Hi Colm,
yes, I'll try reproducing this locally (the load test is actually run on
a bench environment that can't be moved quickly to cxf 2.4.0 / wss4j
1.6) and let you know asap.
Thanks
Alessio
On 06/01/2011 11:26 AM, Colm O hEigeartaigh wrote:
Hi Alessio,
Very interesting, I haven't seen this problem before. It looks like a
problem in WSS4J - I'm not sure how multiple threads are altering the
same WSDocInfo object.
Would it be possible to check whether it exists with CXF 2.4.0 and
WSS4J 1.6.0? I want to get a WSS4J 1.6.1 release out asap, so it would
be cool to fix this problem if it's there.
Colm.
On Wed, Jun 1, 2011 at 9:52 AM, Alessio Soldano<[email protected]> wrote:
Hi,
we're running some WS-Security load tests with Apache CXF 2.2.12 + WSS4J
1.5.10 and might have found a concurrency issue.
We're getting the following exception:
[runTest(bash)] OUT> Caused by: java.util.ConcurrentModificationException
[runTest(bash)] OUT> at
java.util.AbstractList$Itr.checkForComodification(AbstractList.java:372)
[runTest(bash)] OUT> at
java.util.AbstractList$Itr.next(AbstractList.java:343)
[runTest(bash)] OUT> at
org.apache.ws.security.WSDocInfo.getSecurityTokenReference(WSDocInfo.java:86)
[runTest(bash)] OUT> at
org.apache.ws.security.message.EnvelopeIdResolver.engineResolve(EnvelopeIdResolver.java:114)
[runTest(bash)] OUT> at
org.apache.xml.security.utils.resolver.ResourceResolver.resolve(Unknown
Source)
[runTest(bash)] OUT> at
org.apache.xml.security.signature.Reference.getContentsBeforeTransformation(Unknown
Source)
[runTest(bash)] OUT> at
org.apache.xml.security.signature.Reference.dereferenceURIandPerformTransforms(Unknown
Source)
[runTest(bash)] OUT> at
org.apache.xml.security.signature.Reference.calculateDigest(Unknown Source)
[runTest(bash)] OUT> at
org.apache.xml.security.signature.Reference.verify(Unknown Source)
[runTest(bash)] OUT> at
org.apache.xml.security.signature.Manifest.verifyReferences(Unknown Source)
[runTest(bash)] OUT> at
org.apache.xml.security.signature.SignedInfo.verify(Unknown Source)
[runTest(bash)] OUT> at
org.apache.xml.security.signature.XMLSignature.checkSignatureValue(Unknown
Source)
[runTest(bash)] OUT> at
org.apache.xml.security.signature.XMLSignature.checkSignatureValue(Unknown
Source)
[runTest(bash)] OUT> at
org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:470)
[runTest(bash)] OUT> at
org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:114)
[runTest(bash)] OUT> at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:328)
[runTest(bash)] OUT> at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:245)
[runTest(bash)] OUT> at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:208)
[runTest(bash)] OUT> at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:78)
[runTest(bash)] OUT> at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:243)
[runTest(bash)] OUT> at
org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:755)
[runTest(bash)] OUT> at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:2408)
[runTest(bash)] OUT> at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:2278)
[runTest(bash)] OUT> at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:2121)
[runTest(bash)] OUT> at
org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:66)
[runTest(bash)] OUT> at
org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:695)
[runTest(bash)] OUT> at
org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
[runTest(bash)] OUT> at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:243)
[runTest(bash)] OUT> at
org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:516)
[runTest(bash)] OUT> at
org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:313)
[runTest(bash)] OUT> at
org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:265)
[runTest(bash)] OUT> at
org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73)
[runTest(bash)] OUT> at
org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:124)
[runTest(bash)] OUT> ... 9 more
Interestingly, forcing the use of WSS4J 1.5.8 instead (we discovered this by
accident ;-) ) the problem goes away.
The application basically builds up a JAXWS client using WS-Security (Sign
only) through programmatically configured WSS4J interceptors:
http://fpaste.org/pYHM/
Once the proxy is ready on client side, it's called concurrently using
multiple threads (performIteration() method in the code).
Does the problem/exception above ring any bell? I'm going to investigate
this a bit more in any case.
Thanks
Alessio
--
Alessio Soldano
Web Service Lead, JBoss
--
Alessio Soldano
Web Service Lead, JBoss
