ws-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colm O hEigeartaigh <cohei...@apache.org>
Subject Re: Concurrency issue in generating signature under high load
Date Thu, 23 Aug 2012 16:39:45 GMT
What version of WSS4J are you using? It looks like you are using 1.5.x -
which is essentially deprecated at this stage. Is it possible to move to
using 1.6.x instead?

Colm.

On Thu, Aug 23, 2012 at 5:56 AM, Hasini Gunasinghe <hasi7786@gmail.com>wrote:

> Hi,
>
> We have observed $subject when using WSS4J with Rampart for digital
> signature.
> I have attached the error logs at [1] and [2] for your reference.
>
> According to the error and going through the code, it seems that the root
> cause is: "securityTokenReferences" variable in
> org.apache.ws.security.WSDocInfo, which is a List (and initialized as a
> Vector later) is trying to be modified by the method:
> WSDocInfo#setSecurityTokenReference while the iterator obtained on
> "securityTokenReferences" is being iterated in the method:
> WSDocInfo#getSecurityTokenReference.
>
> When the code is modified such that the iteration happens in a
> synchronized block, the above issue doesn't occur anymore even under high
> load. But that would not be the ideal solution since it can cause
> performance overhead.
>
> Appreciate any thoughts on an optimal solution for this concurrency issue.
>
> [1]
> Caused by: org.apache.rampart.RampartException: Error in signature with
> X509Token
> at
> org.apache.rampart.builder.AsymmetricBindingBuilder.doSignature(AsymmetricBindingBuilder.java:741)
>  at
> org.apache.rampart.builder.AsymmetricBindingBuilder.doSignBeforeEncrypt(AsymmetricBindingBuilder.java:414)
> at
> org.apache.rampart.builder.AsymmetricBindingBuilder.build(AsymmetricBindingBuilder.java:90)
>  at org.apache.rampart.MessageBuilder.build(MessageBuilder.java:147)
> at org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:65)
>  ... 18 more
> Caused by: org.apache.ws.security.WSSecurityException: Signature creation
> failed; nested exception is:
> java.util.ConcurrentModificationException
>  at
> org.apache.ws.security.message.WSSecSignature.computeSignature(WSSecSignature.java:732)
> at
> org.apache.rampart.builder.AsymmetricBindingBuilder.doSignature(AsymmetricBindingBuilder.java:732)
>  ... 22 more
> Caused by: java.util.ConcurrentModificationException
> at java.util.AbstractList$Itr.checkForComodification(AbstractList.java:372)
>  at java.util.AbstractList$Itr.next(AbstractList.java:343)
> at
> org.apache.ws.security.WSDocInfo.getSecurityTokenReference(WSDocInfo.java:86)
>  at
> org.apache.ws.security.message.EnvelopeIdResolver.engineResolve(EnvelopeIdResolver.java:114)
> at org.apache.xml.security.utils.resolver.ResourceResolver.resolve(Unknown
> Source)
>  at
> org.apache.xml.security.signature.Reference.getContentsBeforeTransformation(Unknown
> Source)
> at
> org.apache.xml.security.signature.Reference.dereferenceURIandPerformTransforms(Unknown
> Source)
>  at org.apache.xml.security.signature.Reference.calculateDigest(Unknown
> Source)
> at org.apache.xml.security.signature.Reference.generateDigestValue(Unknown
> Source)
>  at
> org.apache.xml.security.signature.Manifest.generateDigestValues(Unknown
> Source)
> at org.apache.xml.security.signature.XMLSignature.sign(Unknown Source)
>  at
> org.apache.ws.security.message.WSSecSignature.computeSignature(WSSecSignature.java:724)
> ... 23 more
>
> 2.
> java.util.ConcurrentModificationException
> at java.util.AbstractList$Itr.checkForComodification(AbstractList.java:372)
> at java.util.AbstractList$Itr.next(AbstractList.java:343)
>  at
> org.apache.ws.security.WSDocInfo.getSecurityTokenReference(WSDocInfo.java:86)
> at
> org.apache.ws.security.message.EnvelopeIdResolver.engineResolve(EnvelopeIdResolver.java:114)
>  at
> org.apache.xml.security.utils.resolver.ResourceResolver.resolve(Unknown
> Source)
> at
> org.apache.xml.security.signature.Reference.getContentsBeforeTransformation(Unknown
> Source)
>  at
> org.apache.xml.security.signature.Reference.dereferenceURIandPerformTransforms(Unknown
> Source)
> at org.apache.xml.security.signature.Reference.calculateDigest(Unknown
> Source)
>  at org.apache.xml.security.signature.Reference.verify(Unknown Source)
> at org.apache.xml.security.signature.Manifest.verifyReferences(Unknown
> Source)
>  at org.apache.xml.security.signature.SignedInfo.verify(Unknown Source)
> at
> org.apache.xml.security.signature.XMLSignature.checkSignatureValue(Unknown
> Source)
>  at
> org.apache.xml.security.signature.XMLSignature.checkSignatureValue(Unknown
> Source)
> at
> org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:516)
>  at
> org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:120)
> at
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:332)
>  at
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:249)
> at org.apache.rampart.RampartEngine.process(RampartEngine.java:177)
>  at
> org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:92)
>
> Thanks,
> Hasini.
>



-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Mime
View raw message