Authorization in Sonar REST/Web API

Question

I have migrated my Sonar version from 5.4 to 6.3.1. In 5.4 version, there was no login API provided by Sonar. Hence we were adding an Authorization header in every call with value as Base64 encoded "username":"password".

But post migration to 6.3.1, the authorization fails with current implementation.

We tried passing token (generated from UI) as value of Authorization header but in vain.

We also tried calling Sonar login API (api/authentication/login) but it is not giving back any response.

Kindly help us resolve this issue.

Thanks.

Edit

Following is the code for calling REST Webservice:

byte[] encodedUsernamePassword = Base64.getEncoder().encode("adminUserName:adminPassword".getBytes());

ResteasyClient client = new ResteasyClientBuilder().build();
    String target = "http://IP:Port/api/issues/search/?statuses=" + "CLOSED" + "&assignees=" + username + "&resolutions=" + "FIXED" + "&createdBefore=" + end_date + "&createdAfter=" + start_date + "&facetMode=debt";

javax.ws.rs.core.Response response = client.target(target).request(MediaType.APPLICATION_JSON).header("Authorization", new String(encodedUsernamePassword)).get();

String strResponse = response.readEntity(String.class);

Answer 1

Two changes were made in above code:

1. Added 'Basic' prefix to the value of Authorization header as follows:

   header("Authorization", new String("Basic YWRtaW46YWRtaW4zMjW="))

2. Removed extra '/' before '?'from below URL as shown below:

   http://IP:Port/api/issues/search/?statuses

Answer 2

First thing: api/authentication/login is of no help here. Per Web API documentation , Web API authentication is made through HTTP basic authentication.

So just pass the username/password in the header of each Web API request. And if you use User Tokens, as per same documentation:

This is the recommended way. Benefits are described in the page User Token. Token is sent via the login field of HTTP basic authentication, without any password.