Hmm, I get 401 for /api/system/health
:
$ curl -i -H 'Authorization: Bearer <token>' http://<pod IP>:9000/api/system/health
HTTP/1.1 401
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; base-uri 'none'; connect-src 'self' http: https:; img-src * data: blob:; object-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; worker-src 'none'
X-Content-Security-Policy: default-src 'self'; base-uri 'none'; connect-src 'self' http: https:; img-src * data: blob:; object-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; worker-src 'none'
X-WebKit-CSP: default-src 'self'; base-uri 'none'; connect-src 'self' http: https:; img-src * data: blob:; object-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; worker-src 'none'
Content-Length: 0
Date: Thu, 27 Apr 2023 18:32:21 GMT
Here are the logs for that request:
2023.04.27 18:32:21 TRACE web[AYfD9GvKqB7Go6W1AADH][o.s.s.p.w.UserSessionFilter] Thread[http-nio-0.0.0.0-9000-exec-7,5,main] serves /api/system/health
2023.04.27 18:32:21 TRACE web[AYfD9GvKqB7Go6W1AADH][sql] time=1ms | sql=SELECT t.uuid as "uuid", t.user_uuid as "userUuid", t.name as "name", t.token_hash as "tokenHash", t.last_connection_date as "lastConnectionDate", t.created_at as "createdAt", t.project_key as "projectKey", t.type as "type", t.expiration_date as "expirationDate", p.name as "projectName", p.uuid as "projectUuid" FROM user_tokens t LEFT JOIN projects p on t.project_key = p.kee WHERE t.token_hash=? | params=fd3d752e61d244bc3776e794a4d65f3de2f3fdd4ebf18cde4a46d153f4f1947f6c8313919bfec1f1edf9b8407cab50d9
2023.04.27 18:32:21 DEBUG web[AYfD9GvKqB7Go6W1AADH][auth.event] login failure [cause|Token doesn't exist][method|SONARQUBE_TOKEN][provider|LOCAL|local][IP|10.100.199.214|][login|]
Looks like it is trying to query the db for a value specified in a properties file?
To answer your other questions:
-
Yes, that’s what I mean – the Bearer token used by curl matches the value in sonar.properties
.
-
Yes, I see the following line in web.log
:
$ grep "System authentication by passcode is enabled" web.log
2023.04.27 18:22:24 INFO web[][o.s.s.u.SystemPasscodeImpl] System authentication by passcode is enabled
Finally, for completeness, here are the logs for a /api/monitoring/metrics
request:
2023.04.27 18:34:16 TRACE web[AYfD9GvKqB7Go6W1AADm][o.s.c.p.PriorityBeanFactory] Returning cached instance of singleton bean 'jdk.internal.loader.ClassLoaders$AppClassLoader@324a0017-org.sonar.db.DBSessionsImpl'
2023.04.27 18:34:16 TRACE web[AYfD9GvKqB7Go6W1AADm][o.s.c.p.PriorityBeanFactory] Returning cached instance of singleton bean 'jdk.internal.loader.ClassLoaders$AppClassLoader@324a0017-org.sonar.server.setting.ThreadLocalSettings'
2023.04.27 18:34:16 TRACE web[AYfD9GvKqB7Go6W1AADm][o.s.c.p.PriorityBeanFactory] Returning cached instance of singleton bean 'jdk.internal.loader.ClassLoaders$AppClassLoader@324a0017-org.sonar.server.authentication.UserSessionInitializer'
2023.04.27 18:34:16 TRACE web[AYfD9GvKqB7Go6W1AADm][o.s.s.p.w.UserSessionFilter] Thread[http-nio-0.0.0.0-9000-exec-1,5,main] serves /api/monitoring/metrics
2023.04.27 18:34:16 TRACE web[AYfD9GvKqB7Go6W1AADm][sql] time=1ms | sql=select gr.role from group_roles gr where gr.component_uuid is null and gr.group_uuid is null
Thank you so much for your help!