OK I will try this version and give you a feedback.... One question about this version. It is a beta0 version and I would like to no if it is stable because I have to use it in productive system.
Regards. Yvan -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Raul Benito Sent: mercredi, 5. juillet 2006 18:19 To: [email protected] Subject: Re: XML security seems to be not thread safe...Please Help Hi Hess, You have be hit by the infamous 38605 bug. http://issues.apache.org/bugzilla/show_bug.cgi?id=38605 You can obtain a beta of the new 1.4 release that will fix this problem here: http://xml.apache.org/security/dist/java-library/xmlsec-1.4.Beta0.jar And you can help debugging the next version, so it does not happen the same problem again. Regards On 7/5/06, Hess Yvan <[EMAIL PROTECTED]> wrote: > > > > It seems that XML Apache security (Version 1.3) is not thread safe. > Here what I am doing and the errors encountered: > > > > I sign XML documents using XML apache security and just after a > document has been signed it is verified (signature verification) using > XML apache security. One thread treats one XML document after another. > > > > I have two kinds of errors that appear randomly: > > > > 1) I got a null pointer from XML Apache security > > > > Message: null > Class: java.lang.NullPointerException > Stack trace: > java.lang.NullPointerException > at > org.apache.xml.security.keys.keyresolver.implementations.X509Certifica > teResolver.engineResolveX509Certificate(Unknown > Source) > at > org.apache.xml.security.keys.keyresolver.KeyResolver.resolveX509Certif > icate(Unknown > Source) > at > org.apache.xml.security.keys.KeyInfo.getX509CertificateFromStaticResol > vers(Unknown > Source) > at > org.apache.xml.security.keys.KeyInfo.getX509Certificate(Unknown > Source) > at > com.imtf.atlas.sphinx2.xmlsig.Verifier.verify(Verifier.java:646) > > > > 2) The verification failed saying that the XML document is not > valid/corrupted (not the hash but the signature itself according the > Apache log). > > > > If I run the same test in a single environment (all documents are > treated by only on thread), I never got an error. > > > > Can somebody help me to resolve the problem? It is critical problem > because our application failed and we have to work in a multi-thread environment. > > > > Thanks for your answer. Yvan Hess > > > > Yvan Hess > > Chief software architect > > http://www.imtf.com > > -- http://r-bg.com
