Maven code analyzer fails with Not authorized when using a token for authentication

Hello All,

I’m using SonarQube Community Edition Version 9.9.4 (build 87374), deployed via Docker.

My goal is to integrate SonarQube with our Jenkins build pipelines, i.e. trigger the analysis from within the build pipeline.

This works fine when I supply login and password to the maven command, i.e.
“… sonar:sonar -Dsonar.login=[username] -Dsonar.password=[password] …”

However when I attempt to use a token, I get the Not Authorized exception, i.e.
“… -Dsonar.token=[my token] …”

The guidance says to use a token and I’d much prefer this to using a password in plain text. Has anyone had this issue, am I missing something obvious?

Things I’ve tried:

  • Tried with a user token and a global token.
  • Tried with a local user account created in SonarQube and an AD-authenticated user (I have Active Directory integration configured).

The full exception when using a token is:
#32 294.9 [ERROR] Failed to execute goal org.sonarsource.scanner.maven:sonar-maven-plugin: (default-cli) on my-project: Not authorized. Please check the properties sonar.login and sonar.password. → [Help 1]


Hey there.

sonar.token was introduced in SonarQube 10.0

However, you can use a token in SonarQube 9.9 LTS by supplying it to sonar.login.

Thank you Colin - that’s awesome! It works a treat.

Best regards,

1 Like