Having problems with your account or logging in?
A lot of changes are happening in the community right now. Some may affect you. READ MORE HERE
Highlighted
Respected Contributor.. Mark_Egloff Respected Contributor..
Respected Contributor..
4832 views

SSC & Sonar Plugin - Access Denied Error "View jobs in queue"

Jump to solution

Dear all I try to use the Sonar Plugin 2.3 (https://github.com/rsenden/fortify-integration-sonarqube-ssc) together with a SSC 17.20. I followed the instructions on github for the installation and preparation of Sonar and SSC. During my sonar execution via maven I get after the successfull upload of the FPR file the following error

{"message":"Access Denied. This permission is required to complete this action: [View jobs in queue].","responseCode":500,"errorCode":-10301}

This is quite strange because the the Sonar Token has in the serviceContect.xml the required permission.i.e.

<value>GET=/api/v\d+/jobs(/[^/]+)*/?</value>

The FPR has been successfully uploaded and processed, no error or approval step was pending.

If I look in the ssc-access.log I see the error denied

127.0.0.1 - - [11/Nov/2018:22:03:45 +0100] "GET /ssc/api/v1/jobs?fields=state&q=id%3A%22JOB_ARTIFACTUPLOAD%24feed51b4-fa1b-45be-9cd7-6841cc001ce2%22&start=0&limit=50 HTTP/1.1" 500 139

Even more strange - I construct manually the request in my webbrowser, it worked and the page get returned well.

http://authToken:{SonarToken}@localhost:8080/ssc/api/v1/jobs?fields=state&q=id%3A%22JOB_ARTIFACTUPLOAD%24feed51b4-fa1b-45be-9cd7-6841cc001ce2%22&start=0&limit=50

 Any hints what I could try? Any experience on with simliar cases like in Jenkins where you are able as well to upload and verify the process status?

Thank you in advance

SonarToken in serviceContext.xml

	<bean id="sonarQubeToken" class="com.fortify.manager.security.ws.AuthenticationTokenSpec">
		<property name="key" value="SonarQubeToken"/>
		<property name="maxDaysToLive" value="90" />
		<property name="actionPermitted">
			<list value-type="java.lang.String">
				<value>GET=/api/v\d+/artifacts/\d+</value>
				<value>GET=/api/v\d+/jobs</value>
				<value>GET=/api/v\d+/projectVersions</value>
				<value>GET=/api/v\d+/projectVersions/\d+/artifacts</value>
				<value>GET=/api/v\d+/projectVersions/\d+/filterSets</value>
				<value>GET=/api/v\d+/projectVersions/\d+/issues</value>
				<value>GET=/api/v\d+/projectVersions/\d+/performanceIndicatorHistories</value>
				<value>GET=/api/v\d+/projectVersions/\d+/variableHistories</value>
				<value>PUT=/api/v\d+/projectVersions/\d+/issueSearchOptions</value>
				<value>POST=/api/v\d+/fileTokens</value>
				<value>POST=/upload/resultFileUpload.html</value>
			</list>
		</property>
		<property name="terminalActions">
			<list value-type="java.lang.String">
				<value>InvalidateTokenRequest</value>
				<value>DELETE=/api/v\d+/auth/token</value>
			</list>
		</property>
	</bean>

