[SONAR-7115] Not possible to retrieve system status when forced authentication is enabled - SonarSource

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 5.2
Fix Version/s: 5.4
Component/s: Web API
Labels:
- hardening-teryk

Description

When forced authentication is enabled, a database migration is in progress and you are not logged in, it's impossible to get system status, i.e. see maintenance/setup pages. All WS calls to /api/system/status and /api/system/db_migration_status fail with 401 Unauthorized error.

Activity

Ascending order - Click to sort in descending order

Hide

Permalink

Ann Campbell added a comment - 02/Feb/16 3:08 PM

tested both uri's, logged in and anonymous.

Looks good

Show

Ann Campbell added a comment - 02/Feb/16 3:08 PM tested both uri's, logged in and anonymous. Looks good

Hide

Permalink

Mario Majcica added a comment - 15/Mar/16 11:27 AM

During the upgrade from 5.3 to 5.4 I again faced this problem. DB upgrade won't start with the standard error message "An error happened, some parts of the page might not render correctly. Please contact the administrator if you keep on experiencing this error.".

After commenting out sonar.forceAuthentication=true the upgrade went well. I'm using the latest version of LDAP plugin 1.5.1.

Show

Mario Majcica added a comment - 15/Mar/16 11:27 AM During the upgrade from 5.3 to 5.4 I again faced this problem. DB upgrade won't start with the standard error message "An error happened, some parts of the page might not render correctly. Please contact the administrator if you keep on experiencing this error.". After commenting out sonar.forceAuthentication=true the upgrade went well. I'm using the latest version of LDAP plugin 1.5.1.

Hide

Permalink

Nicolas Bontoux added a comment - 10/May/16 11:23 AM

Mario Majcica (and others who might hit this issue): indeed it is still not possible to perform a DB upgrade when sonar.forceAuthentication=true in sonar.properties. Note that setting this property in the config file is actually unreliable and the proper solution to this is to remove sonar.forceAuthentication from sonar.properties altogether and set it in the admin UI instead (under General Settings - Security). That way it will be properly managed in database (including through upgrades) and you do not have to manually maintain it in the config file.

Show

Nicolas Bontoux added a comment - 10/May/16 11:23 AM Mario Majcica (and others who might hit this issue): indeed it is still not possible to perform a DB upgrade when sonar.forceAuthentication=true in sonar.properties . Note that setting this property in the config file is actually unreliable and the proper solution to this is to remove sonar.forceAuthentication from sonar.properties altogether and set it in the admin UI instead (under General Settings - Security). That way it will be properly managed in database (including through upgrades) and you do not have to manually maintain it in the config file.

Hide

Permalink

Mario Majcica added a comment - 18/May/16 7:27 AM

Nicolas Bontoux thank you. This is a top tip. I now also documented it in my blog post about installation and configuration of SonarQube at http://blog.majcica.com/2016/04/28/sonarqube-on-windows-and-ms-sql/.

Thanks

Show

Mario Majcica added a comment - 18/May/16 7:27 AM Nicolas Bontoux thank you. This is a top tip. I now also documented it in my blog post about installation and configuration of SonarQube at http://blog.majcica.com/2016/04/28/sonarqube-on-windows-and-ms-sql/ . Thanks

People

Assignee:

Teryk Bellahsene

Reporter:

Stas Vilchik

Votes:

0 Vote for this issue

Watchers:

5 Start watching this issue

Dates

Due:

08/Feb/16

Created:

04/Dec/15 4:28 PM

Updated:

22/Sep/16 11:10 AM

Resolved:

01/Feb/16 4:56 PM

Agile

View on Board