SCANJLIB-262 Restore support of token authentication for SonarQube 9.9

* Add integration tests for the various cases of authentication, including SONAR_TOKEN
* Accept more than 404 errors on the first call to /analysis/version

Author: henryju

its/it-tests/src/test/java/com/sonar/scanner/lib/it/AuthenticationTest.java

@@ -0,0 +1,76 @@
+/*
+ * SonarScanner Java Library - ITs
+ * Copyright (C) 2011-2025 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+package com.sonar.scanner.lib.it;
+
+import com.sonar.orchestrator.build.BuildResult;
+import com.sonar.orchestrator.container.Server;
+import com.sonar.orchestrator.junit4.OrchestratorRule;
+import com.sonar.scanner.lib.it.tools.SimpleScanner;
+import java.io.IOException;
+import java.nio.file.Path;
+import java.nio.file.Paths;
+import java.util.Map;
+import org.junit.Assume;
+import org.junit.ClassRule;
+import org.junit.Test;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+public class AuthenticationTest {
+
+  @ClassRule
+  public static final OrchestratorRule ORCHESTRATOR = ScannerJavaLibraryTestSuite.ORCHESTRATOR;
+
+  @Test
+  public void useTokenAuthenticationByProperties() throws IOException {
+    SimpleScanner scanner = new SimpleScanner();
+    BuildResult buildResult = scanner.executeSimpleProject(project("js-sample"), ORCHESTRATOR.getServer().getUrl(), Map.of(
+      ScannerJavaLibraryTestSuite.ORCHESTRATOR.getServer().version().isGreaterThanOrEquals(10, 0) ? "sonar.token" : "sonar.login",
+      ScannerJavaLibraryTestSuite.ORCHESTRATOR.getDefaultAdminToken()
+    ), Map.of(), false);
+    assertThat(buildResult.getLastStatus()).isZero();
+  }
+
+  @Test
+  public void useTokenAuthenticationByEnvVariable() throws IOException {
+    SimpleScanner scanner = new SimpleScanner();
+    BuildResult buildResult = scanner.executeSimpleProject(project("js-sample"), ORCHESTRATOR.getServer().getUrl(), Map.of(),
+      Map.of("SONAR_TOKEN", ScannerJavaLibraryTestSuite.ORCHESTRATOR.getDefaultAdminToken()), false);
+    assertThat(buildResult.getLastStatus()).isZero();
+  }
+
+  @Test
+  public void useLoginPasswordAuthentication() throws IOException {
+    // Support of login/password authentication has been dropped in SQS 25.1
+    Assume.assumeFalse(ORCHESTRATOR.getServer().version().isGreaterThanOrEquals(25, 1));
+    SimpleScanner scanner = new SimpleScanner();
+    BuildResult buildResult = scanner.executeSimpleProject(project("js-sample"), ORCHESTRATOR.getServer().getUrl(), Map.of(
+      "sonar.login", Server.ADMIN_LOGIN,
+      "sonar.password", Server.ADMIN_PASSWORD
+    ), Map.of(), false);
+    assertThat(buildResult.getLastStatus()).isZero();
+  }
+
+  private static Path project(String projectName) {
+    return Paths.get("..", "projects", projectName);
+  }
+
+
+}

its/it-tests/src/test/java/com/sonar/scanner/lib/it/ProxyTest.java

@@ -207,7 +207,7 @@ public void simple_analysis_with_proxy_auth() throws Exception {
 
     BuildResult buildResult = scanner.executeSimpleProject(project("js-sample"), ORCHESTRATOR.getServer().getUrl(), params, Map.of());
     assertThat(buildResult.getLastStatus()).isNotZero();
-    assertThat(buildResult.getLogs()).contains("Failed to query server version: Proxy Authentication Required.");
+    assertThat(buildResult.getLogs()).contains("Failed to query server version: HTTP 407 Proxy Authentication Required.");
     assertThat(seenByProxy).isEmpty();
 
     params.put("sonar.scanner.proxyUser", PROXY_USER);

its/it-tests/src/test/java/com/sonar/scanner/lib/it/ScannerJavaLibraryTestSuite.java

@@ -31,7 +31,7 @@
 import org.junit.runners.Suite.SuiteClasses;
 
 @RunWith(Suite.class)
-@SuiteClasses({ProxyTest.class, SSLTest.class, PropertiesTest.class})
+@SuiteClasses({AuthenticationTest.class, ProxyTest.class, SSLTest.class, PropertiesTest.class})
 public class ScannerJavaLibraryTestSuite {
   private static final String SONAR_RUNTIME_VERSION = "sonar.runtimeVersion";
 
@@ -41,6 +41,7 @@ public class ScannerJavaLibraryTestSuite {
     .setSonarVersion(getServerVersion())
     .setEdition(getServerVersion().equals(LATEST_RELEASE) ? Edition.COMMUNITY : Edition.DEVELOPER)
     .useDefaultAdminCredentialsForBuilds(true)
+    .defaultForceAuthentication()
     .addBundledPluginToKeep("sonar-javascript")
     .build();
 

its/it-tests/src/test/java/com/sonar/scanner/lib/it/tools/SimpleScanner.java

@@ -20,7 +20,6 @@
 package com.sonar.scanner.lib.it.tools;
 
 import com.sonar.orchestrator.build.BuildResult;
-import com.sonar.orchestrator.container.Server;
 import com.sonar.scanner.lib.it.ScannerJavaLibraryTestSuite;
 import java.io.IOException;
 import java.nio.file.Files;
@@ -55,8 +54,12 @@ public BuildResult executeSimpleProject(Path baseDir, String host) throws IOExce
   }
 
   public BuildResult executeSimpleProject(Path baseDir, String host, Map<String, String> extraProps, Map<String, String> env) throws IOException {
+    return executeSimpleProject(baseDir, host, extraProps, env, true);
+  }
+
+  public BuildResult executeSimpleProject(Path baseDir, String host, Map<String, String> extraProps, Map<String, String> env, boolean configureAuth) throws IOException {
     List<String> params = new ArrayList<>();
-    Map<String, String> props = getSimpleProjectProperties(baseDir, host, extraProps);
+    Map<String, String> props = getSimpleProjectProperties(baseDir, host, extraProps, configureAuth);
 
     props.forEach((k, v) -> params.add("-D" + k + "=" + v));
     params.add("-jar");
@@ -70,19 +73,21 @@ public BuildResult executeSimpleProject(Path baseDir, String host, Map<String, S
     return result;
   }
 
-  private Map<String, String> getSimpleProjectProperties(Path baseDir, String host, Map<String, String> extraProps) throws IOException {
+  private Map<String, String> getSimpleProjectProperties(Path baseDir, String host, Map<String, String> extraProps, boolean configureAuth) throws IOException {
     Properties analysisProperties = new Properties();
     Path propertiesFile = baseDir.resolve("sonar-project.properties");
     analysisProperties.load(Files.newInputStream(propertiesFile));
     analysisProperties.setProperty("sonar.projectBaseDir", baseDir.toAbsolutePath().toString());
     analysisProperties.setProperty("sonar.host.url", host);
-    if (ScannerJavaLibraryTestSuite.ORCHESTRATOR.getServer().version().isGreaterThanOrEquals(10, 0)) {
-      analysisProperties.setProperty("sonar.token", ScannerJavaLibraryTestSuite.ORCHESTRATOR.getDefaultAdminToken());
-    } else {
-      analysisProperties.setProperty("sonar.login", Server.ADMIN_LOGIN);
-      analysisProperties.setProperty("sonar.password", Server.ADMIN_PASSWORD);
+    if (configureAuth) {
+      if (ScannerJavaLibraryTestSuite.ORCHESTRATOR.getServer().version().isGreaterThanOrEquals(10, 0)) {
+        analysisProperties.setProperty("sonar.token", ScannerJavaLibraryTestSuite.ORCHESTRATOR.getDefaultAdminToken());
+      } else {
+        analysisProperties.setProperty("sonar.login", ScannerJavaLibraryTestSuite.ORCHESTRATOR.getDefaultAdminToken());
+      }
     }
     analysisProperties.putAll(extraProps);
     return (Map) analysisProperties;
   }
+
 }

lib/src/main/java/org/sonarsource/scanner/lib/ScannerEngineBootstrapper.java

@@ -262,20 +262,37 @@ private static Path resolveSonarUserHome(Map<String, String> properties) {
   private static String getServerVersion(ScannerHttpClient scannerHttpClient) {
     try {
       return scannerHttpClient.callRestApi("/analysis/version");
-    } catch (Exception e) {
-      if (e instanceof HttpException && ((HttpException) e).getCode() == 404) {
-        // Fallback to the old endpoint
-        try {
-          return scannerHttpClient.callWebApi("/api/server/version");
-        } catch (Exception e2) {
-          var ex = new MessageException("Failed to query server version: " + e2.getMessage(), e2);
-          ex.addSuppressed(e);
-          throw ex;
+    } catch (HttpException httpException) {
+      // Fallback to the old endpoint
+      try {
+        var serverVersion = scannerHttpClient.callWebApi("/api/server/version");
+        if (VersionUtils.isAtLeastIgnoringQualifier(serverVersion, SQ_VERSION_NEW_BOOTSTRAPPING)) {
+          // If version is greater than 10.6, we would have expected the first call to succeed, so it is better to throw the original exception than moving on
+          // and having the scanner failing later (usually because of authentication issues)
+          throw httpException;
         }
-      } else {
-        throw new MessageException("Failed to query server version: " + e.getMessage(), e);
+        return serverVersion;
+      } catch (Exception e2) {
+        var ex = new MessageException("Failed to query server version: " + formatMessage(e2), e2);
+        if (!e2.equals(httpException)) {
+          ex.addSuppressed(httpException);
+        }
+        throw ex;
+      }
+    } catch (Exception e) {
+      throw new MessageException("Failed to query server version: " + formatMessage(e), e);
+    }
+  }
+
+  private static String formatMessage(Exception e) {
+    if (e instanceof HttpException) {
+      String message = "HTTP " + ((HttpException) e).getCode();
+      if (StringUtils.isNotBlank(e.getMessage())) {
+        message += " " + e.getMessage();
       }
+      return message;
     }
+    return e.getMessage();
   }
 
