You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ws.apache.org by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org> on 2012/09/27 17:34:08 UTC

[jira] [Resolved] (WSS-401) Concurrency issue in generating signature under high load

     [ https://issues.apache.org/jira/browse/WSS-401?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Colm O hEigeartaigh resolved WSS-401.
-------------------------------------

    Resolution: Incomplete
    
> Concurrency issue in generating signature under high load
> ---------------------------------------------------------
>
>                 Key: WSS-401
>                 URL: https://issues.apache.org/jira/browse/WSS-401
>             Project: WSS4J
>          Issue Type: Bug
>    Affects Versions: 1.5.11
>            Reporter: Hasini Gunasinghe
>            Assignee: Colm O hEigeartaigh
>            Priority: Critical
>         Attachments: WSS-401.patch
>
>
> Error Logs:
> 1.
> Caused by: org.apache.rampart.RampartException: Error in signature with X509Token
> at org.apache.rampart.builder.AsymmetricBindingBuilder.doSignature(AsymmetricBindingBuilder.java:741)
> at org.apache.rampart.builder.AsymmetricBindingBuilder.doSignBeforeEncrypt(AsymmetricBindingBuilder.java:414)
> at org.apache.rampart.builder.AsymmetricBindingBuilder.build(AsymmetricBindingBuilder.java:90)
> at org.apache.rampart.MessageBuilder.build(MessageBuilder.java:147)
> at org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:65)
> ... 18 more
> Caused by: org.apache.ws.security.WSSecurityException: Signature creation failed; nested exception is: 
> java.util.ConcurrentModificationException
> at org.apache.ws.security.message.WSSecSignature.computeSignature(WSSecSignature.java:732)
> at org.apache.rampart.builder.AsymmetricBindingBuilder.doSignature(AsymmetricBindingBuilder.java:732)
> ... 22 more
> Caused by: java.util.ConcurrentModificationException
> at java.util.AbstractList$Itr.checkForComodification(AbstractList.java:372)
> at java.util.AbstractList$Itr.next(AbstractList.java:343)
> at org.apache.ws.security.WSDocInfo.getSecurityTokenReference(WSDocInfo.java:86)
> at org.apache.ws.security.message.EnvelopeIdResolver.engineResolve(EnvelopeIdResolver.java:114)
> at org.apache.xml.security.utils.resolver.ResourceResolver.resolve(Unknown Source)
> at org.apache.xml.security.signature.Reference.getContentsBeforeTransformation(Unknown Source)
> at org.apache.xml.security.signature.Reference.dereferenceURIandPerformTransforms(Unknown Source)
> at org.apache.xml.security.signature.Reference.calculateDigest(Unknown Source)
> at org.apache.xml.security.signature.Reference.generateDigestValue(Unknown Source)
> at org.apache.xml.security.signature.Manifest.generateDigestValues(Unknown Source)
> at org.apache.xml.security.signature.XMLSignature.sign(Unknown Source)
> at org.apache.ws.security.message.WSSecSignature.computeSignature(WSSecSignature.java:724)
> ... 23 more
> 2.
> java.util.ConcurrentModificationException
> at java.util.AbstractList$Itr.checkForComodification(AbstractList.java:372)
> at java.util.AbstractList$Itr.next(AbstractList.java:343)
> at org.apache.ws.security.WSDocInfo.getSecurityTokenReference(WSDocInfo.java:86)
> at org.apache.ws.security.message.EnvelopeIdResolver.engineResolve(EnvelopeIdResolver.java:114)
> at org.apache.xml.security.utils.resolver.ResourceResolver.resolve(Unknown Source)
> at org.apache.xml.security.signature.Reference.getContentsBeforeTransformation(Unknown Source)
> at org.apache.xml.security.signature.Reference.dereferenceURIandPerformTransforms(Unknown Source)
> at org.apache.xml.security.signature.Reference.calculateDigest(Unknown Source)
> at org.apache.xml.security.signature.Reference.verify(Unknown Source)
> at org.apache.xml.security.signature.Manifest.verifyReferences(Unknown Source)
> at org.apache.xml.security.signature.SignedInfo.verify(Unknown Source)
> at org.apache.xml.security.signature.XMLSignature.checkSignatureValue(Unknown Source)
> at org.apache.xml.security.signature.XMLSignature.checkSignatureValue(Unknown Source)
> at org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:516)
> at org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:120)
> at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:332)
> at org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:249)
> at org.apache.rampart.RampartEngine.process(RampartEngine.java:177)
> at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:92)

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org