'Sonarqube authorization - how to authorize with sonar-maven-plugin when sonar.forceAuthentication is enabled

I've got sonarqube 6.5 with default configs. When sonar.forceAuthentication flag is set to false, I can create and analyse project through command given below.

mvn sonar:sonar -Dsonar.host.url=https://mySonarHost/sonar -Dsonar.login=mySonarUserKey

When I enable sonar.forceAuthentication parameter (sonar.forceAuthentication=true), I can't analyse project. I always get maven error:

[ERROR] Failed to execute goal org.sonarsource.scanner.maven:sonar-maven-plugin:3.3.0.603:sonar (default-cli) on project storm: Not authorized. Please check the properties sonar.login and sonar.password. -> [Help 1]

It doesn't work on default admin account nor created user account (with permission to analyse project). I've also tried not to use user key, but user' login and password (-Dsonar.login and -Dsonar.password in maven config) but it also doesn't work. I've tried to use different sonar version (from 4.5.7, through 5.6.6 to the newest, 6.5, but I always get the same result).

During the connection, I've got such messages in my access.log:

IP_ADDRESS - - [08/Sep/2017:12:03:33 +0200] "GET /sonar/batch/index HTTP/1.1" 200 - "-" "ScannerMaven/3.3.0.603/3.5.0" "SOME_KEY"
IP_ADDRESS - - [08/Sep/2017:12:03:33 +0200] "GET /sonar/api/settings/values.protobuf HTTP/1.1" 401 - "-" "ScannerMaven/3.3.0.603/3.5.0" "SOME_KEY"

It's required for me to set sonar.forceAuthentication parameter to true (only trusted users can have access to it).

Any idea how to configure and access sonarqube through maven with credential parameters?

sonarqubeauthorizationsonar-runnersonarqube-scanrunner


Solution 1:[1]

Did you set both sonar.login and sonar.password parameters (Analyzing with SonarQube Scanner for Maven (Archive)) ?

Note that in recent versions (like SonarQube 6.5), you should use a user token and just set it in the sonar.login parameter: User Token

Solution 2:[2]

This is a minimal command that I use to update Sonar Cube Dashboard for my project, 

mvn clean install  sonar:sonar -Dsonar.host.url=<Server_URL> -Dsonar.login=<Token_For_Your_User_Id> -Dsonar.projectKey=<It will be calculated by default using group id & artifact id but its advisable that you use a unique string for all users> -Dsonar.projectName=<Descriptive Project Name to show on dashboard> -Dsonar.projectVersion=<if you wish to specify a version number>

You can always wrap a string value in double quotes if it has spaces in it.

Before using above command, you need to generate token for your user id as specified in answer provided by Eric. There is no need to pass password property.

Solution 3:[3]

I added a single space after -D and all was well with the world!

Solution 4:[4]

For the sake of simplicity and clarity, here's how to add just your sonar credentials to the mvn command:

mvn verify sonar:sonar -Dsonar.login=admin -Dsonar.password=password

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 NicoKowe
Solution 2 Sabir Khan
Solution 3 gachokaeric
Solution 4

Related Questions

SonnarQube's issue: change code to not construct the URL from user-controlled data

SonarQube 3.7 with maven and Jenkins - Maven session does not declare a top level project

android:exported needs to be explicitly specified after add SonarQube in build.gradle

Directory excluding in sonar-project.properties file doesn't work (for me)

How to disable code coverage in sonarqube since 6.2

How can I get the value of inheritance class of other inheritance class in .NET Roslyn API?

SonarQube - how to deactivate inherited rule in quality profile?

SonarQube server can not be reached at http://localhost:9000 with Sonarqube-4.5.1

SonarQube: Invoke method(s) only conditionally

Sonarqube gives node.js error while running sonar-scanner

How can I reduce cyclomatic complexity for the code to be acceptable by sonar

How to configure sonar.coverage.jacoco.xmlReportPaths for JaCoCo/SonarQube?

How to Code Quality on EXCEL VBA Code in SonarQube or Alternatives?

SonarQube - how to run the code analysis again for a project after creating that project

Eclipse - Sonar S2629 possible false positive with new String