbstractBuild.java:610)
    at jenkins.scm.SCMCheckoutStrategy.checkout(SCMCheckoutStrategy.java:86)
    at hudson.model.AbstractBuild$AbstractBuildExecution.run(AbstractBuild.java:532)
    at hudson.model.Run.execute(Run.java:1744)
    at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43)
    at hudson.model.ResourceController.execute(ResourceController.java:98)
    at hudson.model.Executor.run(Executor.java:374)
Caused by: org.tmatesoft.svn.core.SVNAuthenticationException: svn: E170001: Negotiate authentication failed: 'No valid credentials provided'
    at org.tmatesoft.svn.core.internal.wc.SVNErrorManager.error(SVNErrorManager.java:62)
    at org.tmatesoft.svn.core.internal.wc.SVNErrorManager.error(SVNErrorManager.java:51)
    at org.tmatesoft.svn.core.internal.io.dav.http.DefaultHTTPNegotiateAuthentication.run(DefaultHTTPNegotiateAuthentication.java:175)
    at org.tmatesoft.svn.core.internal.io.dav.http.DefaultHTTPNegotiateAuthentication.run(DefaultHTTPNegotiateAuthentication.java:166)
    at org.tmatesoft.svn.core.internal.io.dav.http.DefaultHTTPNegotiateAuthentication.authenticate(DefaultHTTPNegotiateAuthentication.java:221)
    at org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection.request(HTTPConnection.java:450)
    at org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection.request(HTTPConnection.java:371)
    at org.tmatesoft.svn.core.internal.io.dav.http.HTTPConnection.request(HTTPConnection.java:359)
    at org.tmatesoft.svn.core.internal.io.dav.DAVConnection.performHttpRequest(DAVConnection.java:710)
    at org.tmatesoft.svn.core.internal.io.dav.DAVConnection.exchangeCapabilities(DAVConnection.java:627)
    at org.tmatesoft.svn.core.internal.io.dav.DAVConnection.open(DAVConnection.java:102)
    at org.tmatesoft.svn.core.internal.io.dav.DAVRepository.openConnection(DAVRepository.java:1032)
    at org.tmatesoft.svn.core.internal.io.dav.DAVRepository.getLatestRevision(DAVRepository.java:175)
    at org.tmatesoft.svn.core.internal.wc2.ng.SvnNgRepositoryAccess.getRevisionNumber(SvnNgRepositoryAccess.java:118)
    at org.tmatesoft.svn.core.internal.wc2.SvnRepositoryAccess.getLocations(SvnRepositoryAccess.java:184)
    at org.tmatesoft.svn.core.internal.wc2.ng.SvnNgRepositoryAccess.createRepositoryFor(SvnNgRepositoryAccess.java:45)
    at org.tmatesoft.svn.core.internal.wc2.ng.SvnNgAbstractUpdate.checkout(SvnNgAbstractUpdate.java:756)
    at org.tmatesoft.svn.core.internal.wc2.ng.SvnNgCheckout.run(SvnNgCheckout.java:26)
    at org.tmatesoft.svn.core.internal.wc2.ng.SvnNgCheckout.run(SvnNgCheckout.java:11)
    at org.tmatesoft.svn.core.internal.wc2.ng.SvnNgOperationRunner.run(SvnNgOperationRunner.java:20)
    at org.tmatesoft.svn.core.internal.wc2.SvnOperationRunner.run(SvnOperationRunner.java:21)
    at org.tmatesoft.svn.core.wc2.SvnOperationFactory.run(SvnOperationFactory.java:1259)
    at org.tmatesoft.svn.core.wc2.SvnOperation.run(SvnOperation.java:294)
    at hudson.scm.subversion.CheckoutUpdater.perform(CheckoutUpdater.java:115)
    ... 20 more
Finished: FAILURE

我尝试 this solutionhttp-auth-types 全局服务器选项设置为 basic。在 %APPDATA%\Subversion 我添加了

http-auth-types=basic

servers 文件的全局部分。我仍然收到上述错误。

在用户的 Subversion 文件夹中(%APPDATA%\Subversion for Windows,~/.subversion for Linux/Mac OS x)添加

http-auth-types=Basic

servers 文件的全局部分。请注意 Basicbasic 之间的大小写不同。


对我来说,VisualSVN 报告了以下它支持的身份验证选项列表:

Negotiate
NTLM
Basic realm="VisualSVN Server"

当 Jenkins Subversion 插件使用 http-auth-types 对该列表进行排序时,它会进行区分大小写的比较。所以 Basic 不同于 basic 并且服务器的 Basic 选项保留在列表的底部。 Negotiate 被改用,显然 SVN 插件无法处理。

勾选https://issues.jenkins-ci.org/browse/JENKINS-26158

最后一条评论似乎包含解决方法。

尽管我尝试使用 Jenkins 1.617 + Subversion 插件 2.5 + VisualSVN Server 3.2.2 并且一切正常。

我也遇到了同样的问题,但是很难找到原因。 詹金斯(v2.107)只说:

org.tmatesoft.svn.core.SVNAuthenticationException: svn: E170001: Negotiate authentication failed: 'No valid credentials provided'
...

我仔细检查了所有凭据,一切都是正确的。此外,独立的 svn 效果很好——例如:

svn info --username xxx --password xxx --no-auth-cache --non-interactive --trust-server-cert https://server.xxx.corp/svn/REPO

那么如何找到bug/problem?

提示:Jenkins 使用 SVNKit.

因此我们可以下载 SVNKit (https://svnkit.com/) 并使用此发行版中的 jsvn 工具:

svnkit-1.9.3/bin/jsvn info --username xxx --password xxx --no-auth-cache --non-interactive --trust-server-cert https://server.xxx.corp/svn/REPO

最初我得到类似的错误:

svn: E170001: Negotiate authentication failed: 'No valid credentials provided'

但是目录 svnkit-1.9.3/conf 里面是 logging.properties.disabled 文件。当我删除 .disabled 后缀时,jsvn 将所有日志放入 svnkit-1.9.3/bin/svnkit.0

这显示了所有问题。对我来说:

HTTP/1.1 407 Proxy Authentication Required (...)

很好,这不是 SVN 的凭据问题,而是 Company Proxy 的凭据问题。在您的情况下,问题可能有所不同,但此方法可能有助于找到问题的根源。

附加信息:

Jenkins 提供代理服务器设置。但是 SVN 使用完全不同的外部配置:

C:\Users\<user>\AppData\Roaming\Subversion\servers

要配置代理,我必须提供以上文件:

http-proxy-host = super.proxy.company.com
http-proxy-port = 80
http-proxy-username = defaultusername or DOMAIN\defaultusername
http-proxy-password = defaultpassword

但这也没有像我预期的那样工作 - 一些工具(maven、svn...)在通过一些代理服务器连接到 Internet 时有问题。替代方法是使用 CNTLM 工具 (http://cntlm.sourceforge.net/) 提供本地代理。 Cntlm 完全配置了公司代理 URL、端口和我的域帐户登录名和密码(哈希非纯文本)。 SVN 直接只使用 Cntlm 本地代理(不需要提供任何用户名和密码)。

http-proxy-host = mylocal.host.url.at.domain.com
http-proxy-port = 8089
# with neither username nor password

架构:

SVN    <---(anonymous)--> CNTLM Proxy <---(login, password)---> Company Proxy <----> Internet
SVNKit <---(anonymous)----^
any other tools (Jenkins, maven, ...) can also use CNTLM 

这对我来说非常有用。

FWIW,我也从 svnkit 收到 E170001(403 禁止)错误,但我最终发现这是由于我们的 svn-server 锁定了对特定 svn 客户端版本的访问。

所以我不得不强制 svnkit 报告自己与我们的服务器期望的客户端版本相同,以便获得访问权限。

根据我的需要,我可以通过将此 java 调用添加到我们的工具中来设置所需的版本字符串:

org.tmatesoft.svn.util.Version.setUserAgent("SVN/x.y.z")

(其中 x.y.z 是您的服务器锁定的版本)。

另一种可能的选择是:

System.setProperty("svnkit.version.string", "x.y.z")

或者作为 -Dsvnkit.version.string=x.y.z 的 JVM 参数传入,但它对我不起作用,所以我坚持使用前一种方式并进行了排序。