   private void initBootstrapDefaultValues() {

lib/src/main/java/org/sonarsource/scanner/lib/internal/http/HttpException.java

@@ -20,6 +20,7 @@
 package org.sonarsource.scanner.lib.internal.http;
 
 import java.net.URL;
+import java.util.Objects;
 import javax.annotation.Nullable;
 
 public class HttpException extends RuntimeException {
@@ -47,4 +48,16 @@ public int getCode() {
   public String getBody() {
     return body;
   }
+
+  @Override
+  public boolean equals(Object o) {
+    if (!(o instanceof HttpException)) return false;
+    HttpException that = (HttpException) o;
+    return code == that.code && Objects.equals(requestUrl, that.requestUrl) && Objects.equals(body, that.body) && Objects.equals(getMessage(), that.getMessage());
+  }
+
+  @Override
+  public int hashCode() {
+    return Objects.hash(requestUrl, code, body, getMessage());
+  }
 }

lib/src/test/java/org/sonarsource/scanner/lib/ScannerEngineBootstrapperTest.java

@@ -128,6 +128,27 @@ void should_use_new_bootstrapping_with_sonarqube_10_6() throws Exception {
     }
   }
 
+  @Test
+  void should_report_apiv2_error_with_sq_10_6_even_if_older_version_ws_succeeded() throws Exception {
+    when(scannerHttpClient.callRestApi("/analysis/version")).thenThrow(new HttpException(URI.create("http://myserver").toURL(), 401, "", null));
+    when(scannerHttpClient.callWebApi("/api/server/version")).thenReturn(SQ_VERSION_NEW_BOOTSTRAPPING);
+    try (var bootstrapResult = underTest.setBootstrapProperty(ScannerProperties.HOST_URL, "http://localhost").bootstrap()) {
+      assertThat(bootstrapResult.isSuccessful()).isFalse();
+    }
+
+    assertThat(logTester.logs(Level.ERROR)).contains("Failed to query server version: HTTP 401. Please check the property sonar.token or the environment variable SONAR_TOKEN.");
+  }
+
+  @Test
+  void should_report_technical_errors() throws Exception {
+    when(scannerHttpClient.callRestApi("/analysis/version")).thenThrow(new IOException("Socket closed"));
+    try (var bootstrapResult = underTest.setBootstrapProperty(ScannerProperties.HOST_URL, "http://localhost").bootstrap()) {
+      assertThat(bootstrapResult.isSuccessful()).isFalse();
+    }
+
+    assertThat(logTester.logs(Level.ERROR)).contains("Failed to query server version: Socket closed");
+  }
+
   @Test
   void should_issue_deprecation_warning_for_sonar_login_property_sonarqube_10_0() throws Exception {
     IsolatedLauncherFactory launcherFactory = mock(IsolatedLauncherFactory.class);
@@ -162,6 +183,25 @@ void should_log_cb_server_type() throws Exception {
     }
   }
 
