Authorization in Sonar REST/Web API

Question

I have migrated my Sonar version from 5.4 to 6.3.1. In 5.4 version, there was no login API provided by Sonar. Hence we were adding an Authorization header in every call with value as Base64 encoded "username":"password".

But post migration to 6.3.1, the authorization fails with current implementation.

We tried passing token (generated from UI) as value of Authorization header but in vain.

We also tried calling Sonar login API (api/authentication/login) but it is not giving back any response.

Kindly help us resolve this issue.

Thanks.

Edit

Following is the code for calling REST Webservice:

byte[] encodedUsernamePassword = Base64.getEncoder().encode("adminUserName:adminPassword".getBytes());

ResteasyClient client = new ResteasyClientBuilder().build();
    String target = "http://IP:Port/api/issues/search/?statuses=" + "CLOSED" + "&assignees=" + username + "&resolutions=" + "FIXED" + "&createdBefore=" + end_date + "&createdAfter=" + start_date + "&facetMode=debt";

javax.ws.rs.core.Response response = client.target(target).request(MediaType.APPLICATION_JSON).header("Authorization", new String(encodedUsernamePassword)).get();

String strResponse = response.readEntity(String.class);

You should give examples of what you've tried. Suggest to use simple tools like _curl_ first. Make sure to [pass the token as username with empty password](https://docs.sonarqube.org/display/DEV/Web+API#WebAPI-UserToken). — Nicolas B., May 05 '17 at 07:03
Hello, I tried following login API and I am getting HTTP 200 as a response that shows that login is successful. — Safvan Kothawala, May 05 '17 at 07:23
But after calling login API, if I call any other API without passing any Authorization header then it is not giving me any response. If I copy that same URI and call it from browser (post login) then it gives me proper response data. — Safvan Kothawala, May 05 '17 at 07:24

score 2 · Answer 1 · answered May 05 '17 at 08:10

2

First thing: api/authentication/login is of no help here. Per Web API documentation , Web API authentication is made through HTTP basic authentication.

So just pass the username/password in the header of each Web API request. And if you use User Tokens, as per same documentation:

This is the recommended way. Benefits are described in the page User Token. Token is sent via the login field of HTTP basic authentication, without any password.

answered May 05 '17 at 08:10

Nicolas B.

7,245
17
29

Hello, I have edited my question to include the code which I am using to call Sonar webservice. This code was working for calling Sonar v5.3 REST API but it is not working currently. – Safvan Kothawala May 05 '17 at 11:49
If I follow your suggestion using any other tool like Postman then the API is working fine but it is not working if i use a JAVA REST Client. Kindly help troubleshooting this issue. Thanks. – Safvan Kothawala May 05 '17 at 11:50

score 1 · Answer 2 · answered May 08 '17 at 11:39

Two changes were made in above code:

Added 'Basic' prefix to the value of Authorization header as follows:

header("Authorization", new String("Basic YWRtaW46YWRtaW4zMjW="))
Removed extra '/' before '?'from below URL as shown below:

http://IP:Port/api/issues/search/?statuses

Authorization in Sonar REST/Web API

2 Answers2