You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ws.apache.org by "Hasini Gunasinghe (JIRA)" <ji...@apache.org> on 2012/08/27 23:41:07 UTC
[jira] [Created] (WSS-401) Concurrency issue in generating
signature under high load
Hasini Gunasinghe created WSS-401:
-------------------------------------
Summary: Concurrency issue in generating signature under high load
Key: WSS-401
URL: https://issues.apache.org/jira/browse/WSS-401
Project: WSS4J
Issue Type: Bug
Affects Versions: 1.5.11
Reporter: Hasini Gunasinghe
Assignee: Colm O hEigeartaigh
Priority: Critical
Fix For: 1.5.13
Error Logs:
1.
Caused by: org.apache.rampart.RampartException: Error in signature with X509Token
at org.apache.rampart.builder.AsymmetricBindingBuilder.doSignature(AsymmetricBindingBuilder.java:741)
at org.apache.rampart.builder.AsymmetricBindingBuilder.doSignBeforeEncrypt(AsymmetricBindingBuilder.java:414)
at org.apache.rampart.builder.AsymmetricBindingBuilder.build(AsymmetricBindingBuilder.java:90)
at org.apache.rampart.MessageBuilder.build(MessageBuilder.java:147)
at org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:65)
... 18 more
Caused by: org.apache.ws.security.WSSecurityException: Signature creation failed; nested exception is:
java.util.ConcurrentModificationException
at org.apache.ws.security.message.WSSecSignature.computeSignature(WSSecSignature.java:732)
at org.apache.rampart.builder.AsymmetricBindingBuilder.doSignature(AsymmetricBindingBuilder.java:732)
... 22 more
Caused by: java.util.ConcurrentModificationException
at java.util.AbstractList$Itr.checkForComodification(AbstractList.java:372)
at java.util.AbstractList$Itr.next(AbstractList.java:343)
at org.apache.ws.security.WSDocInfo.getSecurityTokenReference(WSDocInfo.java:86)
at org.apache.ws.security.message.EnvelopeIdResolver.engineResolve(EnvelopeIdResolver.java:114)
at org.apache.xml.security.utils.resolver.ResourceResolver.resolve(Unknown Source)
at org.apache.xml.security.signature.Reference.getContentsBeforeTransformation(Unknown Source)
at org.apache.xml.security.signature.Reference.dereferenceURIandPerformTransforms(Unknown Source)
at org.apache.xml.security.signature.Reference.calculateDigest(Unknown Source)
at org.apache.xml.security.signature.Reference.generateDigestValue(Unknown Source)
at org.apache.xml.security.signature.Manifest.generateDigestValues(Unknown Source)
at org.apache.xml.security.signature.XMLSignature.sign(Unknown Source)
at org.apache.ws.security.message.WSSecSignature.computeSignature(WSSecSignature.java:724)
... 23 more
2.
java.util.ConcurrentModificationException
at java.util.AbstractList$Itr.checkForComodification(AbstractList.java:372)
at java.util.AbstractList$Itr.next(AbstractList.java:343)
at org.apache.ws.security.WSDocInfo.getSecurityTokenReference(WSDocInfo.java:86)
at org.apache.ws.security.message.EnvelopeIdResolver.engineResolve(EnvelopeIdResolver.java:114)
at org.apache.xml.security.utils.resolver.ResourceResolver.resolve(Unknown Source)
at org.apache.xml.security.signature.Reference.getContentsBeforeTransformation(Unknown Source)
at org.apache.xml.security.signature.Reference.dereferenceURIandPerformTransforms(Unknown Source)
at org.apache.xml.security.signature.Reference.calculateDigest(Unknown Source)
at org.apache.xml.security.signature.Reference.verify(Unknown Source)
at org.apache.xml.security.signature.Manifest.verifyReferences(Unknown Source)
at org.apache.xml.security.signature.SignedInfo.verify(Unknown Source)
at org.apache.xml.security.signature.XMLSignature.checkSignatureValue(Unknown Source)
at org.apache.xml.security.signature.XMLSignature.checkSignatureValue(Unknown Source)
at org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:516)
at org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:120)
at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:332)
at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:249)
at org.apache.rampart.RampartEngine.process(RampartEngine.java:177)
at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:92)
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org
[jira] [Updated] (WSS-401) Concurrency issue in generating
signature under high load
Posted by "Hasini Gunasinghe (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WSS-401?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Hasini Gunasinghe updated WSS-401:
----------------------------------
Attachment: WSS-401.patch
> Concurrency issue in generating signature under high load
> ---------------------------------------------------------
>
> Key: WSS-401
> URL: https://issues.apache.org/jira/browse/WSS-401
> Project: WSS4J
> Issue Type: Bug
> Affects Versions: 1.5.11
> Reporter: Hasini Gunasinghe
> Assignee: Colm O hEigeartaigh
> Priority: Critical
> Fix For: 1.5.13
>
> Attachments: WSS-401.patch
>
>
> Error Logs:
> 1.
> Caused by: org.apache.rampart.RampartException: Error in signature with X509Token
> at org.apache.rampart.builder.AsymmetricBindingBuilder.doSignature(AsymmetricBindingBuilder.java:741)
> at org.apache.rampart.builder.AsymmetricBindingBuilder.doSignBeforeEncrypt(AsymmetricBindingBuilder.java:414)
> at org.apache.rampart.builder.AsymmetricBindingBuilder.build(AsymmetricBindingBuilder.java:90)
> at org.apache.rampart.MessageBuilder.build(MessageBuilder.java:147)
> at org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:65)
> ... 18 more
> Caused by: org.apache.ws.security.WSSecurityException: Signature creation failed; nested exception is:
> java.util.ConcurrentModificationException
> at org.apache.ws.security.message.WSSecSignature.computeSignature(WSSecSignature.java:732)
> at org.apache.rampart.builder.AsymmetricBindingBuilder.doSignature(AsymmetricBindingBuilder.java:732)
> ... 22 more
> Caused by: java.util.ConcurrentModificationException
> at java.util.AbstractList$Itr.checkForComodification(AbstractList.java:372)
> at java.util.AbstractList$Itr.next(AbstractList.java:343)
> at org.apache.ws.security.WSDocInfo.getSecurityTokenReference(WSDocInfo.java:86)
> at org.apache.ws.security.message.EnvelopeIdResolver.engineResolve(EnvelopeIdResolver.java:114)
> at org.apache.xml.security.utils.resolver.ResourceResolver.resolve(Unknown Source)
> at org.apache.xml.security.signature.Reference.getContentsBeforeTransformation(Unknown Source)
> at org.apache.xml.security.signature.Reference.dereferenceURIandPerformTransforms(Unknown Source)
> at org.apache.xml.security.signature.Reference.calculateDigest(Unknown Source)
> at org.apache.xml.security.signature.Reference.generateDigestValue(Unknown Source)
> at org.apache.xml.security.signature.Manifest.generateDigestValues(Unknown Source)
> at org.apache.xml.security.signature.XMLSignature.sign(Unknown Source)
> at org.apache.ws.security.message.WSSecSignature.computeSignature(WSSecSignature.java:724)
> ... 23 more
> 2.
