Uploaded image for project: 'SonarQube'
  1. SonarQube
  2. SONAR-14211

Make api/server/version require authentication when force authentication is enabled

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Web API
    • Labels:
    • Edition:
      Community
    • Production Notes:
      None

      Description

      When api/server/version was created, no authentication was required when force authentication is enabled.
      Now, we don't see why this WS should not require authentication in this case, so let's enforce security by requiring this WS to be authenticated.

      The fact that this WS was not requiring authentication was probably needed for some Scanners, but now all Scanners are using authentication, only Scanner for Jenkins is not using authentication to access this WS.

      When a new version of Scanner for Jenkins and the new version of SonarLint for Visual Studio removing the unauthenticated call to api/server/version will be released, then this ticket could be implemented.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                julien.lancelot Julien Lancelot
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated: