You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by Lucas Madar <lu...@gmail.com> on 2012/06/27 02:44:59 UTC
Exception with latest CXF and WSS4J
I'm not sure if this is an issue with CXF or with WSS4J, but I don't
know enough about what's going on behind the scenes to diagnose it.
cxf: 2.6.1
wss4j: 1.6.6
This is a SOAP call with WS-UserNameToken enabled, via an
AbstractUsernameTokenAuthenticatingInterceptor.
Anyone seen something similar?
WARNING: Interceptor for
{http://xxxx/}XXXXXXXX#{http://xxxx/xxx}XXXXXXXX has thrown exception,
unwinding now
java.util.ConcurrentModificationException
at java.util.HashMap$HashIterator.nextEntry(HashMap.java:793)
at java.util.HashMap$KeyIterator.next(HashMap.java:828)
at
org.apache.ws.security.cache.MemoryReplayCache.processTokenExpiry(MemoryReplayCache.java:89)
at
org.apache.ws.security.cache.MemoryReplayCache.contains(MemoryReplayCache.java:76)
at
org.apache.ws.security.processor.UsernameTokenProcessor.handleUsernameToken(UsernameTokenProcessor.java:139)
at
org.apache.ws.security.processor.UsernameTokenProcessor.handleToken(UsernameTokenProcessor.java:66)
at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:396)
at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:289)
at
org.apache.cxf.ws.security.wss4j.AbstractUsernameTokenAuthenticatingInterceptor.handleMessage(AbstractUsernameToken
AuthenticatingInterceptor.java:91)
at
org.apache.cxf.ws.security.wss4j.AbstractUsernameTokenAuthenticatingInterceptor.handleMessage(AbstractUsernameToken
AuthenticatingInterceptor.java:62)
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262)
at
org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:122)
at
org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:211)
at
org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:213)
at
org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:193)
at
org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:129)
at
org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:187)
at
org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:110)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:641)
at
org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:166)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:304)
Re: Exception with latest CXF and WSS4J
Posted by Lucas Madar <lu...@gmail.com>.
Ah, no. It looks like at some point in our upgrade path, EhCache got
added as a cxf dependency but it didn't get added to our project's
deploy settings. This is for a very low-volume service, so we're not
overly concerned about performance. Are there any other issues with
keeping EhCache out?
Lucas
On 6/27/12 2:05 AM, Colm O hEigeartaigh wrote:
> For the record, this is fixed by WSS-396:
>
> https://issues.apache.org/jira/browse/WSS-396
>
> I'm curious as to why the EhCache ReplayCache is not getting picked up -
> are you explicitly excluding EhCache as a dependency in your project?
>
> Colm.
>
> On Wed, Jun 27, 2012 at 1:44 AM, Lucas Madar <lu...@gmail.com> wrote:
>
>> I'm not sure if this is an issue with CXF or with WSS4J, but I don't know
>> enough about what's going on behind the scenes to diagnose it.
>>
>> cxf: 2.6.1
>> wss4j: 1.6.6
>>
>> This is a SOAP call with WS-UserNameToken enabled, via an
>> AbstractUsernameTokenAuthentic**atingInterceptor.
>>
>> Anyone seen something similar?
>>
>> WARNING: Interceptor for {http://xxxx/}XXXXXXXX#{http:/**
>> /xxxx/xxx}XXXXXXXX <http://xxxx/%7DXXXXXXXX#%7Bhttp://xxxx/xxx%7DXXXXXXXX>has thrown exception, unwinding now
>> java.util.**ConcurrentModificationExceptio**n
>> at java.util.HashMap$**HashIterator.nextEntry(**HashMap.java:793)
>> at java.util.HashMap$KeyIterator.**next(HashMap.java:828)
>> at org.apache.ws.security.cache.**MemoryReplayCache.**
>> processTokenExpiry(**MemoryReplayCache.java:89)
>> at org.apache.ws.security.cache.**MemoryReplayCache.contains(**
>> MemoryReplayCache.java:76)
>> at org.apache.ws.security.**processor.**UsernameTokenProcessor.**
>> handleUsernameToken(**UsernameTokenProcessor.java:**139)
>> at org.apache.ws.security.**processor.**UsernameTokenProcessor.**
>> handleToken(**UsernameTokenProcessor.java:**66)
>> at org.apache.ws.security.**WSSecurityEngine.**
>> processSecurityHeader(**WSSecurityEngine.java:396)
>> at org.apache.cxf.ws.security.**wss4j.WSS4JInInterceptor.**
>> handleMessage(**WSS4JInInterceptor.java:289)
>> at org.apache.cxf.ws.security.**wss4j.**
>> AbstractUsernameTokenAuthentic**atingInterceptor.**handleMessage(**
>> AbstractUsernameToken
>> AuthenticatingInterceptor.**java:91)
>> at org.apache.cxf.ws.security.**wss4j.**
>> AbstractUsernameTokenAuthentic**atingInterceptor.**handleMessage(**
>> AbstractUsernameToken
>> AuthenticatingInterceptor.**java:62)
>> at org.apache.cxf.phase.**PhaseInterceptorChain.**doIntercept(**
>> PhaseInterceptorChain.java:**262)
>> at org.apache.cxf.transport.**ChainInitiationObserver.**onMessage(*
>> *ChainInitiationObserver.java:**122)
>> at org.apache.cxf.transport.http.**AbstractHTTPDestination.**
>> invoke(**AbstractHTTPDestination.java:**211)
>> at org.apache.cxf.transport.**servlet.ServletController.**
>> invokeDestination(**ServletController.java:213)
>> at org.apache.cxf.transport.**servlet.ServletController.**
>> invoke(ServletController.java:**193)
>> at org.apache.cxf.transport.**servlet.CXFNonSpringServlet.**
>> invoke(CXFNonSpringServlet.**java:129)
>> at org.apache.cxf.transport.**servlet.AbstractHTTPServlet.**
>> handleRequest(**AbstractHTTPServlet.java:187)
>> at org.apache.cxf.transport.**servlet.AbstractHTTPServlet.**
>> doPost(AbstractHTTPServlet.**java:110)
>> at javax.servlet.http.**HttpServlet.service(**HttpServlet.java:641)
>> at org.apache.cxf.transport.**servlet.AbstractHTTPServlet.**
>> service(AbstractHTTPServlet.**java:166)
>> at org.apache.catalina.core.**ApplicationFilterChain.**
>> internalDoFilter(**ApplicationFilterChain.java:**304)
>>
>>
>
Re: Exception with latest CXF and WSS4J
Posted by Colm O hEigeartaigh <co...@apache.org>.
