29

sonarqube 5.5 several Java projects, all have permission set to anyone can execute analysis. use mvn sonar:sonar to run analysis Other projects work fine without error. One project was found to not have the permission set. It was giving:

Not authorized. Analyzing this project requires to be authenticated. Please provide the values of the properties sonar.login and sonar.password.

Setting the permission does not fix it. This project continues to give this error.

Steps taken:

  • Permission is being set on the Project Permissions page, adding Anyone group to EXECUTE ANALYSIS permission. Users 0, groups 1

  • toggle permission off then on again.

  • restart server.
  • remove local sonar/cache

There are two projects with the same name but different keys. QA version and Release.

Not sure what to try next.

------ short log --- mvn -X follows

[INFO] 
[INFO] --- sonar-maven-plugin:3.0.2:sonar (default-cli) @ adminportal-api ---
[INFO] User cache: /Users/kenhargreaves/.sonar/cache
[INFO] Load global repositories
[INFO] Load global repositories (done) | time=265ms
[INFO] User cache: /Users/kenhargreaves/.sonar/cache
[INFO] Exclude plugins: devcockpit, buildstability, pdfreport, report, scmstats, buildbreaker, views, jira
[INFO] Load plugins index
[INFO] Load plugins index (done) | time=16ms
[INFO] SonarQube version: 5.5
[INFO] Default locale: "en_US", source code encoding: "UTF-8"
[INFO] -- Cache for project [com.fusemail:adminportal-api] not found, synchronizing data..
[INFO] Load rules
[INFO] Load rules (done) | time=244ms
[INFO] Load project settings
[INFO] Load project settings (done) | time=182ms
[INFO] Load project quality profiles
[INFO] Load project quality profiles (done) | time=59ms
[INFO] Load project active rules
[INFO] Load project active rules (done) | time=888ms
[INFO] Load server issues
[INFO] Load server issues (done) | time=844ms
[INFO] Load user information
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 8.221 s
[INFO] Finished at: 2016-07-22T11:39:38-07:00
[INFO] Final Memory: 65M/470M
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.sonarsource.scanner.maven:sonar-maven-plugin:3.0.2:sonar (default-cli) on project adminportal-api: Not authorized. Analyzing this project requires to be authenticated. Please provide the values of the properties sonar.login and sonar.password. -> [Help 1]
[ERROR] 
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR] 

-----------------
INFO] Default locale: "en_US", source code encoding: "UTF-8"
[DEBUG] Work directory: /Users/kenhargreaves/Documents/workspace/fm-api-portalapi/target/sonar
[DEBUG] Execution getVersion
[DEBUG] Execution execute
[DEBUG] cache: /Users/kenhargreaves/.sonar/ws_cache/http%3A%2F%2Fsonarqube.electric.net/5.5/projects/com.fusemail%3Aadminportal-api
[INFO] -- Cache for project [com.fusemail:adminportal-api] not found, synchronizing data..
[INFO] Load rules
[DEBUG] GET 200 http://sonarqube.electric.net/api/rules/list.protobuf | time=100ms
[INFO] Load rules (done) | time=176ms
[INFO] Load project settings
[DEBUG] GET 200 http://sonarqube.electric.net/batch/project.protobuf?key=com.fusemail%3Aadminportal-api&issues_mode=true | time=53ms
[INFO] Load project settings (done) | time=158ms
[INFO] Load project quality profiles
[DEBUG] GET 200 http://sonarqube.electric.net/api/qualityprofiles/search.protobuf?projectKey=com.fusemail%3Aadminportal-api | time=41ms
[INFO] Load project quality profiles (done) | time=53ms
[INFO] Load project active rules
[DEBUG] GET 200 http://sonarqube.electric.net/api/rules/search.protobuf?f=repo,name,severity,lang,internalKey,templateKey,params,actives&activation=true&qprofile=c-sonar-way-50322&p=1&ps=500 | time=128ms
[DEBUG] GET 200 http://sonarqube.electric.net/api/rules/search.protobuf?f=repo,name,severity,lang,internalKey,templateKey,params,actives&activation=true&qprofile=cpp-sonar-way-23842&p=1&ps=500 | time=160ms
[DEBUG] GET 200 http://sonarqube.electric.net/api/rules/search.protobuf?f=repo,name,severity,lang,internalKey,templateKey,params,actives&activation=true&qprofile=java-sonar-03590&p=1&ps=500 | time=64ms
[DEBUG] GET 200 http://sonarqube.electric.net/api/rules/search.protobuf?f=repo,name,severity,lang,internalKey,templateKey,params,actives&activation=true&qprofile=js-sonar-way-84357&p=1&ps=500 | time=103ms
[DEBUG] GET 200 http://sonarqube.electric.net/api/rules/search.protobuf?f=repo,name,severity,lang,internalKey,templateKey,params,actives&activation=true&qprofile=objc-sonar-way-52782&p=1&ps=500 | time=123ms
[DEBUG] GET 200 http://sonarqube.electric.net/api/rules/search.protobuf?f=repo,name,severity,lang,internalKey,templateKey,params,actives&activation=true&qprofile=py-sonar-way-75611&p=1&ps=500 | time=69ms
[INFO] Load project active rules (done) | time=728ms
[INFO] Load server issues
[DEBUG] GET 200 http://sonarqube.electric.net/batch/issues.protobuf?key=com.fusemail%3Aadminportal-api | time=333ms
[INFO] Load server issues (done) | time=524ms
[INFO] Load user information
[DEBUG] GET 401 http://sonarqube.electric.net/batch/users?logins=axxx.mxxxx | time=31ms
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 8.647 s
[INFO] Finished at: 2016-07-22T11:42:01-07:00
[INFO] Final Memory: 66M/467M

The user we see there did have an account in the sonarqube server, I did remove him to see what happens.

Ken Hargreaves
  • 291
  • 1
  • 3
  • 5

7 Answers7

42

Go to SonarQube web page, administration, and then go to security and disable "Force User Authentication".

Estevanbs
  • 140
  • 2
  • 13
Maximiliano Matus
  • 449
  • 4
  • 4
  • 1
    I downvoted this comment but it turned out to be a perfect solution to the problem. I'm only ever running the scan locally so no security issue to worry about! Sorry for the downvote! – Raydot Jan 22 '21 at 00:26
  • You are a savior! I am also trying to run a local sonar scan with Jacoco and was getting auth error even though I set token in sonar properties. Turns out, as you mentioned, we have to disable this check in Security tab. Thanks a lot! – Jay Jun 13 '21 at 12:07
  • I am testing SonarQube enterprise edition - do not see that option `Force User Authentication` under Security – Sasha Bond Sep 13 '21 at 16:56
  • 3
    @Sasha Bond - I found it under Administration -> Configuration -> Security – Nitin Vishwakarma Nov 10 '21 at 16:38
  • now, no authentication will be required for the SonarQube server, anyone can play! :( – Ahmed Nabil Feb 28 '22 at 16:36
14

Are you forcing authentication in SonarQube?

If this is the case, you basically need to:

  1. Generate a token for the user-account in SonarQube
  2. Expose the token in an environment variable, say SONAR_TOKEN as below:
    export SONAR_TOKEN="<your_token>" (bash/GitBash)
    SET SONAR_TOKEN="<your_token>" (bat/Windows)
  3. Use the token in you maven command like:
    mvn ... sonar:sonar -Dsonar.login=$SONAR_TOKEN (bash/GitBash)
    mvn ... sonar:sonar -Dsonar.login=%SONAR_TOKEN% (bat/Windows)

This is extensively discussed at Sonarqube authorization - how to authorize with sonar-maven-plugin when sonar.forceAuthentication is enabled.

idrositis
  • 1,136
  • 10
  • 10
  • 1
    From my point of view, this should be the selected answer. This is working, and you don't need to add your password in clear. – Adriel Iclodean Dec 14 '21 at 10:55
4

While trying sonar-scanner with the latest sonerQube I got the following error

ERROR: Not authorized. Analyzing this project requires to be authenticated. Please provide the values of the properties sonar.login and sonar.password.

The solution to this is to add sonar.login and sonar.password properties in the Project root configuration file. You can find its path during run of your sonar-scanner

INFO: Scanner configuration file: /Users//.sonar/native-sonar-scanner/sonar-scanner-4.4.0.2170-macosx/conf/sonar-scanner.properties

Update this file with following properties sonar.login= sonar.password=

Try again, you should get your issue resolved.

Alok Adhao
  • 447
  • 5
  • 6
2

I had this same issue and could fix it

moving the SonarQube configuration from module build.gradle to app build.gradle.

sonarqube {
    properties {
        property "sonar.host.url", System.getenv("SONAR_URL_KEY")
        property "sonar.login", System.getenv("SONAR_LOGIN_KEY")
        ...
    }
}
nano
  • 2,511
  • 4
  • 25
  • 42
2

If you are getting this error with the new version of sonarqube.

You need to follow below steps.

  1. Go to Administration.
  2. Then click on Configuration.
  3. Go to Security.
  4. Scroll down to the end and click on Force user authentication.

Now disable it and click on save.

You will not be getting this error any more now.

Pirate
  • 2,886
  • 4
  • 24
  • 42
0

It's very easy: First go to to http://localhost:9000/admin/settings?category=security. After that, you should see a checkpoint that say Force user authentication, unclick it and you are good to go.

Khalil Jemghili
  • 1
  • 1
0

1.Force user authentication

2.Create a configuration file in your project's root directory called sonar-project.properties

# must be unique in a given SonarQube instance
sonar.projectKey=my:project

# --- optional properties ---

# defaults to project key
#sonar.projectName=My project
# defaults to 'not provided'
#sonar.projectVersion=1.0
 
# Path is relative to the sonar-project.properties file. Defaults to .
#sonar.sources=.
 
# Encoding of the source code. Default is default system encoding
#sonar.sourceEncoding=UTF-8
chen wang
  • 1
  • 1