+  @Test
+  void should_use_old_bootstrapping_with_sonarqube_9_9() throws Exception {
+    IsolatedLauncherFactory launcherFactory = mock(IsolatedLauncherFactory.class);
+    when(launcherFactory.createLauncher(eq(scannerHttpClient), any(FileCache.class)))
+      .thenReturn(mock(IsolatedLauncherFactory.IsolatedLauncherAndClassloader.class));
+
+    ScannerEngineBootstrapper bootstrapper = new ScannerEngineBootstrapper("Gradle", "3.1", system, scannerHttpClient,
+      launcherFactory, scannerEngineLauncherFactory);
+    when(scannerHttpClient.callRestApi("/analysis/version")).thenThrow(new HttpException(URI.create("http://myserver").toURL(), 401, "Unauthorized", null));
+    when(scannerHttpClient.callWebApi("/api/server/version")).thenReturn("9.9");
+
+    try (var bootstrapResult = bootstrapper.setBootstrapProperty(ScannerProperties.HOST_URL, "http://myserver").bootstrap()) {
+      verify(launcherFactory).createLauncher(eq(scannerHttpClient), any(FileCache.class));
+      assertThat(bootstrapResult.getEngineFacade().isSonarCloud()).isFalse();
+      assertThat(bootstrapResult.getEngineFacade().getServerVersion()).isEqualTo("9.9");
+      verifySonarQubeServerTypeLogged("9.9");
+    }
+  }
+
   @Test
   void should_use_old_bootstrapping_with_sonarqube_10_5() throws Exception {
     IsolatedLauncherFactory launcherFactory = mock(IsolatedLauncherFactory.class);
@@ -190,14 +230,15 @@ void should_show_help_on_proxy_auth_error() throws Exception {
     ScannerEngineBootstrapper bootstrapper = new ScannerEngineBootstrapper("Gradle", "3.1", system, scannerHttpClient,
       launcherFactory, scannerEngineLauncherFactory);
     when(scannerHttpClient.callRestApi("/analysis/version")).thenThrow(new HttpException(URI.create("http://myserver").toURL(), 407, "Proxy Authentication Required", null));
+    when(scannerHttpClient.callWebApi("/api/server/version")).thenThrow(new HttpException(URI.create("http://myserver").toURL(), 407, "Proxy Authentication Required", null));
 
     logTester.setLevel(Level.DEBUG);
 
     try (var result = bootstrapper.setBootstrapProperty(ScannerProperties.HOST_URL, "http://myserver").bootstrap()) {
       assertThat(result.isSuccessful()).isFalse();
     }
 
-    assertThat(logTester.logs(Level.ERROR)).contains("Failed to query server version: Proxy Authentication Required. Please check the properties sonar.scanner.proxyUser and " +
+    assertThat(logTester.logs(Level.ERROR)).contains("Failed to query server version: HTTP 407 Proxy Authentication Required. Please check the properties sonar.scanner.proxyUser and " +
       "sonar.scanner.proxyPassword.");
     assertThatNoServerTypeIsLogged();
   }
@@ -221,7 +262,7 @@ void should_preserve_both_exceptions_when_checking_version() throws Exception {
 
     var loggedError = logTester.logEvents(Level.ERROR);
     assertThat(loggedError).hasSize(1);
-    assertThat(loggedError.get(0).getFormattedMessage()).contains("Failed to query server version: Server Error");
+    assertThat(loggedError.get(0).getFormattedMessage()).contains("Failed to query server version: HTTP 400 Server Error");
     assertThat(ThrowableProxyUtil.asString(loggedError.get(0).getThrowableProxy()))
       .containsSubsequence(
         "Suppressed: org.sonarsource.scanner.lib.internal.http.HttpException: Not Found",
@@ -246,7 +287,7 @@ void should_log_user_friendly_message_when_auth_error(int code) throws Exception
       assertThat(result.isSuccessful()).isFalse();
     }
 
-    assertThat(logTester.logs(Level.ERROR)).contains("Failed to query server version: Unauthorized. Please check the property sonar.token or the environment variable SONAR_TOKEN" +
+    assertThat(logTester.logs(Level.ERROR)).contains("Failed to query server version: HTTP " + code + " Unauthorized. Please check the property sonar.token or the environment variable SONAR_TOKEN" +
       ".");
     assertThatNoServerTypeIsLogged();
   }

lib/src/test/java/org/sonarsource/scanner/lib/internal/http/HttpExceptionTest.java

@@ -0,0 +1,43 @@
+/*
+ * SonarScanner Java Library
+ * Copyright (C) 2011-2025 SonarSource SA
+ * mailto:info AT sonarsource DOT com
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this program; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+package org.sonarsource.scanner.lib.internal.http;
+
+import java.net.MalformedURLException;
+import java.net.URI;
+import org.junit.jupiter.api.Test;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+class HttpExceptionTest {
+
+  @Test
+  void testEqualsAndHashCode() throws MalformedURLException {
+    var underTest1 = new HttpException(URI.create("http://foo1").toURL(), 401, "message1", "body1");
+    var sameUnderTest = new HttpException(URI.create("http://foo1").toURL(), 401, "message1", "body1");
+
+    assertThat(underTest1)
+      .hasSameHashCodeAs(sameUnderTest)
+      .isEqualTo(sameUnderTest)
+      .isNotEqualTo(new HttpException(URI.create("http://foo2").toURL(), 401, "message1", "body1"))
+      .isNotEqualTo(new HttpException(URI.create("http://foo1").toURL(), 402, "message1", "body1"))
+      .isNotEqualTo(new HttpException(URI.create("http://foo1").toURL(), 401, "message2", "body1"))
+      .isNotEqualTo(new HttpException(URI.create("http://foo1").toURL(), 401, "message1", "body2"));
+  }
+}