Cybersecurity
DevOps Cloud (ADM)
IT Operations Cloud
Summary
Whenever our Fortify SSC server reboots (or following a power outage) the SSC web application is no longer functional. The Tomcat web server does appear to be running, and I am able to navigate to the site, but I get the "Fortify is undergoing maintenance" screen. If I then log into the server, stop Tomcat (/opt/tomcat9/bin/shutdown.sh) and then start it again (/opt/tomcat9/bin/startup.sh) it resumes working.
Products
Fortify Static Code Analyzer
Environment
SSC version – 21.2.0.227
Webserver – Apache Tomcat 9
Situation
Whenever our Fortify SSC server reboots (or following a power outage) the SSC web application is no longer functional. The Tomcat web server does appear to be running, and I am able to navigate to the site, but I get the "Fortify is undergoing maintenance" screen. If I then log into the server, stop Tomcat (/opt/tomcat9/bin/shutdown.sh) and then start it again (/opt/tomcat9/bin/startup.sh) it resumes working.
2023-01-27 14:23:32,917 [ERROR] org.apache.catalina.session.StandardManager - Exception unloading sessions to persistent storage
java.io.FileNotFoundException: /opt/tomcat9/work/Catalina/localhost/ssc/SESSIONS.ser (Permission denied)
2023-01-31 17:36:23,091 127.0.0.1 /ssc/fm-ws/services [WARN] com.fortify.manager.security.CustomLoggerListener - Authentication event AuthenticationFailureBadCredentialsEvent: WS Authentication Token; exception: web services authentication failure
2023-02-01 10:35:24,775 127.0.0.1 /ssc/fm-ws/services [ERROR] com.fortify.manager.security.ws.WSCallbackAuthenticationService - Token authentication error: Token not found
2023-02-01 10:35:24,785 127.0.0.1 /ssc/fm-ws/services [ERROR] com.fortify.manager.web.security.ws.AuthenticationInterceptor - Error performing token authentication: SearchProjectVersionRequest
com.fortify.manager.exception.FMSecurityException: Access Denied.
Resolution
1. Open the "version-properties" file and make sure that the "maintenance.mode" is set to false.
2. Check if you are getting the database connection successfully.
3. Try to give all control to all users or groups to the Tomcat Folder.
Go to your Tomcat folder, and go to Properties ----> Security ----> Edit ----> Give full control to all users or groups that are listed. (This is in windows, but can do it as well in Linux)
URL Name
KM000015391