SysAdmin passcode authentication is based on property sonar.web.systemPasscode.
When SQ server is starting, authentication stack is not yet available but access to WS api/system/health must still be protected.
Also, providing the SysAdmin passcode will allow calling WS api/system/health without root permissions.
Changes to WS api/system/health:
- new optional HTTP header X-Sonar-Passcode
- when SQ is starting, providing HTTP header with the same value as property sonar.web.systemPasscode is required. In case of failure, WS will return a 403 HTTP status
- when SQ is started, if HTTP header is provided, its value must be the same as property sonar.web.systemPasscode otherwise a 403 HTTP status is returned. If an incorrect value or no value is provided, then authentication based on permissions applies and root permission is required.