> java.util.ConcurrentModificationException
> at java.util.AbstractList$Itr.checkForComodification(AbstractList.java:372)
> at java.util.AbstractList$Itr.next(AbstractList.java:343)
> at org.apache.ws.security.WSDocInfo.getSecurityTokenReference(WSDocInfo.java:86)
> at org.apache.ws.security.message.EnvelopeIdResolver.engineResolve(EnvelopeIdResolver.java:114)
> at org.apache.xml.security.utils.resolver.ResourceResolver.resolve(Unknown Source)
> at org.apache.xml.security.signature.Reference.getContentsBeforeTransformation(Unknown Source)
> at org.apache.xml.security.signature.Reference.dereferenceURIandPerformTransforms(Unknown Source)
> at org.apache.xml.security.signature.Reference.calculateDigest(Unknown Source)
> at org.apache.xml.security.signature.Reference.verify(Unknown Source)
> at org.apache.xml.security.signature.Manifest.verifyReferences(Unknown Source)
> at org.apache.xml.security.signature.SignedInfo.verify(Unknown Source)
> at org.apache.xml.security.signature.XMLSignature.checkSignatureValue(Unknown Source)
> at org.apache.xml.security.signature.XMLSignature.checkSignatureValue(Unknown Source)
> at org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:516)
> at org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:120)
> at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:332)
> at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:249)
> at org.apache.rampart.RampartEngine.process(RampartEngine.java:177)
> at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:92)
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org
[jira] [Commented] (WSS-401) Concurrency issue in generating
signature under high load
Posted by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WSS-401?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13447268#comment-13447268 ]
Colm O hEigeartaigh commented on WSS-401:
-----------------------------------------
Hi Hasini,
Can you confirm if the bug still exists in WSS4J 1.5.12? The following bug was fixed in WSS4J 1.5.12 relating to concurrency issues:
https://issues.apache.org/jira/browse/WSS-292
Colm.
> Concurrency issue in generating signature under high load
> ---------------------------------------------------------
>
> Key: WSS-401
> URL: https://issues.apache.org/jira/browse/WSS-401
> Project: WSS4J
> Issue Type: Bug
> Affects Versions: 1.5.11
> Reporter: Hasini Gunasinghe
> Assignee: Colm O hEigeartaigh
> Priority: Critical
> Fix For: 1.5.13
>
> Attachments: WSS-401.patch
>
>
> Error Logs:
> 1.
> Caused by: org.apache.rampart.RampartException: Error in signature with X509Token
> at org.apache.rampart.builder.AsymmetricBindingBuilder.doSignature(AsymmetricBindingBuilder.java:741)
> at org.apache.rampart.builder.AsymmetricBindingBuilder.doSignBeforeEncrypt(AsymmetricBindingBuilder.java:414)
> at org.apache.rampart.builder.AsymmetricBindingBuilder.build(AsymmetricBindingBuilder.java:90)
> at org.apache.rampart.MessageBuilder.build(MessageBuilder.java:147)
> at org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:65)
> ... 18 more
> Caused by: org.apache.ws.security.WSSecurityException: Signature creation failed; nested exception is:
> java.util.ConcurrentModificationException
> at org.apache.ws.security.message.WSSecSignature.computeSignature(WSSecSignature.java:732)
> at org.apache.rampart.builder.AsymmetricBindingBuilder.doSignature(AsymmetricBindingBuilder.java:732)
> ... 22 more
> Caused by: java.util.ConcurrentModificationException
> at java.util.AbstractList$Itr.checkForComodification(AbstractList.java:372)
> at java.util.AbstractList$Itr.next(AbstractList.java:343)
> at org.apache.ws.security.WSDocInfo.getSecurityTokenReference(WSDocInfo.java:86)
> at org.apache.ws.security.message.EnvelopeIdResolver.engineResolve(EnvelopeIdResolver.java:114)
> at org.apache.xml.security.utils.resolver.ResourceResolver.resolve(Unknown Source)
> at org.apache.xml.security.signature.Reference.getContentsBeforeTransformation(Unknown Source)
> at org.apache.xml.security.signature.Reference.dereferenceURIandPerformTransforms(Unknown Source)
> at org.apache.xml.security.signature.Reference.calculateDigest(Unknown Source)
> at org.apache.xml.security.signature.Reference.generateDigestValue(Unknown Source)
> at org.apache.xml.security.signature.Manifest.generateDigestValues(Unknown Source)
> at org.apache.xml.security.signature.XMLSignature.sign(Unknown Source)
> at org.apache.ws.security.message.WSSecSignature.computeSignature(WSSecSignature.java:724)
> ... 23 more
> 2.
> java.util.ConcurrentModificationException
> at java.util.AbstractList$Itr.checkForComodification(AbstractList.java:372)
> at java.util.AbstractList$Itr.next(AbstractList.java:343)
> at org.apache.ws.security.WSDocInfo.getSecurityTokenReference(WSDocInfo.java:86)
> at org.apache.ws.security.message.EnvelopeIdResolver.engineResolve(EnvelopeIdResolver.java:114)
> at org.apache.xml.security.utils.resolver.ResourceResolver.resolve(Unknown Source)
> at org.apache.xml.security.signature.Reference.getContentsBeforeTransformation(Unknown Source)
> at org.apache.xml.security.signature.Reference.dereferenceURIandPerformTransforms(Unknown Source)
> at org.apache.xml.security.signature.Reference.calculateDigest(Unknown Source)
> at org.apache.xml.security.signature.Reference.verify(Unknown Source)
> at org.apache.xml.security.signature.Manifest.verifyReferences(Unknown Source)
> at org.apache.xml.security.signature.SignedInfo.verify(Unknown Source)
> at org.apache.xml.security.signature.XMLSignature.checkSignatureValue(Unknown Source)
> at org.apache.xml.security.signature.XMLSignature.checkSignatureValue(Unknown Source)
> at org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:516)
> at org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:120)
> at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:332)
> at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:249)
> at org.apache.rampart.RampartEngine.process(RampartEngine.java:177)
> at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:92)
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org
[jira] [Resolved] (WSS-401) Concurrency issue in generating
signature under high load
Posted by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WSS-401?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Colm O hEigeartaigh resolved WSS-401.
-------------------------------------
Resolution: Incomplete
> Concurrency issue in generating signature under high load
> ---------------------------------------------------------
>
> Key: WSS-401
> URL: https://issues.apache.org/jira/browse/WSS-401
> Project: WSS4J
> Issue Type: Bug
> Affects Versions: 1.5.11
> Reporter: Hasini Gunasinghe
> Assignee: Colm O hEigeartaigh
> Priority: Critical
> Attachments: WSS-401.patch
>
>
> Error Logs:
> 1.
> Caused by: org.apache.rampart.RampartException: Error in signature with X509Token
> at org.apache.rampart.builder.AsymmetricBindingBuilder.doSignature(AsymmetricBindingBuilder.java:741)
> at org.apache.rampart.builder.AsymmetricBindingBuilder.doSignBeforeEncrypt(AsymmetricBindingBuilder.java:414)
> at org.apache.rampart.builder.AsymmetricBindingBuilder.build(AsymmetricBindingBuilder.java:90)
> at org.apache.rampart.MessageBuilder.build(MessageBuilder.java:147)
> at org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:65)
> ... 18 more
> Caused by: org.apache.ws.security.WSSecurityException: Signature creation failed; nested exception is:
> java.util.ConcurrentModificationException
> at org.apache.ws.security.message.WSSecSignature.computeSignature(WSSecSignature.java:732)
> at org.apache.rampart.builder.AsymmetricBindingBuilder.doSignature(AsymmetricBindingBuilder.java:732)
> ... 22 more
> Caused by: java.util.ConcurrentModificationException
> at java.util.AbstractList$Itr.checkForComodification(AbstractList.java:372)
> at java.util.AbstractList$Itr.next(AbstractList.java:343)
> at org.apache.ws.security.WSDocInfo.getSecurityTokenReference(WSDocInfo.java:86)
> at org.apache.ws.security.message.EnvelopeIdResolver.engineResolve(EnvelopeIdResolver.java:114)
> at org.apache.xml.security.utils.resolver.ResourceResolver.resolve(Unknown Source)
> at org.apache.xml.security.signature.Reference.getContentsBeforeTransformation(Unknown Source)
> at org.apache.xml.security.signature.Reference.dereferenceURIandPerformTransforms(Unknown Source)
> at org.apache.xml.security.signature.Reference.calculateDigest(Unknown Source)
> at org.apache.xml.security.signature.Reference.generateDigestValue(Unknown Source)
> at org.apache.xml.security.signature.Manifest.generateDigestValues(Unknown Source)
> at org.apache.xml.security.signature.XMLSignature.sign(Unknown Source)
> at org.apache.ws.security.message.WSSecSignature.computeSignature(WSSecSignature.java:724)
> ... 23 more
> 2.
> java.util.ConcurrentModificationException
> at java.util.AbstractList$Itr.checkForComodification(AbstractList.java:372)
> at java.util.AbstractList$Itr.next(AbstractList.java:343)
> at org.apache.ws.security.WSDocInfo.getSecurityTokenReference(WSDocInfo.java:86)
> at org.apache.ws.security.message.EnvelopeIdResolver.engineResolve(EnvelopeIdResolver.java:114)
> at org.apache.xml.security.utils.resolver.ResourceResolver.resolve(Unknown Source)
> at org.apache.xml.security.signature.Reference.getContentsBeforeTransformation(Unknown Source)
> at org.apache.xml.security.signature.Reference.dereferenceURIandPerformTransforms(Unknown Source)
> at org.apache.xml.security.signature.Reference.calculateDigest(Unknown Source)
> at org.apache.xml.security.signature.Reference.verify(Unknown Source)
> at org.apache.xml.security.signature.Manifest.verifyReferences(Unknown Source)
> at org.apache.xml.security.signature.SignedInfo.verify(Unknown Source)
> at org.apache.xml.security.signature.XMLSignature.checkSignatureValue(Unknown Source)
> at org.apache.xml.security.signature.XMLSignature.checkSignatureValue(Unknown Source)
> at org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:516)
> at org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:120)
> at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:332)
> at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:249)
> at org.apache.rampart.RampartEngine.process(RampartEngine.java:177)
> at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:92)
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org
[jira] [Commented] (WSS-401) Concurrency issue in generating
signature under high load
Posted by "Hasini Gunasinghe (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WSS-401?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13443092#comment-13443092 ]
Hasini Gunasinghe commented on WSS-401:
---------------------------------------
Hi Colm,
Actually I wrapped that line in a synchronized block - instead of the iterating block - and ran the load test - but the issue wasn't solved.
The reason I think is: 'Vector' collection is anyway a synchronized collection. But after its iterator is obtained, its locked is removed. Hence it is possible that the above line adds elements to the vector, while iterator is being iterated - which causes the concurrent modification exception.
IMO, as far as we maintain a synchronized lock over the Vector collection while the iterator obtained on that collection is running, that would be sufficient.
Thanks,
Hasini.
