What version of WSS4J are you using? It looks like you are using 1.5.x - which is essentially deprecated at this stage. Is it possible to move to using 1.6.x instead?
Colm. On Thu, Aug 23, 2012 at 5:56 AM, Hasini Gunasinghe <[email protected]>wrote: > Hi, > > We have observed $subject when using WSS4J with Rampart for digital > signature. > I have attached the error logs at [1] and [2] for your reference. > > According to the error and going through the code, it seems that the root > cause is: "securityTokenReferences" variable in > org.apache.ws.security.WSDocInfo, which is a List (and initialized as a > Vector later) is trying to be modified by the method: > WSDocInfo#setSecurityTokenReference while the iterator obtained on > "securityTokenReferences" is being iterated in the method: > WSDocInfo#getSecurityTokenReference. > > When the code is modified such that the iteration happens in a > synchronized block, the above issue doesn't occur anymore even under high > load. But that would not be the ideal solution since it can cause > performance overhead. > > Appreciate any thoughts on an optimal solution for this concurrency issue. > > [1] > Caused by: org.apache.rampart.RampartException: Error in signature with > X509Token > at > org.apache.rampart.builder.AsymmetricBindingBuilder.doSignature(AsymmetricBindingBuilder.java:741) > at > org.apache.rampart.builder.AsymmetricBindingBuilder.doSignBeforeEncrypt(AsymmetricBindingBuilder.java:414) > at > org.apache.rampart.builder.AsymmetricBindingBuilder.build(AsymmetricBindingBuilder.java:90) > at org.apache.rampart.MessageBuilder.build(MessageBuilder.java:147) > at org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:65) > ... 18 more > Caused by: org.apache.ws.security.WSSecurityException: Signature creation > failed; nested exception is: > java.util.ConcurrentModificationException > at > org.apache.ws.security.message.WSSecSignature.computeSignature(WSSecSignature.java:732) > at > org.apache.rampart.builder.AsymmetricBindingBuilder.doSignature(AsymmetricBindingBuilder.java:732) > ... 22 more > Caused by: java.util.ConcurrentModificationException > at java.util.AbstractList$Itr.checkForComodification(AbstractList.java:372) > at java.util.AbstractList$Itr.next(AbstractList.java:343) > at > org.apache.ws.security.WSDocInfo.getSecurityTokenReference(WSDocInfo.java:86) > at > org.apache.ws.security.message.EnvelopeIdResolver.engineResolve(EnvelopeIdResolver.java:114) > at org.apache.xml.security.utils.resolver.ResourceResolver.resolve(Unknown > Source) > at > org.apache.xml.security.signature.Reference.getContentsBeforeTransformation(Unknown > Source) > at > org.apache.xml.security.signature.Reference.dereferenceURIandPerformTransforms(Unknown > Source) > at org.apache.xml.security.signature.Reference.calculateDigest(Unknown > Source) > at org.apache.xml.security.signature.Reference.generateDigestValue(Unknown > Source) > at > org.apache.xml.security.signature.Manifest.generateDigestValues(Unknown > Source) > at org.apache.xml.security.signature.XMLSignature.sign(Unknown Source) > at > org.apache.ws.security.message.WSSecSignature.computeSignature(WSSecSignature.java:724) > ... 23 more > > 2. > java.util.ConcurrentModificationException > at java.util.AbstractList$Itr.checkForComodification(AbstractList.java:372) > at java.util.AbstractList$Itr.next(AbstractList.java:343) > at > org.apache.ws.security.WSDocInfo.getSecurityTokenReference(WSDocInfo.java:86) > at > org.apache.ws.security.message.EnvelopeIdResolver.engineResolve(EnvelopeIdResolver.java:114) > at > org.apache.xml.security.utils.resolver.ResourceResolver.resolve(Unknown > Source) > at > org.apache.xml.security.signature.Reference.getContentsBeforeTransformation(Unknown > Source) > at > org.apache.xml.security.signature.Reference.dereferenceURIandPerformTransforms(Unknown > Source) > at org.apache.xml.security.signature.Reference.calculateDigest(Unknown > Source) > at org.apache.xml.security.signature.Reference.verify(Unknown Source) > at org.apache.xml.security.signature.Manifest.verifyReferences(Unknown > Source) > at org.apache.xml.security.signature.SignedInfo.verify(Unknown Source) > at > org.apache.xml.security.signature.XMLSignature.checkSignatureValue(Unknown > Source) > at > org.apache.xml.security.signature.XMLSignature.checkSignatureValue(Unknown > Source) > at > org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:516) > at > org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:120) > at > org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:332) > at > org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:249) > at org.apache.rampart.RampartEngine.process(RampartEngine.java:177) > at > org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:92) > > Thanks, > Hasini. > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
