ws-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Hasini Gunasinghe <hasi7...@gmail.com>
Subject Re: Concurrency issue in generating signature under high load
Date Mon, 27 Aug 2012 05:43:54 GMT
Hi Colm,

Thanks a lot for your response and for offering to do a release on 1.5.x
branch.

I will apply this fix locally and continue. Will also provide the patch on
WSS4J 1.5.12 branch through a jira so that it can be used if a release on
1.5.x branch is going to happen.

I will run the same tests once migrated to rampart which uses WSS4J 1.6.x
and let you know if the issue could be reproduced.

Thanks,
Hasini.

On Fri, Aug 24, 2012 at 1:34 PM, Colm O hEigeartaigh <coheigea@apache.org>wrote:

>
> Hi Hasini,
>
> I think that issue is probably fixed in 1.6.x. There was a lot of
> refactoring done to simplify things in 1.6.x, in particular
> WSSecurityEngine is no longer a singleton, WSDocInfoStore was removed, etc.
> Is it possible to re-run the test-cases with a version of Rampart that uses
> WSS4J 1.6.x.?
>
> As for WSS4J 1.5.x, could you also try with WSS4J 1.5.12? If that doesn't
> work, I'm willing to release *one* more release on that branch. So if you
> want to create a patch for this issue I'll apply it and get 1.5.13 out,
> with an XML Security upgrade.
>
> Colm.
>
>
> On Thu, Aug 23, 2012 at 5:58 PM, Hasini Gunasinghe <hasi7786@gmail.com>wrote:
>
>> Yes, it is 1.5.11.
>> Could I know whether the above particular issue is addressed in 1.6.x?
>>
>> Thanks,
>> Hasini.
>>
>>
>> On Thu, Aug 23, 2012 at 10:09 PM, Colm O hEigeartaigh <
>> coheigea@apache.org> wrote:
>>
>>>
>>> What version of WSS4J are you using? It looks like you are using 1.5.x -
>>> which is essentially deprecated at this stage. Is it possible to move to
>>> using 1.6.x instead?
>>>
>>> Colm.
>>>
>>>
>>> On Thu, Aug 23, 2012 at 5:56 AM, Hasini Gunasinghe <hasi7786@gmail.com>wrote:
>>>
>>>> Hi,
>>>>
>>>> We have observed $subject when using WSS4J with Rampart for digital
>>>> signature.
>>>> I have attached the error logs at [1] and [2] for your reference.
>>>>
>>>> According to the error and going through the code, it seems that the
>>>> root cause is: "securityTokenReferences" variable in
>>>> org.apache.ws.security.WSDocInfo, which is a List (and initialized as a
>>>> Vector later) is trying to be modified by the method:
>>>> WSDocInfo#setSecurityTokenReference while the iterator obtained on
>>>> "securityTokenReferences" is being iterated in the method:
>>>> WSDocInfo#getSecurityTokenReference.
>>>>
>>>> When the code is modified such that the iteration happens in a
>>>> synchronized block, the above issue doesn't occur anymore even under high
>>>> load. But that would not be the ideal solution since it can cause
>>>> performance overhead.
>>>>
>>>> Appreciate any thoughts on an optimal solution for this concurrency
>>>> issue.
>>>>
>>>> [1]
>>>> Caused by: org.apache.rampart.RampartException: Error in signature with
>>>> X509Token
>>>> at
>>>> org.apache.rampart.builder.AsymmetricBindingBuilder.doSignature(AsymmetricBindingBuilder.java:741)
>>>>  at
>>>> org.apache.rampart.builder.AsymmetricBindingBuilder.doSignBeforeEncrypt(AsymmetricBindingBuilder.java:414)
>>>> at
>>>> org.apache.rampart.builder.AsymmetricBindingBuilder.build(AsymmetricBindingBuilder.java:90)
>>>>  at org.apache.rampart.MessageBuilder.build(MessageBuilder.java:147)
>>>> at
>>>> org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:65)
>>>>  ... 18 more
>>>> Caused by: org.apache.ws.security.WSSecurityException: Signature
