Sonar-scanner-maven does not work with HTTP (not HTTPS) PROXY authentication

SonarQube Server / Community Build
1

Template for a good bug report, formatted with Markdown:

  • versions used (SonarQube, Scanner, Plugin, and any relevant extension)
    mvn org.sonarsource.scanner.maven:sonar-maven-plugin:3.9.0.2155:sonar -Dhttp.proxyHost=0.0.0.0 -Dhttp.proxyPort=9010 -Dhttp.proxyUser=sonarque -Dhttp.proxyPassword=xxxx
  • error observed (wrap logs/code around triple quote ``` for proper formatting)
 Unable to execute SonarScanner analysis: Fail to get bootstrap index from server: Status returned by url [http://0.0.0.0:9010/batch/index] is not valid: [401]
  • steps to reproduce
    I can use curl -i -u sonarqube:xxxx http://0.0.0.0:9010/batch/index
    This works. So the maven plugin does not use the httpUser and httpPassword properties.
  • potential workaround
    No workaround with sonar maven plugin.

P.S.: use the #bug:fault sub-category if you’re hitting a specific crash/error , or the #bug:fp sub-category for rules-related behaviour

2

Hey there.

I believe you want to stick your proxy settings in the MAVEN_OPTS environment variable rather than as analysis parameters to the sonar task.

3

Maven DOES NOT support username and password nor does the Java. Using Authentication required the plug-in to support it. If the plug-in does not support it, it doesn’t matter what settings I add to MAVEN or JAVA … it’ll just be ignored. I’m a developer … so I know. Do you need code for me to prove it?

4

Hey there.

You’ve selected a really aggressive tone for a Community Forum where you’re reporting an issue. Please be respectful.

Good news, the plugin does support it! MSONAR-153.

But they’ll have to be in the right place – which is why I suggested the MAVEN_OPTS environment variable (configuring the proxy/authentication in your .m2/settings.xml file will work just as well).

5

I’ve tried it. It did not work.

6

Also, the MSONAR 153 says NOTHING absolutely nothing about username and password (AUTHENTICATION) for proxies. Have you even tested it with AUTHENTICATION?

I’ve tried ever conceivable way to get it to work with AUTHENTICATION and nothing works. The plug-in code is missing the “PROXY AUTHENTICATION” piece.

7

I stand corrected.

I downloaded the most recent source code for the plugin on github and found the following that I needed:
This is the AUTHENTICATION keys I needed (I used http.proxyUsername) when, in fact, it is “http.proxyUser”.

System.setProperty(“http.proxyUser”, StringUtils.defaultString(activeProxy.getUsername(), “”));
System.setProperty(“http.proxyPassword”, StringUtils.defaultString(activeProxy.getPassword(), “”));

This would have been the only information I needed in this correspondence.

8

The maven-sonar-plugin uses a sonar-api library which uses a version of okhttp3 that does not respect or acknowledge http.proxyUser or http.proxyPassword. However, it looks like an okhttp4 works if it is used according to the following article. I want folks in the community that use an authenticated proxy connection to know that this is still a bug.

https://stackoverflow.com/questions/35554380/okhttpclient-proxy-authentication-how-to