Unable to authentication using Sonarqube API Token after configuring OIDC Keycloak Authentication
Closed this issue · 3 comments
Hi, I have configured OIDC Authentication in my Sonarqube. I am successfully logging in using the Keycloak I configured. But now when I am trying to use the API token inside my pipelines, its not working.
I get this error all the times
ERROR: Error during SonarScanner execution
java.lang.NoClassDefFoundError: javax/servlet/Filter
at java.base/java.lang.ClassLoader.defineClass1(Native Method)
at java.base/java.lang.ClassLoader.defineClass(Unknown Source)
at java.base/java.security.SecureClassLoader.defineClass(Unknown Source)
at java.base/java.net.URLClassLoader.defineClass(Unknown Source)
at java.base/java.net.URLClassLoader$1.run(Unknown Source)
at java.base/java.net.URLClassLoader$1.run(Unknown Source)
at java.base/java.security.AccessController.doPrivileged(Native Method)
at java.base/java.net.URLClassLoader.findClass(Unknown Source)
at org.sonarsource.scanner.api.internal.IsolatedClassloader.loadClass(IsolatedClassloader.java:82)
at java.base/java.lang.ClassLoader.loadClass(Unknown Source)
at org.sonar.classloader.ClassRealm.loadClass(ClassRealm.java:84)
at org.sonar.classloader.ClassRealm.loadClass(ClassRealm.java:76)
at org.sonar.classloader.DefaultClassloaderRef.loadClassIfPresent(DefaultClassloaderRef.java:40)
at org.sonar.classloader.ClassRealm.loadClassFromParent(ClassRealm.java:147)
at org.sonar.classloader.ParentFirstStrategy.loadClass(ParentFirstStrategy.java:35)
at org.sonar.classloader.ClassRealm.loadClass(ClassRealm.java:87)
at org.sonar.classloader.ClassRealm.loadClass(ClassRealm.java:76)
at java.base/java.lang.ClassLoader.defineClass1(Native Method)
at java.base/java.lang.ClassLoader.defineClass(Unknown Source)
at java.base/java.security.SecureClassLoader.defineClass(Unknown Source)
at java.base/java.net.URLClassLoader.defineClass(Unknown Source)
at java.base/java.net.URLClassLoader$1.run(Unknown Source)
at java.base/java.net.URLClassLoader$1.run(Unknown Source)
at java.base/java.security.AccessController.doPrivileged(Native Method)
at java.base/java.net.URLClassLoader.findClass(Unknown Source)
at org.sonar.classloader.ClassRealm.loadClassFromSelf(ClassRealm.java:125)
at org.sonar.classloader.ParentFirstStrategy.loadClass(ParentFirstStrategy.java:37)
at org.sonar.classloader.ClassRealm.loadClass(ClassRealm.java:87)
at org.sonar.classloader.ClassRealm.loadClass(ClassRealm.java:76)
at org.vaulttec.sonarqube.auth.oidc.AuthOidcPlugin.define(AuthOidcPlugin.java:26)
at org.sonar.scanner.bootstrap.ExtensionInstaller.install(ExtensionInstaller.java:60)
at org.sonar.scanner.scan.ProjectScanContainer.addScannerExtensions(ProjectScanContainer.java:320)
at org.sonar.scanner.scan.ProjectScanContainer.doBeforeStart(ProjectScanContainer.java:154)
at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:135)
at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:123)
at org.sonar.scanner.bootstrap.GlobalContainer.doAfterStart(GlobalContainer.java:150)
at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:137)
at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:123)
at org.sonar.batch.bootstrapper.Batch.doExecute(Batch.java:72)
at org.sonar.batch.bootstrapper.Batch.execute(Batch.java:66)
at org.sonarsource.scanner.api.internal.batch.BatchIsolatedLauncher.execute(BatchIsolatedLauncher.java:46)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.base/java.lang.reflect.Method.invoke(Unknown Source)
at org.sonarsource.scanner.api.internal.IsolatedLauncherProxy.invoke(IsolatedLauncherProxy.java:60)
at com.sun.proxy.$Proxy0.execute(Unknown Source)
at org.sonarsource.scanner.api.EmbeddedScanner.doExecute(EmbeddedScanner.java:189)
at org.sonarsource.scanner.api.EmbeddedScanner.execute(EmbeddedScanner.java:138)
at org.sonarsource.scanner.cli.Main.execute(Main.java:112)
at org.sonarsource.scanner.cli.Main.execute(Main.java:75)
at org.sonarsource.scanner.cli.Main.main(Main.java:61)
Caused by: java.lang.ClassNotFoundException: javax.servlet.Filter
at java.base/java.net.URLClassLoader.findClass(Unknown Source)
at org.sonarsource.scanner.api.internal.IsolatedClassloader.loadClass(IsolatedClassloader.java:82)
at java.base/java.lang.ClassLoader.loadClass(Unknown Source)
... 52 moreDo I need to perform some other modifications as well?
This issue is the same as reported on SO (but with a different SQ plugin).
It seems that the SQ scanner engine is trying to classload Java classes which are not inteded for client-side execution. This is because the class AutoLoginFilter (introduced in #44) misses the class annotation @ServerSide.
Ok, the missing annotation in this newly added class is my fault, but IMHO SQ's ExtensionInstaller has it's own issues: It knows all the other plugin classes which are properly annotated with @ServerSide and should come to the conclusion that this plugin is not intended for server-side execution.
So unluckily this plugin version is not usable :-( You can use the previous version of this plugin or wait for the hotfix.
Hello @tjuerge, Thank you for your reply.
Canyou suggest a version which can work for me? I want to access Sonarqube using my CI/CD pipeline, and I really need the SQ API token to work in my pipelines
Can you suggest a version which can work for me?
The previous one should do the job.