ws-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Hasini Gunasinghe <hasi7...@gmail.com>
Subject Concurrency issue in generating signature under high load
Date Thu, 23 Aug 2012 04:56:11 GMT
Hi,

We have observed $subject when using WSS4J with Rampart for digital
signature.
I have attached the error logs at [1] and [2] for your reference.

According to the error and going through the code, it seems that the root
cause is: "securityTokenReferences" variable in
org.apache.ws.security.WSDocInfo, which is a List (and initialized as a
Vector later) is trying to be modified by the method:
WSDocInfo#setSecurityTokenReference while the iterator obtained on
"securityTokenReferences" is being iterated in the method:
WSDocInfo#getSecurityTokenReference.

When the code is modified such that the iteration happens in a synchronized
block, the above issue doesn't occur anymore even under high load. But that
would not be the ideal solution since it can cause performance overhead.

Appreciate any thoughts on an optimal solution for this concurrency issue.

[1]
Caused by: org.apache.rampart.RampartException: Error in signature with
X509Token
at
org.apache.rampart.builder.AsymmetricBindingBuilder.doSignature(AsymmetricBindingBuilder.java:741)
at
org.apache.rampart.builder.AsymmetricBindingBuilder.doSignBeforeEncrypt(AsymmetricBindingBuilder.java:414)
at
org.apache.rampart.builder.AsymmetricBindingBuilder.build(AsymmetricBindingBuilder.java:90)
at org.apache.rampart.MessageBuilder.build(MessageBuilder.java:147)
at org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:65)
... 18 more
Caused by: org.apache.ws.security.WSSecurityException: Signature creation
failed; nested exception is:
java.util.ConcurrentModificationException
at
org.apache.ws.security.message.WSSecSignature.computeSignature(WSSecSignature.java:732)
at
org.apache.rampart.builder.AsymmetricBindingBuilder.doSignature(AsymmetricBindingBuilder.java:732)
... 22 more
Caused by: java.util.ConcurrentModificationException
at java.util.AbstractList$Itr.checkForComodification(AbstractList.java:372)
at java.util.AbstractList$Itr.next(AbstractList.java:343)
at
org.apache.ws.security.WSDocInfo.getSecurityTokenReference(WSDocInfo.java:86)
at
org.apache.ws.security.message.EnvelopeIdResolver.engineResolve(EnvelopeIdResolver.java:114)
at org.apache.xml.security.utils.resolver.ResourceResolver.resolve(Unknown
Source)
at
org.apache.xml.security.signature.Reference.getContentsBeforeTransformation(Unknown
Source)
at
org.apache.xml.security.signature.Reference.dereferenceURIandPerformTransforms(Unknown
Source)
at org.apache.xml.security.signature.Reference.calculateDigest(Unknown
Source)
at org.apache.xml.security.signature.Reference.generateDigestValue(Unknown
Source)
at org.apache.xml.security.signature.Manifest.generateDigestValues(Unknown
Source)
at org.apache.xml.security.signature.XMLSignature.sign(Unknown Source)
at
org.apache.ws.security.message.WSSecSignature.computeSignature(WSSecSignature.java:724)
... 23 more

2.
java.util.ConcurrentModificationException
at java.util.AbstractList$Itr.checkForComodification(AbstractList.java:372)
at java.util.AbstractList$Itr.next(AbstractList.java:343)
at
org.apache.ws.security.WSDocInfo.getSecurityTokenReference(WSDocInfo.java:86)
at
org.apache.ws.security.message.EnvelopeIdResolver.engineResolve(EnvelopeIdResolver.java:114)
at org.apache.xml.security.utils.resolver.ResourceResolver.resolve(Unknown
Source)
at
org.apache.xml.security.signature.Reference.getContentsBeforeTransformation(Unknown
Source)
at
org.apache.xml.security.signature.Reference.dereferenceURIandPerformTransforms(Unknown
Source)
at org.apache.xml.security.signature.Reference.calculateDigest(Unknown
Source)
at org.apache.xml.security.signature.Reference.verify(Unknown Source)
at org.apache.xml.security.signature.Manifest.verifyReferences(Unknown
Source)
at org.apache.xml.security.signature.SignedInfo.verify(Unknown Source)
at
org.apache.xml.security.signature.XMLSignature.checkSignatureValue(Unknown
Source)
at
org.apache.xml.security.signature.XMLSignature.checkSignatureValue(Unknown
Source)
at
org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:516)
at
org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:120)
at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:332)
at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:249)
at org.apache.rampart.RampartEngine.process(RampartEngine.java:177)
at
org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:92)

Thanks,
Hasini.

Mime
View raw message