> Concurrency issue in generating signature under high load
> ---------------------------------------------------------
>
> Key: WSS-401
> URL: https://issues.apache.org/jira/browse/WSS-401
> Project: WSS4J
> Issue Type: Bug
> Affects Versions: 1.5.11
> Reporter: Hasini Gunasinghe
> Assignee: Colm O hEigeartaigh
> Priority: Critical
> Fix For: 1.5.13
>
> Attachments: WSS-401.patch
>
>
> Error Logs:
> 1.
> Caused by: org.apache.rampart.RampartException: Error in signature with X509Token
> at org.apache.rampart.builder.AsymmetricBindingBuilder.doSignature(AsymmetricBindingBuilder.java:741)
> at org.apache.rampart.builder.AsymmetricBindingBuilder.doSignBeforeEncrypt(AsymmetricBindingBuilder.java:414)
> at org.apache.rampart.builder.AsymmetricBindingBuilder.build(AsymmetricBindingBuilder.java:90)
> at org.apache.rampart.MessageBuilder.build(MessageBuilder.java:147)
> at org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:65)
> ... 18 more
> Caused by: org.apache.ws.security.WSSecurityException: Signature creation failed; nested exception is:
> java.util.ConcurrentModificationException
> at org.apache.ws.security.message.WSSecSignature.computeSignature(WSSecSignature.java:732)
> at org.apache.rampart.builder.AsymmetricBindingBuilder.doSignature(AsymmetricBindingBuilder.java:732)
> ... 22 more
> Caused by: java.util.ConcurrentModificationException
> at java.util.AbstractList$Itr.checkForComodification(AbstractList.java:372)
> at java.util.AbstractList$Itr.next(AbstractList.java:343)
> at org.apache.ws.security.WSDocInfo.getSecurityTokenReference(WSDocInfo.java:86)
> at org.apache.ws.security.message.EnvelopeIdResolver.engineResolve(EnvelopeIdResolver.java:114)
> at org.apache.xml.security.utils.resolver.ResourceResolver.resolve(Unknown Source)
> at org.apache.xml.security.signature.Reference.getContentsBeforeTransformation(Unknown Source)
> at org.apache.xml.security.signature.Reference.dereferenceURIandPerformTransforms(Unknown Source)
> at org.apache.xml.security.signature.Reference.calculateDigest(Unknown Source)
> at org.apache.xml.security.signature.Reference.generateDigestValue(Unknown Source)
> at org.apache.xml.security.signature.Manifest.generateDigestValues(Unknown Source)
> at org.apache.xml.security.signature.XMLSignature.sign(Unknown Source)
> at org.apache.ws.security.message.WSSecSignature.computeSignature(WSSecSignature.java:724)
> ... 23 more
> 2.
> java.util.ConcurrentModificationException
> at java.util.AbstractList$Itr.checkForComodification(AbstractList.java:372)
> at java.util.AbstractList$Itr.next(AbstractList.java:343)
> at org.apache.ws.security.WSDocInfo.getSecurityTokenReference(WSDocInfo.java:86)
> at org.apache.ws.security.message.EnvelopeIdResolver.engineResolve(EnvelopeIdResolver.java:114)
> at org.apache.xml.security.utils.resolver.ResourceResolver.resolve(Unknown Source)
> at org.apache.xml.security.signature.Reference.getContentsBeforeTransformation(Unknown Source)
> at org.apache.xml.security.signature.Reference.dereferenceURIandPerformTransforms(Unknown Source)
> at org.apache.xml.security.signature.Reference.calculateDigest(Unknown Source)
> at org.apache.xml.security.signature.Reference.verify(Unknown Source)
> at org.apache.xml.security.signature.Manifest.verifyReferences(Unknown Source)
> at org.apache.xml.security.signature.SignedInfo.verify(Unknown Source)
> at org.apache.xml.security.signature.XMLSignature.checkSignatureValue(Unknown Source)
> at org.apache.xml.security.signature.XMLSignature.checkSignatureValue(Unknown Source)
> at org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:516)
> at org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:120)
> at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:332)
> at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:249)
> at org.apache.rampart.RampartEngine.process(RampartEngine.java:177)
> at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:92)
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org
[jira] [Commented] (WSS-401) Concurrency issue in generating
signature under high load
Posted by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WSS-401?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13461729#comment-13461729 ]
Colm O hEigeartaigh commented on WSS-401:
-----------------------------------------
I am planning to call a vote on 1.5.13 at the end of this week - as things stand I am not applying the patch for this issue until I get some evidence that the problem exists in 1.5.12.
Colm.
> Concurrency issue in generating signature under high load
> ---------------------------------------------------------
>
> Key: WSS-401
> URL: https://issues.apache.org/jira/browse/WSS-401
> Project: WSS4J
> Issue Type: Bug
> Affects Versions: 1.5.11
> Reporter: Hasini Gunasinghe
> Assignee: Colm O hEigeartaigh
> Priority: Critical
> Fix For: 1.5.13
>
> Attachments: WSS-401.patch
>
>
> Error Logs:
> 1.
> Caused by: org.apache.rampart.RampartException: Error in signature with X509Token
> at org.apache.rampart.builder.AsymmetricBindingBuilder.doSignature(AsymmetricBindingBuilder.java:741)
> at org.apache.rampart.builder.AsymmetricBindingBuilder.doSignBeforeEncrypt(AsymmetricBindingBuilder.java:414)
> at org.apache.rampart.builder.AsymmetricBindingBuilder.build(AsymmetricBindingBuilder.java:90)
> at org.apache.rampart.MessageBuilder.build(MessageBuilder.java:147)
> at org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:65)
> ... 18 more
> Caused by: org.apache.ws.security.WSSecurityException: Signature creation failed; nested exception is:
> java.util.ConcurrentModificationException
> at org.apache.ws.security.message.WSSecSignature.computeSignature(WSSecSignature.java:732)
> at org.apache.rampart.builder.AsymmetricBindingBuilder.doSignature(AsymmetricBindingBuilder.java:732)
> ... 22 more
> Caused by: java.util.ConcurrentModificationException
> at java.util.AbstractList$Itr.checkForComodification(AbstractList.java:372)
> at java.util.AbstractList$Itr.next(AbstractList.java:343)
> at org.apache.ws.security.WSDocInfo.getSecurityTokenReference(WSDocInfo.java:86)
> at org.apache.ws.security.message.EnvelopeIdResolver.engineResolve(EnvelopeIdResolver.java:114)
> at org.apache.xml.security.utils.resolver.ResourceResolver.resolve(Unknown Source)
> at org.apache.xml.security.signature.Reference.getContentsBeforeTransformation(Unknown Source)
> at org.apache.xml.security.signature.Reference.dereferenceURIandPerformTransforms(Unknown Source)
> at org.apache.xml.security.signature.Reference.calculateDigest(Unknown Source)
> at org.apache.xml.security.signature.Reference.generateDigestValue(Unknown Source)
> at org.apache.xml.security.signature.Manifest.generateDigestValues(Unknown Source)
> at org.apache.xml.security.signature.XMLSignature.sign(Unknown Source)
> at org.apache.ws.security.message.WSSecSignature.computeSignature(WSSecSignature.java:724)
> ... 23 more
> 2.
> java.util.ConcurrentModificationException
> at java.util.AbstractList$Itr.checkForComodification(AbstractList.java:372)
> at java.util.AbstractList$Itr.next(AbstractList.java:343)
> at org.apache.ws.security.WSDocInfo.getSecurityTokenReference(WSDocInfo.java:86)
> at org.apache.ws.security.message.EnvelopeIdResolver.engineResolve(EnvelopeIdResolver.java:114)
> at org.apache.xml.security.utils.resolver.ResourceResolver.resolve(Unknown Source)
> at org.apache.xml.security.signature.Reference.getContentsBeforeTransformation(Unknown Source)
> at org.apache.xml.security.signature.Reference.dereferenceURIandPerformTransforms(Unknown Source)
> at org.apache.xml.security.signature.Reference.calculateDigest(Unknown Source)
> at org.apache.xml.security.signature.Reference.verify(Unknown Source)
> at org.apache.xml.security.signature.Manifest.verifyReferences(Unknown Source)
> at org.apache.xml.security.signature.SignedInfo.verify(Unknown Source)
> at org.apache.xml.security.signature.XMLSignature.checkSignatureValue(Unknown Source)
> at org.apache.xml.security.signature.XMLSignature.checkSignatureValue(Unknown Source)
> at org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:516)
> at org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:120)
> at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:332)
> at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:249)
> at org.apache.rampart.RampartEngine.process(RampartEngine.java:177)
> at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:92)
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org
[jira] [Commented] (WSS-401) Concurrency issue in generating
signature under high load
Posted by "Hasini Gunasinghe (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WSS-401?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13448941#comment-13448941 ]
Hasini Gunasinghe commented on WSS-401:
---------------------------------------
Hi Colm,
Sure, will test it and let you know.
Thanks,
Hasini.
> Concurrency issue in generating signature under high load
> ---------------------------------------------------------
>
> Key: WSS-401
> URL: https://issues.apache.org/jira/browse/WSS-401
> Project: WSS4J
> Issue Type: Bug
> Affects Versions: 1.5.11
> Reporter: Hasini Gunasinghe
> Assignee: Colm O hEigeartaigh
> Priority: Critical
> Fix For: 1.5.13
>
> Attachments: WSS-401.patch
>
>
> Error Logs:
> 1.
> Caused by: org.apache.rampart.RampartException: Error in signature with X509Token
> at org.apache.rampart.builder.AsymmetricBindingBuilder.doSignature(AsymmetricBindingBuilder.java:741)
> at org.apache.rampart.builder.AsymmetricBindingBuilder.doSignBeforeEncrypt(AsymmetricBindingBuilder.java:414)
> at org.apache.rampart.builder.AsymmetricBindingBuilder.build(AsymmetricBindingBuilder.java:90)
> at org.apache.rampart.MessageBuilder.build(MessageBuilder.java:147)
> at org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:65)
> ... 18 more
> Caused by: org.apache.ws.security.WSSecurityException: Signature creation failed; nested exception is:
> java.util.ConcurrentModificationException
> at org.apache.ws.security.message.WSSecSignature.computeSignature(WSSecSignature.java:732)
> at org.apache.rampart.builder.AsymmetricBindingBuilder.doSignature(AsymmetricBindingBuilder.java:732)
> ... 22 more
> Caused by: java.util.ConcurrentModificationException
> at java.util.AbstractList$Itr.checkForComodification(AbstractList.java:372)
> at java.util.AbstractList$Itr.next(AbstractList.java:343)
> at org.apache.ws.security.WSDocInfo.getSecurityTokenReference(WSDocInfo.java:86)
> at org.apache.ws.security.message.EnvelopeIdResolver.engineResolve(EnvelopeIdResolver.java:114)
> at org.apache.xml.security.utils.resolver.ResourceResolver.resolve(Unknown Source)
> at org.apache.xml.security.signature.Reference.getContentsBeforeTransformation(Unknown Source)
> at org.apache.xml.security.signature.Reference.dereferenceURIandPerformTransforms(Unknown Source)
> at org.apache.xml.security.signature.Reference.calculateDigest(Unknown Source)
> at org.apache.xml.security.signature.Reference.generateDigestValue(Unknown Source)
> at org.apache.xml.security.signature.Manifest.generateDigestValues(Unknown Source)
> at org.apache.xml.security.signature.XMLSignature.sign(Unknown Source)
> at org.apache.ws.security.message.WSSecSignature.computeSignature(WSSecSignature.java:724)
> ... 23 more
> 2.
> java.util.ConcurrentModificationException
> at java.util.AbstractList$Itr.checkForComodification(AbstractList.java:372)
> at java.util.AbstractList$Itr.next(AbstractList.java:343)
> at org.apache.ws.security.WSDocInfo.getSecurityTokenReference(WSDocInfo.java:86)
> at org.apache.ws.security.message.EnvelopeIdResolver.engineResolve(EnvelopeIdResolver.java:114)
> at org.apache.xml.security.utils.resolver.ResourceResolver.resolve(Unknown Source)
> at org.apache.xml.security.signature.Reference.getContentsBeforeTransformation(Unknown Source)
> at org.apache.xml.security.signature.Reference.dereferenceURIandPerformTransforms(Unknown Source)
> at org.apache.xml.security.signature.Reference.calculateDigest(Unknown Source)
> at org.apache.xml.security.signature.Reference.verify(Unknown Source)
> at org.apache.xml.security.signature.Manifest.verifyReferences(Unknown Source)
> at org.apache.xml.security.signature.SignedInfo.verify(Unknown Source)
> at org.apache.xml.security.signature.XMLSignature.checkSignatureValue(Unknown Source)
> at org.apache.xml.security.signature.XMLSignature.checkSignatureValue(Unknown Source)
> at org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:516)
> at org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:120)
> at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:332)
> at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:249)
> at org.apache.rampart.RampartEngine.process(RampartEngine.java:177)
> at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:92)
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org
[jira] [Commented] (WSS-401) Concurrency issue in generating
signature under high load
Posted by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WSS-401?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13456986#comment-13456986 ]
Colm O hEigeartaigh commented on WSS-401:
-----------------------------------------
Any update on this?
Colm.
> Concurrency issue in generating signature under high load
> ---------------------------------------------------------
>
> Key: WSS-401
> URL: https://issues.apache.org/jira/browse/WSS-401
> Project: WSS4J
> Issue Type: Bug
> Affects Versions: 1.5.11
> Reporter: Hasini Gunasinghe
> Assignee: Colm O hEigeartaigh
> Priority: Critical
> Fix For: 1.5.13
>
> Attachments: WSS-401.patch
>
>
> Error Logs:
> 1.
> Caused by: org.apache.rampart.RampartException: Error in signature with X509Token
> at org.apache.rampart.builder.AsymmetricBindingBuilder.doSignature(AsymmetricBindingBuilder.java:741)
> at org.apache.rampart.builder.AsymmetricBindingBuilder.doSignBeforeEncrypt(AsymmetricBindingBuilder.java:414)
> at org.apache.rampart.builder.AsymmetricBindingBuilder.build(AsymmetricBindingBuilder.java:90)
> at org.apache.rampart.MessageBuilder.build(MessageBuilder.java:147)
> at org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:65)
> ... 18 more
> Caused by: org.apache.ws.security.WSSecurityException: Signature creation failed; nested exception is:
> java.util.ConcurrentModificationException
> at org.apache.ws.security.message.WSSecSignature.computeSignature(WSSecSignature.java:732)
> at org.apache.rampart.builder.AsymmetricBindingBuilder.doSignature(AsymmetricBindingBuilder.java:732)
> ... 22 more
> Caused by: java.util.ConcurrentModificationException
> at java.util.AbstractList$Itr.checkForComodification(AbstractList.java:372)
> at java.util.AbstractList$Itr.next(AbstractList.java:343)
> at org.apache.ws.security.WSDocInfo.getSecurityTokenReference(WSDocInfo.java:86)
> at org.apache.ws.security.message.EnvelopeIdResolver.engineResolve(EnvelopeIdResolver.java:114)
> at org.apache.xml.security.utils.resolver.ResourceResolver.resolve(Unknown Source)
> at org.apache.xml.security.signature.Reference.getContentsBeforeTransformation(Unknown Source)
> at org.apache.xml.security.signature.Reference.dereferenceURIandPerformTransforms(Unknown Source)
> at org.apache.xml.security.signature.Reference.calculateDigest(Unknown Source)
> at org.apache.xml.security.signature.Reference.generateDigestValue(Unknown Source)
> at org.apache.xml.security.signature.Manifest.generateDigestValues(Unknown Source)
> at org.apache.xml.security.signature.XMLSignature.sign(Unknown Source)
> at org.apache.ws.security.message.WSSecSignature.computeSignature(WSSecSignature.java:724)
> ... 23 more
> 2.
> java.util.ConcurrentModificationException
> at java.util.AbstractList$Itr.checkForComodification(AbstractList.java:372)
> at java.util.AbstractList$Itr.next(AbstractList.java:343)
> at org.apache.ws.security.WSDocInfo.getSecurityTokenReference(WSDocInfo.java:86)
> at org.apache.ws.security.message.EnvelopeIdResolver.engineResolve(EnvelopeIdResolver.java:114)
> at org.apache.xml.security.utils.resolver.ResourceResolver.resolve(Unknown Source)
> at org.apache.xml.security.signature.Reference.getContentsBeforeTransformation(Unknown Source)
> at org.apache.xml.security.signature.Reference.dereferenceURIandPerformTransforms(Unknown Source)
> at org.apache.xml.security.signature.Reference.calculateDigest(Unknown Source)
> at org.apache.xml.security.signature.Reference.verify(Unknown Source)
> at org.apache.xml.security.signature.Manifest.verifyReferences(Unknown Source)
> at org.apache.xml.security.signature.SignedInfo.verify(Unknown Source)
> at org.apache.xml.security.signature.XMLSignature.checkSignatureValue(Unknown Source)
> at org.apache.xml.security.signature.XMLSignature.checkSignatureValue(Unknown Source)
> at org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:516)
> at org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:120)
> at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:332)
> at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:249)
> at org.apache.rampart.RampartEngine.process(RampartEngine.java:177)
> at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:92)
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org
[jira] [Updated] (WSS-401) Concurrency issue in generating
signature under high load
Posted by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WSS-401?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Colm O hEigeartaigh updated WSS-401:
------------------------------------
Fix Version/s: (was: 1.5.13)
> Concurrency issue in generating signature under high load
> ---------------------------------------------------------
>
> Key: WSS-401
> URL: https://issues.apache.org/jira/browse/WSS-401
> Project: WSS4J
> Issue Type: Bug
> Affects Versions: 1.5.11
> Reporter: Hasini Gunasinghe
> Assignee: Colm O hEigeartaigh
> Priority: Critical
> Attachments: WSS-401.patch
>
>
> Error Logs:
> 1.
