HTTPS proxy authentication is broken in SonarScanner CLI 8.0.0.6341 (using sonar-scanner-java-library 4.0.0). The scanner fails with HTTP 407 Proxy Authentication Required when connecting to an HTTPS SonarQube server through an authenticated HTTP proxy.
This is a regression - proxy authentication works correctly in Scanner CLI 7.0.2 (java-library 3.x).
Environment
-
SonarScanner CLI Version: 8.0.0.6341
-
Java Library Version: 4.0.0. 1577
-
SonarQube Server URL: HTTPS (e.g.,
https://xxxxx) -
Proxy Configuration:
-
Type: HTTP proxy with Basic authentication
-
Properties configured:
properties
sonar.scanner.proxyHost=sonar.example.com sonar.scanner.proxyPort=80 sonar.scanner.proxyUser=username sonar.scanner.proxyPassword=******
-
Scanner debug log:
09:51:10.283 DEBUG --> GET https://xxx/api/v2/analysis/version
09:51:10.410 DEBUG Received 407 Proxy Authentication Required, retrying with Proxy-Authorization header
09:51:10.411 DEBUG --> GET https://xxx/api/v2/analysis/version
09:51:10.419 DEBUG <-- 407 https://xxx/api/v2/analysis/version (7ms)
09:51:10.419 DEBUG <-- 407 https://xxx/api/v2/analysis/version (135ms)
ERROR Failed to query server version: GET https://xxx/api/v2/analysis/version
failed with HTTP 407 Proxy Authentication Required
The retry attempt shows that Proxy-Authorization header is being added, but the proxy still returns 407, indicating that the authentication is not being properly sent in the HTTPS CONNECT tunnel.
After investigating the source code, I found the root cause:
**PR #268(https://github.com/SonarSource/sonar-scanner-java-library/pull/268**) (commit 146b94cde9201c8be04c98475ff2c9e637c7704e) replaced OkHttp with JDK’s native HttpClient. However, this migration missed a critical component: the Authenticator configuration needed for HTTPS proxy authentication.