For the record, this is fixed by WSS-396:
https://issues.apache.org/jira/browse/WSS-396
I'm curious as to why the EhCache ReplayCache is not getting picked up -
are you explicitly excluding EhCache as a dependency in your project?
Colm.
On Wed, Jun 27, 2012 at 1:44 AM, Lucas Madar <lu...@gmail.com> wrote:
> I'm not sure if this is an issue with CXF or with WSS4J, but I don't know
> enough about what's going on behind the scenes to diagnose it.
>
> cxf: 2.6.1
> wss4j: 1.6.6
>
> This is a SOAP call with WS-UserNameToken enabled, via an
> AbstractUsernameTokenAuthentic**atingInterceptor.
>
> Anyone seen something similar?
>
> WARNING: Interceptor for {http://xxxx/}XXXXXXXX#{http:/**
> /xxxx/xxx}XXXXXXXX <http://xxxx/%7DXXXXXXXX#%7Bhttp://xxxx/xxx%7DXXXXXXXX>has thrown exception, unwinding now
> java.util.**ConcurrentModificationExceptio**n
> at java.util.HashMap$**HashIterator.nextEntry(**HashMap.java:793)
> at java.util.HashMap$KeyIterator.**next(HashMap.java:828)
> at org.apache.ws.security.cache.**MemoryReplayCache.**
> processTokenExpiry(**MemoryReplayCache.java:89)
> at org.apache.ws.security.cache.**MemoryReplayCache.contains(**
> MemoryReplayCache.java:76)
> at org.apache.ws.security.**processor.**UsernameTokenProcessor.**
> handleUsernameToken(**UsernameTokenProcessor.java:**139)
> at org.apache.ws.security.**processor.**UsernameTokenProcessor.**
> handleToken(**UsernameTokenProcessor.java:**66)
> at org.apache.ws.security.**WSSecurityEngine.**
> processSecurityHeader(**WSSecurityEngine.java:396)
> at org.apache.cxf.ws.security.**wss4j.WSS4JInInterceptor.**
> handleMessage(**WSS4JInInterceptor.java:289)
> at org.apache.cxf.ws.security.**wss4j.**
> AbstractUsernameTokenAuthentic**atingInterceptor.**handleMessage(**
> AbstractUsernameToken
> AuthenticatingInterceptor.**java:91)
> at org.apache.cxf.ws.security.**wss4j.**
> AbstractUsernameTokenAuthentic**atingInterceptor.**handleMessage(**
> AbstractUsernameToken
> AuthenticatingInterceptor.**java:62)
> at org.apache.cxf.phase.**PhaseInterceptorChain.**doIntercept(**
> PhaseInterceptorChain.java:**262)
> at org.apache.cxf.transport.**ChainInitiationObserver.**onMessage(*
> *ChainInitiationObserver.java:**122)
> at org.apache.cxf.transport.http.**AbstractHTTPDestination.**
> invoke(**AbstractHTTPDestination.java:**211)
> at org.apache.cxf.transport.**servlet.ServletController.**
> invokeDestination(**ServletController.java:213)
> at org.apache.cxf.transport.**servlet.ServletController.**
> invoke(ServletController.java:**193)
> at org.apache.cxf.transport.**servlet.CXFNonSpringServlet.**
> invoke(CXFNonSpringServlet.**java:129)
> at org.apache.cxf.transport.**servlet.AbstractHTTPServlet.**
> handleRequest(**AbstractHTTPServlet.java:187)
> at org.apache.cxf.transport.**servlet.AbstractHTTPServlet.**
> doPost(AbstractHTTPServlet.**java:110)
> at javax.servlet.http.**HttpServlet.service(**HttpServlet.java:641)
> at org.apache.cxf.transport.**servlet.AbstractHTTPServlet.**
> service(AbstractHTTPServlet.**java:166)
> at org.apache.catalina.core.**ApplicationFilterChain.**
> internalDoFilter(**ApplicationFilterChain.java:**304)
>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com