> Caused by: org.apache.rampart.RampartException: Error in signature with X509Token
> at org.apache.rampart.builder.AsymmetricBindingBuilder.doSignature(AsymmetricBindingBuilder.java:741)
> at org.apache.rampart.builder.AsymmetricBindingBuilder.doSignBeforeEncrypt(AsymmetricBindingBuilder.java:414)
> at org.apache.rampart.builder.AsymmetricBindingBuilder.build(AsymmetricBindingBuilder.java:90)
> at org.apache.rampart.MessageBuilder.build(MessageBuilder.java:147)
> at org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:65)
> ... 18 more
> Caused by: org.apache.ws.security.WSSecurityException: Signature creation failed; nested exception is:
> java.util.ConcurrentModificationException
> at org.apache.ws.security.message.WSSecSignature.computeSignature(WSSecSignature.java:732)
> at org.apache.rampart.builder.AsymmetricBindingBuilder.doSignature(AsymmetricBindingBuilder.java:732)
> ... 22 more
> Caused by: java.util.ConcurrentModificationException
> at java.util.AbstractList$Itr.checkForComodification(AbstractList.java:372)
> at java.util.AbstractList$Itr.next(AbstractList.java:343)
> at org.apache.ws.security.WSDocInfo.getSecurityTokenReference(WSDocInfo.java:86)
> at org.apache.ws.security.message.EnvelopeIdResolver.engineResolve(EnvelopeIdResolver.java:114)
> at org.apache.xml.security.utils.resolver.ResourceResolver.resolve(Unknown Source)
> at org.apache.xml.security.signature.Reference.getContentsBeforeTransformation(Unknown Source)
> at org.apache.xml.security.signature.Reference.dereferenceURIandPerformTransforms(Unknown Source)
> at org.apache.xml.security.signature.Reference.calculateDigest(Unknown Source)
> at org.apache.xml.security.signature.Reference.generateDigestValue(Unknown Source)
> at org.apache.xml.security.signature.Manifest.generateDigestValues(Unknown Source)
> at org.apache.xml.security.signature.XMLSignature.sign(Unknown Source)
> at org.apache.ws.security.message.WSSecSignature.computeSignature(WSSecSignature.java:724)
> ... 23 more
> 2.
> java.util.ConcurrentModificationException
> at java.util.AbstractList$Itr.checkForComodification(AbstractList.java:372)
> at java.util.AbstractList$Itr.next(AbstractList.java:343)
> at org.apache.ws.security.WSDocInfo.getSecurityTokenReference(WSDocInfo.java:86)
> at org.apache.ws.security.message.EnvelopeIdResolver.engineResolve(EnvelopeIdResolver.java:114)
> at org.apache.xml.security.utils.resolver.ResourceResolver.resolve(Unknown Source)
> at org.apache.xml.security.signature.Reference.getContentsBeforeTransformation(Unknown Source)
> at org.apache.xml.security.signature.Reference.dereferenceURIandPerformTransforms(Unknown Source)
> at org.apache.xml.security.signature.Reference.calculateDigest(Unknown Source)
> at org.apache.xml.security.signature.Reference.verify(Unknown Source)
> at org.apache.xml.security.signature.Manifest.verifyReferences(Unknown Source)
> at org.apache.xml.security.signature.SignedInfo.verify(Unknown Source)
> at org.apache.xml.security.signature.XMLSignature.checkSignatureValue(Unknown Source)
> at org.apache.xml.security.signature.XMLSignature.checkSignatureValue(Unknown Source)
> at org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:516)
> at org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:120)
> at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:332)
> at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:249)
> at org.apache.rampart.RampartEngine.process(RampartEngine.java:177)
> at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:92)
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org
[jira] [Commented] (WSS-401) Concurrency issue in generating
signature under high load
Posted by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WSS-401?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13443041#comment-13443041 ]
Colm O hEigeartaigh commented on WSS-401:
-----------------------------------------
Shouldn't the line "securityTokenReferences.add(securityTokenRef);" be in a synchronized block as well?
Colm.
> Concurrency issue in generating signature under high load
> ---------------------------------------------------------
>
> Key: WSS-401
> URL: https://issues.apache.org/jira/browse/WSS-401
> Project: WSS4J
> Issue Type: Bug
> Affects Versions: 1.5.11
> Reporter: Hasini Gunasinghe
> Assignee: Colm O hEigeartaigh
> Priority: Critical
> Fix For: 1.5.13
>
> Attachments: WSS-401.patch
>
>
> Error Logs:
> 1.
> Caused by: org.apache.rampart.RampartException: Error in signature with X509Token
> at org.apache.rampart.builder.AsymmetricBindingBuilder.doSignature(AsymmetricBindingBuilder.java:741)
> at org.apache.rampart.builder.AsymmetricBindingBuilder.doSignBeforeEncrypt(AsymmetricBindingBuilder.java:414)
> at org.apache.rampart.builder.AsymmetricBindingBuilder.build(AsymmetricBindingBuilder.java:90)
> at org.apache.rampart.MessageBuilder.build(MessageBuilder.java:147)
> at org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:65)
> ... 18 more
> Caused by: org.apache.ws.security.WSSecurityException: Signature creation failed; nested exception is:
> java.util.ConcurrentModificationException
> at org.apache.ws.security.message.WSSecSignature.computeSignature(WSSecSignature.java:732)
> at org.apache.rampart.builder.AsymmetricBindingBuilder.doSignature(AsymmetricBindingBuilder.java:732)
> ... 22 more
> Caused by: java.util.ConcurrentModificationException
> at java.util.AbstractList$Itr.checkForComodification(AbstractList.java:372)
> at java.util.AbstractList$Itr.next(AbstractList.java:343)
> at org.apache.ws.security.WSDocInfo.getSecurityTokenReference(WSDocInfo.java:86)
> at org.apache.ws.security.message.EnvelopeIdResolver.engineResolve(EnvelopeIdResolver.java:114)
> at org.apache.xml.security.utils.resolver.ResourceResolver.resolve(Unknown Source)
> at org.apache.xml.security.signature.Reference.getContentsBeforeTransformation(Unknown Source)
> at org.apache.xml.security.signature.Reference.dereferenceURIandPerformTransforms(Unknown Source)
> at org.apache.xml.security.signature.Reference.calculateDigest(Unknown Source)
> at org.apache.xml.security.signature.Reference.generateDigestValue(Unknown Source)
> at org.apache.xml.security.signature.Manifest.generateDigestValues(Unknown Source)
> at org.apache.xml.security.signature.XMLSignature.sign(Unknown Source)
> at org.apache.ws.security.message.WSSecSignature.computeSignature(WSSecSignature.java:724)
> ... 23 more
> 2.
