Sonarqube授权-启用sonar.forceAuthentication时如何使用sonar-maven-plugin授权 [英] Sonarqube authorization - how to authorize with sonar-maven-plugin when sonar.forceAuthentication is enabled
问题描述
我有使用默认配置的sonarqube 6.5.当sonar.forceAuthentication标志设置为false时,我可以通过以下命令创建和分析项目.
I've got sonarqube 6.5 with default configs. When sonar.forceAuthentication flag is set to false, I can create and analyse project through command given below.
mvn sonar:sonar -Dsonar.host.url=https://mySonarHost/sonar -Dsonar.login=mySonarUserKey
启用sonar.forceAuthentication参数(sonar.forceAuthentication = true)时,无法分析项目.我总是会遇到Maven错误:
When I enable sonar.forceAuthentication parameter (sonar.forceAuthentication=true), I can't analyse project. I always get maven error:
[ERROR] Failed to execute goal org.sonarsource.scanner.maven:sonar-maven-plugin:3.3.0.603:sonar (default-cli) on project storm: Not authorized. Please check the properties sonar.login and sonar.password. -> [Help 1]
它不适用于默认的管理员帐户或已创建的用户帐户(具有分析项目的权限).我也尝试过不使用用户密钥,而是使用用户的登录名和密码(在maven config中为-Dsonar.login和-Dsonar.password),但它也无法正常工作.
我尝试使用不同的声纳版本(从4.5.7到5.6.6到最新的6.5,但我总是得到相同的结果).
It doesn't work on default admin account nor created user account (with permission to analyse project). I've also tried not to use user key, but user' login and password (-Dsonar.login and -Dsonar.password in maven config) but it also doesn't work.
I've tried to use different sonar version (from 4.5.7, through 5.6.6 to the newest, 6.5, but I always get the same result).
在连接期间,我的access.log中有这样的消息:
During the connection, I've got such messages in my access.log:
IP_ADDRESS - - [08/Sep/2017:12:03:33 +0200] "GET /sonar/batch/index HTTP/1.1" 200 - "-" "ScannerMaven/3.3.0.603/3.5.0" "SOME_KEY"
IP_ADDRESS - - [08/Sep/2017:12:03:33 +0200] "GET /sonar/api/settings/values.protobuf HTTP/1.1" 401 - "-" "ScannerMaven/3.3.0.603/3.5.0" "SOME_KEY"
我需要将sonar.forceAuthentication参数设置为true(仅受信任的用户可以访问它).
It's required for me to set sonar.forceAuthentication parameter to true (only trusted users can have access to it).
有什么想法如何通过带有凭据参数的Maven配置和访问声纳?
Any idea how to configure and access sonarqube through maven with credential parameters?
推荐答案
您是否同时设置了sonar.login和sonar.password参数(
Did you set both sonar.login and sonar.password parameters (https://docs.sonarqube.org/display/SCAN/Analyzing+with+SonarQube+Scanner+for+Maven#AnalyzingwithSonarQubeScannerforMaven-Security) ?
请注意,在最新版本(如SonarQube 6.5)中,应使用用户令牌,并在sonar.login参数中进行设置:
Note that in recent versions (like SonarQube 6.5), you should use a user token and just set it in the sonar.login parameter: https://docs.sonarqube.org/display/SONAR/User+Token
这篇关于Sonarqube授权-启用sonar.forceAuthentication时如何使用sonar-maven-plugin授权的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