>>>> creation failed; nested exception is:
>>>> java.util.ConcurrentModificationException
>>>>  at
>>>> org.apache.ws.security.message.WSSecSignature.computeSignature(WSSecSignature.java:732)
>>>> at
>>>> org.apache.rampart.builder.AsymmetricBindingBuilder.doSignature(AsymmetricBindingBuilder.java:732)
>>>>  ... 22 more
>>>> Caused by: java.util.ConcurrentModificationException
>>>> at
>>>> java.util.AbstractList$Itr.checkForComodification(AbstractList.java:372)
>>>>  at java.util.AbstractList$Itr.next(AbstractList.java:343)
>>>> at
>>>> org.apache.ws.security.WSDocInfo.getSecurityTokenReference(WSDocInfo.java:86)
>>>>  at
>>>> org.apache.ws.security.message.EnvelopeIdResolver.engineResolve(EnvelopeIdResolver.java:114)
>>>> at
>>>> org.apache.xml.security.utils.resolver.ResourceResolver.resolve(Unknown
>>>> Source)
>>>>  at
>>>> org.apache.xml.security.signature.Reference.getContentsBeforeTransformation(Unknown
>>>> Source)
>>>> at
>>>> org.apache.xml.security.signature.Reference.dereferenceURIandPerformTransforms(Unknown
>>>> Source)
>>>>  at
>>>> org.apache.xml.security.signature.Reference.calculateDigest(Unknown Source)
>>>> at
>>>> org.apache.xml.security.signature.Reference.generateDigestValue(Unknown
>>>> Source)
>>>>  at
>>>> org.apache.xml.security.signature.Manifest.generateDigestValues(Unknown
>>>> Source)
>>>> at org.apache.xml.security.signature.XMLSignature.sign(Unknown Source)
>>>>  at
>>>> org.apache.ws.security.message.WSSecSignature.computeSignature(WSSecSignature.java:724)
>>>> ... 23 more
>>>>
>>>> 2.
>>>> java.util.ConcurrentModificationException
>>>> at
>>>> java.util.AbstractList$Itr.checkForComodification(AbstractList.java:372)
>>>> at java.util.AbstractList$Itr.next(AbstractList.java:343)
>>>>  at
>>>> org.apache.ws.security.WSDocInfo.getSecurityTokenReference(WSDocInfo.java:86)
>>>> at
>>>> org.apache.ws.security.message.EnvelopeIdResolver.engineResolve(EnvelopeIdResolver.java:114)
>>>>  at
>>>> org.apache.xml.security.utils.resolver.ResourceResolver.resolve(Unknown
>>>> Source)
>>>> at
>>>> org.apache.xml.security.signature.Reference.getContentsBeforeTransformation(Unknown
>>>> Source)
>>>>  at
>>>> org.apache.xml.security.signature.Reference.dereferenceURIandPerformTransforms(Unknown
>>>> Source)
>>>> at org.apache.xml.security.signature.Reference.calculateDigest(Unknown
>>>> Source)
>>>>  at org.apache.xml.security.signature.Reference.verify(Unknown Source)
>>>> at org.apache.xml.security.signature.Manifest.verifyReferences(Unknown
>>>> Source)
>>>>  at org.apache.xml.security.signature.SignedInfo.verify(Unknown Source)
>>>> at
>>>> org.apache.xml.security.signature.XMLSignature.checkSignatureValue(Unknown
>>>> Source)
>>>>  at
>>>> org.apache.xml.security.signature.XMLSignature.checkSignatureValue(Unknown
>>>> Source)
>>>> at
>>>> org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:516)
>>>>  at
>>>> org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:120)
>>>> at
>>>> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:332)
>>>>  at
>>>> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:249)
>>>> at org.apache.rampart.RampartEngine.process(RampartEngine.java:177)
>>>>  at
>>>> org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:92)
>>>>
>>>> Thanks,
>>>> Hasini.
>>>>
>>>
>>>
>>>
>>> --
>>> Colm O hEigeartaigh
>>>
>>> Talend Community Coder
>>> http://coders.talend.com
>>>
>>>
>>
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>
>

Mime
View raw message