On Wednesday, June 01, 2011 4:52:24 AM Alessio Soldano wrote: > Hi, > we're running some WS-Security load tests with Apache CXF 2.2.12 + WSS4J > 1.5.10 and might have found a concurrency issue.
I know this was an issue with 1.5.6 or so that I fixed (or thought I fixed) a long time ago. It was way more apparent with 64bit JDK's than 32bit as well due to the way WSS4J was hashing doc objects and such. However, I really thought this was fixed. Is this something that you can create a small maven testcase for to demonstrate? I'm not really sure what would be going on. :-( Dan > We're getting the following exception: > > [runTest(bash)] OUT> Caused by: java.util.ConcurrentModificationException > [runTest(bash)] OUT> at > java.util.AbstractList$Itr.checkForComodification(AbstractList.java:372) > [runTest(bash)] OUT> at > java.util.AbstractList$Itr.next(AbstractList.java:343) [runTest(bash)] > OUT> at > org.apache.ws.security.WSDocInfo.getSecurityTokenReference(WSDocInfo.java: > 86) [runTest(bash)] OUT> at > org.apache.ws.security.message.EnvelopeIdResolver.engineResolve(EnvelopeId > Resolver.java:114) [runTest(bash)] OUT> at > org.apache.xml.security.utils.resolver.ResourceResolver.resolve(Unknown > Source) [runTest(bash)] OUT> at > org.apache.xml.security.signature.Reference.getContentsBeforeTransformatio > n(Unknown Source) [runTest(bash)] OUT> at > org.apache.xml.security.signature.Reference.dereferenceURIandPerformTransf > orms(Unknown Source) [runTest(bash)] OUT> at > org.apache.xml.security.signature.Reference.calculateDigest(Unknown > Source) [runTest(bash)] OUT> at > org.apache.xml.security.signature.Reference.verify(Unknown Source) > [runTest(bash)] OUT> at > org.apache.xml.security.signature.Manifest.verifyReferences(Unknown > Source) [runTest(bash)] OUT> at > org.apache.xml.security.signature.SignedInfo.verify(Unknown Source) > [runTest(bash)] OUT> at > org.apache.xml.security.signature.XMLSignature.checkSignatureValue(Unknown > Source) [runTest(bash)] OUT> at > org.apache.xml.security.signature.XMLSignature.checkSignatureValue(Unknown > Source) [runTest(bash)] OUT> at > org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(Sig > natureProcessor.java:470) [runTest(bash)] OUT> at > org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureP > rocessor.java:114) [runTest(bash)] OUT> at > org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEn > gine.java:328) [runTest(bash)] OUT> at > org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEn > gine.java:245) [runTest(bash)] OUT> at > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInI > nterceptor.java:208) [runTest(bash)] OUT> at > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInI > nterceptor.java:78) [runTest(bash)] OUT> at > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorCha > in.java:243) [runTest(bash)] OUT> at > org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:755) > [runTest(bash)] OUT> at > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleRespon > seInternal(HTTPConduit.java:2408) [runTest(bash)] OUT> at > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleRespon > se(HTTPConduit.java:2278) [runTest(bash)] OUT> at > org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPCo > nduit.java:2121) [runTest(bash)] OUT> at > org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:66) > [runTest(bash)] OUT> at > org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:695) > [runTest(bash)] OUT> at > org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInt > erceptor.handleMessage(MessageSenderInterceptor.java:62) [runTest(bash)] > OUT> at > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorCha > in.java:243) [runTest(bash)] OUT> at > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:516) > [runTest(bash)] OUT> at > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:313) > [runTest(bash)] OUT> at > org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:265) > [runTest(bash)] OUT> at > org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:73) > [runTest(bash)] OUT> at > org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:124) > [runTest(bash)] OUT> ... 9 more > > > Interestingly, forcing the use of WSS4J 1.5.8 instead (we discovered > this by accident ;-) ) the problem goes away. > The application basically builds up a JAXWS client using WS-Security > (Sign only) through programmatically configured WSS4J interceptors: > http://fpaste.org/pYHM/ > Once the proxy is ready on client side, it's called concurrently using > multiple threads (performIteration() method in the code). > Does the problem/exception above ring any bell? I'm going to investigate > this a bit more in any case. > Thanks > Alessio -- Daniel Kulp [email protected] http://dankulp.com/blog Talend - http://www.talend.com