Full Stack Trace from maven

[INFO] Uploading FPR file /home/megloff/Documents/SwissConomy/Fortify/Projects/workspace.java/WebGoat/WebGoat5.0.fpr
[ERROR] Exception occured during Fortify sensor execution
java.lang.RuntimeException: Error accessing remote system http://localhost:8080/ssc: Internal Server Error
	at com.fortify.util.rest.connection.AbstractRestConnection.getUnsuccesfulResponseException(AbstractRestConnection.java:407)
	at com.fortify.util.rest.connection.AbstractRestConnection.checkResponseAndGetOutput(AbstractRestConnection.java:371)
	at com.fortify.util.rest.connection.AbstractRestConnection.executeRequest(AbstractRestConnection.java:227)
	at com.fortify.util.rest.connection.AbstractRestConnection.executeRequest(AbstractRestConnection.java:195)
	at com.fortify.util.rest.connection.AbstractRestConnection.executeRequest(AbstractRestConnection.java:182)
	at com.fortify.util.rest.query.AbstractRestConnectionQuery.executeRequest(AbstractRestConnectionQuery.java:139)
	at com.fortify.util.rest.query.AbstractRestConnectionQuery.processSingleRequest(AbstractRestConnectionQuery.java:213)
	at com.fortify.util.rest.query.AbstractRestConnectionQuery.processAll(AbstractRestConnectionQuery.java:203)
	at com.fortify.util.rest.query.AbstractRestConnectionQuery.getUnique(AbstractRestConnectionQuery.java:115)
	at com.fortify.client.ssc.api.SSCJobAPI.getJobById(SSCJobAPI.java:56)
	at com.fortify.client.ssc.api.SSCJobAPI.waitForJobCompletion(SSCJobAPI.java:62)
	at com.fortify.client.ssc.api.SSCArtifactAPI.getJobForUpload(SSCArtifactAPI.java:124)
	at com.fortify.client.ssc.api.SSCArtifactAPI.uploadArtifactAndWaitProcessingCompletion(SSCArtifactAPI.java:134)
	at com.fortify.integration.sonarqube.ssc.FortifySSCConnectionFactory.uploadFPRAndWaitForProcessingToComplete(FortifySSCConnectionFactory.java:143)
	at com.fortify.integration.sonarqube.ssc.FortifySSCConnectionFactory.getConnectionWithArtifactProcessing(FortifySSCConnectionFactory.java:129)
	at com.fortify.integration.sonarqube.ssc.batch.FortifyIssueMetricsAndSensor.processFortifyIssues(FortifyIssueMetricsAndSensor.java:293)
	at com.fortify.integration.sonarqube.ssc.batch.FortifyIssueMetricsAndSensor.executeBeforeMetricsCalculation(FortifyIssueMetricsAndSensor.java:175)
	at com.fortify.integration.sonarqube.ssc.batch.AbstractFortifyMetricsAndSensor.execute(AbstractFortifyMetricsAndSensor.java:89)
	at org.sonar.scanner.sensor.SensorWrapper.analyse(SensorWrapper.java:53)
	at org.sonar.scanner.phases.SensorsExecutor.executeSensor(SensorsExecutor.java:88)
	at org.sonar.scanner.phases.SensorsExecutor.execute(SensorsExecutor.java:82)
	at org.sonar.scanner.phases.SensorsExecutor.execute(SensorsExecutor.java:68)
	at org.sonar.scanner.phases.AbstractPhaseExecutor.execute(AbstractPhaseExecutor.java:88)
	at org.sonar.scanner.scan.ModuleScanContainer.doAfterStart(ModuleScanContainer.java:177)
	at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:135)
	at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:121)
	at org.sonar.scanner.scan.ProjectScanContainer.scan(ProjectScanContainer.java:291)
	at org.sonar.scanner.scan.ProjectScanContainer.scanRecursively(ProjectScanContainer.java:286)
	at org.sonar.scanner.scan.ProjectScanContainer.doAfterStart(ProjectScanContainer.java:264)
	at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:135)
	at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:121)
	at org.sonar.scanner.task.ScanTask.execute(ScanTask.java:48)
	at org.sonar.scanner.task.TaskContainer.doAfterStart(TaskContainer.java:84)
	at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:135)
	at org.sonar.core.platform.ComponentContainer.execute(ComponentContainer.java:121)
	at org.sonar.scanner.bootstrap.GlobalContainer.executeTask(GlobalContainer.java:121)
	at org.sonar.batch.bootstrapper.Batch.doExecuteTask(Batch.java:116)
	at org.sonar.batch.bootstrapper.Batch.execute(Batch.java:71)
	at org.sonarsource.scanner.api.internal.batch.BatchIsolatedLauncher.execute(BatchIsolatedLauncher.java:46)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at org.sonarsource.scanner.api.internal.IsolatedLauncherProxy.invoke(IsolatedLauncherProxy.java:60)
	at com.sun.proxy.$Proxy23.execute(Unknown Source)
	at org.sonarsource.scanner.api.EmbeddedScanner.doExecute(EmbeddedScanner.java:171)
	at org.sonarsource.scanner.api.EmbeddedScanner.execute(EmbeddedScanner.java:128)
	at org.sonarsource.scanner.maven.bootstrap.ScannerBootstrapper.execute(ScannerBootstrapper.java:65)
	at org.sonarsource.scanner.maven.SonarQubeMojo.execute(SonarQubeMojo.java:104)
	at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo(DefaultBuildPluginManager.java:134)
	at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:207)
	at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:153)
	at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:145)
	at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:116)
	at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:80)
	at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build(SingleThreadedBuilder.java:51)
	at org.apache.maven.lifecycle.internal.LifecycleStarter.execute(LifecycleStarter.java:128)
	at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:307)
	at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:193)
	at org.apache.maven.DefaultMaven.execute(DefaultMaven.java:106)
	at org.apache.maven.cli.MavenCli.execute(MavenCli.java:863)
	at org.apache.maven.cli.MavenCli.doMain(MavenCli.java:288)
	at org.apache.maven.cli.MavenCli.main(MavenCli.java:199)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced(Launcher.java:289)
	at org.codehaus.plexus.classworlds.launcher.Launcher.launch(Launcher.java:229)
	at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode(Launcher.java:415)
	at org.codehaus.plexus.classworlds.launcher.Launcher.main(Launcher.java:356)
Caused by: java.lang.Exception: Error accessing remote system http://localhost:8080/ssc: Internal Server Error, response contents: 
{"message":"Access Denied. This permission is required to complete this action: [View jobs in queue].","responseCode":500,"errorCode":-10301}
	... 71 common frames omitted

 

Labels (3)
Tags (1)
0 Likes
1 Solution

Accepted Solutions
Respected Contributor.. Mark_Egloff Respected Contributor..
Respected Contributor..

Re: SSC & Sonar Plugin - Access Denied Error "View jobs in queue"

Jump to solution

I found the reason for the issue and could solve the problem. My user had the standard role "Developer" assigned, but this one has not the necessary rights to perform this "view jobs" action. So either you need create an own role with all the required permissions or assign the user to the role "Administrator" (at least for testing the Sonar integration)

Question has anyone created a role for "Jenkins" with all its usual permissions and exported the settings as file from SSC?. If you could upload here would be great.

 

Tags (1)
0 Likes
1 Reply
Respected Contributor.. Mark_Egloff Respected Contributor..
Respected Contributor..

Re: SSC & Sonar Plugin - Access Denied Error "View jobs in queue"

Jump to solution

I found the reason for the issue and could solve the problem. My user had the standard role "Developer" assigned, but this one has not the necessary rights to perform this "view jobs" action. So either you need create an own role with all the required permissions or assign the user to the role "Administrator" (at least for testing the Sonar integration)

Question has anyone created a role for "Jenkins" with all its usual permissions and exported the settings as file from SSC?. If you could upload here would be great.

 

Tags (1)
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.