ws-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Hasini Gunasinghe <hasi7...@gmail.com>
Subject Re: Concurrency issue in generating signature under high load
Date Thu, 23 Aug 2012 16:58:41 GMT
Yes, it is 1.5.11.
Could I know whether the above particular issue is addressed in 1.6.x?

Thanks,
Hasini.

On Thu, Aug 23, 2012 at 10:09 PM, Colm O hEigeartaigh
<coheigea@apache.org>wrote:

>
> What version of WSS4J are you using? It looks like you are using 1.5.x -
> which is essentially deprecated at this stage. Is it possible to move to
> using 1.6.x instead?
>
> Colm.
>
>
> On Thu, Aug 23, 2012 at 5:56 AM, Hasini Gunasinghe <hasi7786@gmail.com>wrote:
>
>> Hi,
>>
>> We have observed $subject when using WSS4J with Rampart for digital
>> signature.
>> I have attached the error logs at [1] and [2] for your reference.
>>
>> According to the error and going through the code, it seems that the root
>> cause is: "securityTokenReferences" variable in
>> org.apache.ws.security.WSDocInfo, which is a List (and initialized as a
>> Vector later) is trying to be modified by the method:
>> WSDocInfo#setSecurityTokenReference while the iterator obtained on
>> "securityTokenReferences" is being iterated in the method:
>> WSDocInfo#getSecurityTokenReference.
>>
>> When the code is modified such that the iteration happens in a
>> synchronized block, the above issue doesn't occur anymore even under high
>> load. But that would not be the ideal solution since it can cause
>> performance overhead.
>>
>> Appreciate any thoughts on an optimal solution for this concurrency issue.
>>
>> [1]
>> Caused by: org.apache.rampart.RampartException: Error in signature with
>> X509Token
>> at
>> org.apache.rampart.builder.AsymmetricBindingBuilder.doSignature(AsymmetricBindingBuilder.java:741)
>>  at
>> org.apache.rampart.builder.AsymmetricBindingBuilder.doSignBeforeEncrypt(AsymmetricBindingBuilder.java:414)
>> at
>> org.apache.rampart.builder.AsymmetricBindingBuilder.build(AsymmetricBindingBuilder.java:90)
>>  at org.apache.rampart.MessageBuilder.build(MessageBuilder.java:147)
>> at org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:65)
>>  ... 18 more
>> Caused by: org.apache.ws.security.WSSecurityException: Signature creation
>> failed; nested exception is:
>> java.util.ConcurrentModificationException
>>  at
>> org.apache.ws.security.message.WSSecSignature.computeSignature(WSSecSignature.java:732)
>> at
>> org.apache.rampart.builder.AsymmetricBindingBuilder.doSignature(AsymmetricBindingBuilder.java:732)
>>  ... 22 more
>> Caused by: java.util.ConcurrentModificationException
>> at
>> java.util.AbstractList$Itr.checkForComodification(AbstractList.java:372)
>>  at java.util.AbstractList$Itr.next(AbstractList.java:343)
>> at
>> org.apache.ws.security.WSDocInfo.getSecurityTokenReference(WSDocInfo.java:86)
>>  at
>> org.apache.ws.security.message.EnvelopeIdResolver.engineResolve(EnvelopeIdResolver.java:114)
>> at
>> org.apache.xml.security.utils.resolver.ResourceResolver.resolve(Unknown
>> Source)
>>  at
>> org.apache.xml.security.signature.Reference.getContentsBeforeTransformation(Unknown
>> Source)
>> at
>> org.apache.xml.security.signature.Reference.dereferenceURIandPerformTransforms(Unknown
>> Source)
>>  at org.apache.xml.security.signature.Reference.calculateDigest(Unknown
>> Source)
>> at
>> org.apache.xml.security.signature.Reference.generateDigestValue(Unknown
>> Source)
>>  at
>> org.apache.xml.security.signature.Manifest.generateDigestValues(Unknown
>> Source)
>> at org.apache.xml.security.signature.XMLSignature.sign(Unknown Source)
>>  at
>> org.apache.ws.security.message.WSSecSignature.computeSignature(WSSecSignature.java:724)
>> ... 23 more
>>
>> 2.
>> java.util.ConcurrentModificationException
>> at
>> java.util.AbstractList$Itr.checkForComodification(AbstractList.java:372)
>> at java.util.AbstractList$Itr.next(AbstractList.java:343)
>>  at
>> org.apache.ws.security.WSDocInfo.getSecurityTokenReference(WSDocInfo.java:86)
>> at
>> org.apache.ws.security.message.EnvelopeIdResolver.engineResolve(EnvelopeIdResolver.java:114)
>>  at
>> org.apache.xml.security.utils.resolver.ResourceResolver.resolve(Unknown
>> Source)
>> at
>> org.apache.xml.security.signature.Reference.getContentsBeforeTransformation(Unknown
>> Source)
>>  at
>> org.apache.xml.security.signature.Reference.dereferenceURIandPerformTransforms(Unknown
>> Source)
>> at org.apache.xml.security.signature.Reference.calculateDigest(Unknown
>> Source)
>>  at org.apache.xml.security.signature.Reference.verify(Unknown Source)
>> at org.apache.xml.security.signature.Manifest.verifyReferences(Unknown
>> Source)
>>  at org.apache.xml.security.signature.SignedInfo.verify(Unknown Source)
>> at
>> org.apache.xml.security.signature.XMLSignature.checkSignatureValue(Unknown
>> Source)
>>  at
>> org.apache.xml.security.signature.XMLSignature.checkSignatureValue(Unknown
>> Source)
>> at
>> org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:516)
>>  at
>> org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:120)
>> at
>> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:332)
>>  at
>> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:249)
>> at org.apache.rampart.RampartEngine.process(RampartEngine.java:177)
>>  at
>> org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:92)
>>
>> Thanks,
>> Hasini.
>>
>
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>
>

Mime
View raw message