> java.util.ConcurrentModificationException
> at java.util.AbstractList$Itr.checkForComodification(AbstractList.java:372)
> at java.util.AbstractList$Itr.next(AbstractList.java:343)
> at org.apache.ws.security.WSDocInfo.getSecurityTokenReference(WSDocInfo.java:86)
> at org.apache.ws.security.message.EnvelopeIdResolver.engineResolve(EnvelopeIdResolver.java:114)
> at org.apache.xml.security.utils.resolver.ResourceResolver.resolve(Unknown Source)
> at org.apache.xml.security.signature.Reference.getContentsBeforeTransformation(Unknown Source)
> at org.apache.xml.security.signature.Reference.dereferenceURIandPerformTransforms(Unknown Source)
> at org.apache.xml.security.signature.Reference.calculateDigest(Unknown Source)
> at org.apache.xml.security.signature.Reference.verify(Unknown Source)
> at org.apache.xml.security.signature.Manifest.verifyReferences(Unknown Source)
> at org.apache.xml.security.signature.SignedInfo.verify(Unknown Source)
> at org.apache.xml.security.signature.XMLSignature.checkSignatureValue(Unknown Source)
> at org.apache.xml.security.signature.XMLSignature.checkSignatureValue(Unknown Source)
> at org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:516)
> at org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:120)
> at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:332)
> at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:249)
> at org.apache.rampart.RampartEngine.process(RampartEngine.java:177)
> at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:92)
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org
[jira] [Commented] (WSS-401) Concurrency issue in generating
signature under high load
Posted by "Hasini Gunasinghe (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WSS-401?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13442745#comment-13442745 ]
Hasini Gunasinghe commented on WSS-401:
---------------------------------------
Please find the patch - WSS-401.patch attached herewith.
Thanks,
Hasini
> Concurrency issue in generating signature under high load
> ---------------------------------------------------------
>
> Key: WSS-401
> URL: https://issues.apache.org/jira/browse/WSS-401
> Project: WSS4J
> Issue Type: Bug
> Affects Versions: 1.5.11
> Reporter: Hasini Gunasinghe
> Assignee: Colm O hEigeartaigh
> Priority: Critical
> Fix For: 1.5.13
>
> Attachments: WSS-401.patch
>
>
> Error Logs:
> 1.
> Caused by: org.apache.rampart.RampartException: Error in signature with X509Token
> at org.apache.rampart.builder.AsymmetricBindingBuilder.doSignature(AsymmetricBindingBuilder.java:741)
> at org.apache.rampart.builder.AsymmetricBindingBuilder.doSignBeforeEncrypt(AsymmetricBindingBuilder.java:414)
> at org.apache.rampart.builder.AsymmetricBindingBuilder.build(AsymmetricBindingBuilder.java:90)
> at org.apache.rampart.MessageBuilder.build(MessageBuilder.java:147)
> at org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:65)
> ... 18 more
> Caused by: org.apache.ws.security.WSSecurityException: Signature creation failed; nested exception is:
> java.util.ConcurrentModificationException
> at org.apache.ws.security.message.WSSecSignature.computeSignature(WSSecSignature.java:732)
> at org.apache.rampart.builder.AsymmetricBindingBuilder.doSignature(AsymmetricBindingBuilder.java:732)
> ... 22 more
> Caused by: java.util.ConcurrentModificationException
> at java.util.AbstractList$Itr.checkForComodification(AbstractList.java:372)
> at java.util.AbstractList$Itr.next(AbstractList.java:343)
> at org.apache.ws.security.WSDocInfo.getSecurityTokenReference(WSDocInfo.java:86)
> at org.apache.ws.security.message.EnvelopeIdResolver.engineResolve(EnvelopeIdResolver.java:114)
> at org.apache.xml.security.utils.resolver.ResourceResolver.resolve(Unknown Source)
> at org.apache.xml.security.signature.Reference.getContentsBeforeTransformation(Unknown Source)
> at org.apache.xml.security.signature.Reference.dereferenceURIandPerformTransforms(Unknown Source)
> at org.apache.xml.security.signature.Reference.calculateDigest(Unknown Source)
> at org.apache.xml.security.signature.Reference.generateDigestValue(Unknown Source)
> at org.apache.xml.security.signature.Manifest.generateDigestValues(Unknown Source)
> at org.apache.xml.security.signature.XMLSignature.sign(Unknown Source)
> at org.apache.ws.security.message.WSSecSignature.computeSignature(WSSecSignature.java:724)
> ... 23 more
> 2.
> java.util.ConcurrentModificationException
> at java.util.AbstractList$Itr.checkForComodification(AbstractList.java:372)
> at java.util.AbstractList$Itr.next(AbstractList.java:343)
> at org.apache.ws.security.WSDocInfo.getSecurityTokenReference(WSDocInfo.java:86)
> at org.apache.ws.security.message.EnvelopeIdResolver.engineResolve(EnvelopeIdResolver.java:114)
> at org.apache.xml.security.utils.resolver.ResourceResolver.resolve(Unknown Source)
> at org.apache.xml.security.signature.Reference.getContentsBeforeTransformation(Unknown Source)
> at org.apache.xml.security.signature.Reference.dereferenceURIandPerformTransforms(Unknown Source)
> at org.apache.xml.security.signature.Reference.calculateDigest(Unknown Source)
> at org.apache.xml.security.signature.Reference.verify(Unknown Source)
> at org.apache.xml.security.signature.Manifest.verifyReferences(Unknown Source)
> at org.apache.xml.security.signature.SignedInfo.verify(Unknown Source)
> at org.apache.xml.security.signature.XMLSignature.checkSignatureValue(Unknown Source)
> at org.apache.xml.security.signature.XMLSignature.checkSignatureValue(Unknown Source)
> at org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:516)
> at org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:120)
> at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:332)
> at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:249)
> at org.apache.rampart.RampartEngine.process(RampartEngine.java:177)
> at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:92)
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org