Yes, it is 1.5.11. Could I know whether the above particular issue is addressed in 1.6.x?
Thanks, Hasini. On Thu, Aug 23, 2012 at 10:09 PM, Colm O hEigeartaigh <[email protected]>wrote: > > What version of WSS4J are you using? It looks like you are using 1.5.x - > which is essentially deprecated at this stage. Is it possible to move to > using 1.6.x instead? > > Colm. > > > On Thu, Aug 23, 2012 at 5:56 AM, Hasini Gunasinghe <[email protected]>wrote: > >> Hi, >> >> We have observed $subject when using WSS4J with Rampart for digital >> signature. >> I have attached the error logs at [1] and [2] for your reference. >> >> According to the error and going through the code, it seems that the root >> cause is: "securityTokenReferences" variable in >> org.apache.ws.security.WSDocInfo, which is a List (and initialized as a >> Vector later) is trying to be modified by the method: >> WSDocInfo#setSecurityTokenReference while the iterator obtained on >> "securityTokenReferences" is being iterated in the method: >> WSDocInfo#getSecurityTokenReference. >> >> When the code is modified such that the iteration happens in a >> synchronized block, the above issue doesn't occur anymore even under high >> load. But that would not be the ideal solution since it can cause >> performance overhead. >> >> Appreciate any thoughts on an optimal solution for this concurrency issue. >> >> [1] >> Caused by: org.apache.rampart.RampartException: Error in signature with >> X509Token >> at >> org.apache.rampart.builder.AsymmetricBindingBuilder.doSignature(AsymmetricBindingBuilder.java:741) >> at >> org.apache.rampart.builder.AsymmetricBindingBuilder.doSignBeforeEncrypt(AsymmetricBindingBuilder.java:414) >> at >> org.apache.rampart.builder.AsymmetricBindingBuilder.build(AsymmetricBindingBuilder.java:90) >> at org.apache.rampart.MessageBuilder.build(MessageBuilder.java:147) >> at org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:65) >> ... 18 more >> Caused by: org.apache.ws.security.WSSecurityException: Signature creation >> failed; nested exception is: >> java.util.ConcurrentModificationException >> at >> org.apache.ws.security.message.WSSecSignature.computeSignature(WSSecSignature.java:732) >> at >> org.apache.rampart.builder.AsymmetricBindingBuilder.doSignature(AsymmetricBindingBuilder.java:732) >> ... 22 more >> Caused by: java.util.ConcurrentModificationException >> at >> java.util.AbstractList$Itr.checkForComodification(AbstractList.java:372) >> at java.util.AbstractList$Itr.next(AbstractList.java:343) >> at >> org.apache.ws.security.WSDocInfo.getSecurityTokenReference(WSDocInfo.java:86) >> at >> org.apache.ws.security.message.EnvelopeIdResolver.engineResolve(EnvelopeIdResolver.java:114) >> at >> org.apache.xml.security.utils.resolver.ResourceResolver.resolve(Unknown >> Source) >> at >> org.apache.xml.security.signature.Reference.getContentsBeforeTransformation(Unknown >> Source) >> at >> org.apache.xml.security.signature.Reference.dereferenceURIandPerformTransforms(Unknown >> Source) >> at org.apache.xml.security.signature.Reference.calculateDigest(Unknown >> Source) >> at >> org.apache.xml.security.signature.Reference.generateDigestValue(Unknown >> Source) >> at >> org.apache.xml.security.signature.Manifest.generateDigestValues(Unknown >> Source) >> at org.apache.xml.security.signature.XMLSignature.sign(Unknown Source) >> at >> org.apache.ws.security.message.WSSecSignature.computeSignature(WSSecSignature.java:724) >> ... 23 more >> >> 2. >> java.util.ConcurrentModificationException >> at >> java.util.AbstractList$Itr.checkForComodification(AbstractList.java:372) >> at java.util.AbstractList$Itr.next(AbstractList.java:343) >> at >> org.apache.ws.security.WSDocInfo.getSecurityTokenReference(WSDocInfo.java:86) >> at >> org.apache.ws.security.message.EnvelopeIdResolver.engineResolve(EnvelopeIdResolver.java:114) >> at >> org.apache.xml.security.utils.resolver.ResourceResolver.resolve(Unknown >> Source) >> at >> org.apache.xml.security.signature.Reference.getContentsBeforeTransformation(Unknown >> Source) >> at >> org.apache.xml.security.signature.Reference.dereferenceURIandPerformTransforms(Unknown >> Source) >> at org.apache.xml.security.signature.Reference.calculateDigest(Unknown >> Source) >> at org.apache.xml.security.signature.Reference.verify(Unknown Source) >> at org.apache.xml.security.signature.Manifest.verifyReferences(Unknown >> Source) >> at org.apache.xml.security.signature.SignedInfo.verify(Unknown Source) >> at >> org.apache.xml.security.signature.XMLSignature.checkSignatureValue(Unknown >> Source) >> at >> org.apache.xml.security.signature.XMLSignature.checkSignatureValue(Unknown >> Source) >> at >> org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:516) >> at >> org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:120) >> at >> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:332) >> at >> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:249) >> at org.apache.rampart.RampartEngine.process(RampartEngine.java:177) >> at >> org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:92) >> >> Thanks, >> Hasini. >> > > > > -- > Colm O hEigeartaigh > > Talend Community Coder > http://coders.talend.com > >
