ws-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colm O hEigeartaigh <cohei...@apache.org>
Subject Re: Concurrency issue in generating signature under high load
Date Fri, 24 Aug 2012 08:04:03 GMT
Hi Hasini,

I think that issue is probably fixed in 1.6.x. There was a lot of
refactoring done to simplify things in 1.6.x, in particular
WSSecurityEngine is no longer a singleton, WSDocInfoStore was removed, etc.
Is it possible to re-run the test-cases with a version of Rampart that uses
WSS4J 1.6.x.?

As for WSS4J 1.5.x, could you also try with WSS4J 1.5.12? If that doesn't
work, I'm willing to release *one* more release on that branch. So if you
want to create a patch for this issue I'll apply it and get 1.5.13 out,
with an XML Security upgrade.

Colm.

On Thu, Aug 23, 2012 at 5:58 PM, Hasini Gunasinghe <hasi7786@gmail.com>wrote:

> Yes, it is 1.5.11.
> Could I know whether the above particular issue is addressed in 1.6.x?
>
> Thanks,
> Hasini.
>
>
> On Thu, Aug 23, 2012 at 10:09 PM, Colm O hEigeartaigh <coheigea@apache.org
> > wrote:
>
>>
>> What version of WSS4J are you using? It looks like you are using 1.5.x -
>> which is essentially deprecated at this stage. Is it possible to move to
>> using 1.6.x instead?
>>
>> Colm.
>>
>>
>> On Thu, Aug 23, 2012 at 5:56 AM, Hasini Gunasinghe <hasi7786@gmail.com>wrote:
>>
>>> Hi,
>>>
>>> We have observed $subject when using WSS4J with Rampart for digital
>>> signature.
>>> I have attached the error logs at [1] and [2] for your reference.
>>>
>>> According to the error and going through the code, it seems that the
>>> root cause is: "securityTokenReferences" variable in
>>> org.apache.ws.security.WSDocInfo, which is a List (and initialized as a
>>> Vector later) is trying to be modified by the method:
>>> WSDocInfo#setSecurityTokenReference while the iterator obtained on
>>> "securityTokenReferences" is being iterated in the method:
>>> WSDocInfo#getSecurityTokenReference.
>>>
>>> When the code is modified such that the iteration happens in a
>>> synchronized block, the above issue doesn't occur anymore even under high
>>> load. But that would not be the ideal solution since it can cause
>>> performance overhead.
>>>
>>> Appreciate any thoughts on an optimal solution for this concurrency
>>> issue.
>>>
>>> [1]
>>> Caused by: org.apache.rampart.RampartException: Error in signature with
>>> X509Token
>>> at
>>> org.apache.rampart.builder.AsymmetricBindingBuilder.doSignature(AsymmetricBindingBuilder.java:741)
>>>  at
>>> org.apache.rampart.builder.AsymmetricBindingBuilder.doSignBeforeEncrypt(AsymmetricBindingBuilder.java:414)
>>> at
>>> org.apache.rampart.builder.AsymmetricBindingBuilder.build(AsymmetricBindingBuilder.java:90)
>>>  at org.apache.rampart.MessageBuilder.build(MessageBuilder.java:147)
>>> at org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:65)
>>>  ... 18 more
>>> Caused by: org.apache.ws.security.WSSecurityException: Signature
>>> creation failed; nested exception is:
>>> java.util.ConcurrentModificationException
>>>  at
>>> org.apache.ws.security.message.WSSecSignature.computeSignature(WSSecSignature.java:732)
>>> at
>>> org.apache.rampart.builder.AsymmetricBindingBuilder.doSignature(AsymmetricBindingBuilder.java:732)
>>>  ... 22 more
>>> Caused by: java.util.ConcurrentModificationException
>>> at
>>> java.util.AbstractList$Itr.checkForComodification(AbstractList.java:372)
>>>  at java.util.AbstractList$Itr.next(AbstractList.java:343)
>>> at
>>> org.apache.ws.security.WSDocInfo.getSecurityTokenReference(WSDocInfo.java:86)
>>>  at
>>> org.apache.ws.security.message.EnvelopeIdResolver.engineResolve(EnvelopeIdResolver.java:114)
>>> at
>>> org.apache.xml.security.utils.resolver.ResourceResolver.resolve(Unknown
>>> Source)
>>>  at
>>> org.apache.xml.security.signature.Reference.getContentsBeforeTransformation(Unknown
>>> Source)
>>> at
>>> org.apache.xml.security.signature.Reference.dereferenceURIandPerformTransforms(Unknown
>>> Source)
>>>  at org.apache.xml.security.signature.Reference.calculateDigest(Unknown
>>> Source)
>>> at
>>> org.apache.xml.security.signature.Reference.generateDigestValue(Unknown
>>> Source)
>>>  at
>>> org.apache.xml.security.signature.Manifest.generateDigestValues(Unknown
>>> Source)
>>> at org.apache.xml.security.signature.XMLSignature.sign(Unknown Source)
>>>  at
>>> org.apache.ws.security.message.WSSecSignature.computeSignature(WSSecSignature.java:724)
>>> ... 23 more
>>>
>>> 2.
>>> java.util.ConcurrentModificationException
>>> at
>>> java.util.AbstractList$Itr.checkForComodification(AbstractList.java:372)
>>> at java.util.AbstractList$Itr.next(AbstractList.java:343)
>>>  at
>>> org.apache.ws.security.WSDocInfo.getSecurityTokenReference(WSDocInfo.java:86)
>>> at
>>> org.apache.ws.security.message.EnvelopeIdResolver.engineResolve(EnvelopeIdResolver.java:114)
>>>  at
>>> org.apache.xml.security.utils.resolver.ResourceResolver.resolve(Unknown
>>> Source)
>>> at
>>> org.apache.xml.security.signature.Reference.getContentsBeforeTransformation(Unknown
>>> Source)
>>>  at
>>> org.apache.xml.security.signature.Reference.dereferenceURIandPerformTransforms(Unknown
>>> Source)
>>> at org.apache.xml.security.signature.Reference.calculateDigest(Unknown
>>> Source)
>>>  at org.apache.xml.security.signature.Reference.verify(Unknown Source)
>>> at org.apache.xml.security.signature.Manifest.verifyReferences(Unknown
>>> Source)
>>>  at org.apache.xml.security.signature.SignedInfo.verify(Unknown Source)
>>> at
>>> org.apache.xml.security.signature.XMLSignature.checkSignatureValue(Unknown
>>> Source)
>>>  at
>>> org.apache.xml.security.signature.XMLSignature.checkSignatureValue(Unknown
>>> Source)
>>> at
>>> org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:516)
>>>  at
>>> org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:120)
>>> at
>>> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:332)
>>>  at
>>> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:249)
>>> at org.apache.rampart.RampartEngine.process(RampartEngine.java:177)
>>>  at
>>> org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:92)
>>>
>>> Thanks,
>>> Hasini.
>>>
>>
>>
>>
>> --
>> Colm O hEigeartaigh
>>
>> Talend Community Coder
>> http://coders.talend.com
>>
>>
>


-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Mime
View raw message