Closed ejouvin closed 7 years ago
ejouvin
commented
7 years ago Confirmed, this is a security "issue" from SonarQube, I am using 6.2 May be not the case with earlier version, but this metrics required the administration permit.
So it can not be used.
pawlakm
commented
7 years ago Hi,
Indeed, this is a SQ limitation related to #15. I really don't understand their logic, but I can't do anything about it (well something could be probably done using aspects, but in my humble opinion the issue is on SQ's side: they should rather allow administrators to explicitly enable some webservices to access secured webservices)
Anyway, there is a way to circumvent this issue if you're using your own SQ instance and can put a reverse proxy in front of it (for instance a HAProxy instance). Here are the steps to achieve this:
<securitytoken> having the rights to call the webservices that are secured.https://yourhost/sqbadges/* should be rewritten to https://<securitytoken>@yourhost/sonar/api/badges/* (in fact you need to have HAProxy add a basic security header). This will allow you to add required credentials under the hood when calling the https://yourhost/sqbadges/* url and thus display all badges (without showing these credentials). Note: do not forget to keep all parameters.Tell me if it is a viable workaround for you.
Kind regards,
Michel
ejouvin
commented
7 years ago Oh ok.
Not so "simple", but really beacause of the logic from SonarQube. Not sure I will be agree to make this trick. I am going to thing about that (but not soon) and let you know. I did close the issue because it was not a big issue for me.
Will let you know
pawlakm
commented
7 years ago ok I'm closing the issue then.
Hello.
On my instance, it always a badge with not found. On the wiki, it is the same.
Or I missed something ?
In fact, I tryed the rest API on sonarqube with something like :