Hi Hasini, I think that issue is probably fixed in 1.6.x. There was a lot of refactoring done to simplify things in 1.6.x, in particular WSSecurityEngine is no longer a singleton, WSDocInfoStore was removed, etc. Is it possible to re-run the test-cases with a version of Rampart that uses WSS4J 1.6.x.?
As for WSS4J 1.5.x, could you also try with WSS4J 1.5.12? If that doesn't work, I'm willing to release *one* more release on that branch. So if you want to create a patch for this issue I'll apply it and get 1.5.13 out, with an XML Security upgrade. Colm. On Thu, Aug 23, 2012 at 5:58 PM, Hasini Gunasinghe <[email protected]>wrote: > Yes, it is 1.5.11. > Could I know whether the above particular issue is addressed in 1.6.x? > > Thanks, > Hasini. > > > On Thu, Aug 23, 2012 at 10:09 PM, Colm O hEigeartaigh <[email protected] > > wrote: > >> >> What version of WSS4J are you using? It looks like you are using 1.5.x - >> which is essentially deprecated at this stage. Is it possible to move to >> using 1.6.x instead? >> >> Colm. >> >> >> On Thu, Aug 23, 2012 at 5:56 AM, Hasini Gunasinghe <[email protected]>wrote: >> >>> Hi, >>> >>> We have observed $subject when using WSS4J with Rampart for digital >>> signature. >>> I have attached the error logs at [1] and [2] for your reference. >>> >>> According to the error and going through the code, it seems that the >>> root cause is: "securityTokenReferences" variable in >>> org.apache.ws.security.WSDocInfo, which is a List (and initialized as a >>> Vector later) is trying to be modified by the method: >>> WSDocInfo#setSecurityTokenReference while the iterator obtained on >>> "securityTokenReferences" is being iterated in the method: >>> WSDocInfo#getSecurityTokenReference. >>> >>> When the code is modified such that the iteration happens in a >>> synchronized block, the above issue doesn't occur anymore even under high >>> load. But that would not be the ideal solution since it can cause >>> performance overhead. >>> >>> Appreciate any thoughts on an optimal solution for this concurrency >>> issue. >>> >>> [1] >>> Caused by: org.apache.rampart.RampartException: Error in signature with >>> X509Token >>> at >>> org.apache.rampart.builder.AsymmetricBindingBuilder.doSignature(AsymmetricBindingBuilder.java:741) >>> at >>> org.apache.rampart.builder.AsymmetricBindingBuilder.doSignBeforeEncrypt(AsymmetricBindingBuilder.java:414) >>> at >>> org.apache.rampart.builder.AsymmetricBindingBuilder.build(AsymmetricBindingBuilder.java:90) >>> at org.apache.rampart.MessageBuilder.build(MessageBuilder.java:147) >>> at org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:65) >>> ... 18 more >>> Caused by: org.apache.ws.security.WSSecurityException: Signature >>> creation failed; nested exception is: >>> java.util.ConcurrentModificationException >>> at >>> org.apache.ws.security.message.WSSecSignature.computeSignature(WSSecSignature.java:732) >>> at >>> org.apache.rampart.builder.AsymmetricBindingBuilder.doSignature(AsymmetricBindingBuilder.java:732) >>> ... 22 more >>> Caused by: java.util.ConcurrentModificationException >>> at >>> java.util.AbstractList$Itr.checkForComodification(AbstractList.java:372) >>> at java.util.AbstractList$Itr.next(AbstractList.java:343) >>> at >>> org.apache.ws.security.WSDocInfo.getSecurityTokenReference(WSDocInfo.java:86) >>> at >>> org.apache.ws.security.message.EnvelopeIdResolver.engineResolve(EnvelopeIdResolver.java:114) >>> at >>> org.apache.xml.security.utils.resolver.ResourceResolver.resolve(Unknown >>> Source) >>> at >>> org.apache.xml.security.signature.Reference.getContentsBeforeTransformation(Unknown >>> Source) >>> at >>> org.apache.xml.security.signature.Reference.dereferenceURIandPerformTransforms(Unknown >>> Source) >>> at org.apache.xml.security.signature.Reference.calculateDigest(Unknown >>> Source) >>> at >>> org.apache.xml.security.signature.Reference.generateDigestValue(Unknown >>> Source) >>> at >>> org.apache.xml.security.signature.Manifest.generateDigestValues(Unknown >>> Source) >>> at org.apache.xml.security.signature.XMLSignature.sign(Unknown Source) >>> at >>> org.apache.ws.security.message.WSSecSignature.computeSignature(WSSecSignature.java:724) >>> ... 23 more >>> >>> 2. >>> java.util.ConcurrentModificationException >>> at >>> java.util.AbstractList$Itr.checkForComodification(AbstractList.java:372) >>> at java.util.AbstractList$Itr.next(AbstractList.java:343) >>> at >>> org.apache.ws.security.WSDocInfo.getSecurityTokenReference(WSDocInfo.java:86) >>> at >>> org.apache.ws.security.message.EnvelopeIdResolver.engineResolve(EnvelopeIdResolver.java:114) >>> at >>> org.apache.xml.security.utils.resolver.ResourceResolver.resolve(Unknown >>> Source) >>> at >>> org.apache.xml.security.signature.Reference.getContentsBeforeTransformation(Unknown >>> Source) >>> at >>> org.apache.xml.security.signature.Reference.dereferenceURIandPerformTransforms(Unknown >>> Source) >>> at org.apache.xml.security.signature.Reference.calculateDigest(Unknown >>> Source) >>> at org.apache.xml.security.signature.Reference.verify(Unknown Source) >>> at org.apache.xml.security.signature.Manifest.verifyReferences(Unknown >>> Source) >>> at org.apache.xml.security.signature.SignedInfo.verify(Unknown Source) >>> at >>> org.apache.xml.security.signature.XMLSignature.checkSignatureValue(Unknown >>> Source) >>> at >>> org.apache.xml.security.signature.XMLSignature.checkSignatureValue(Unknown >>> Source) >>> at >>> org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:516) >>> at >>> org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:120) >>> at >>> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:332) >>> at >>> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:249) >>> at org.apache.rampart.RampartEngine.process(RampartEngine.java:177) >>> at >>> org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:92) >>> >>> Thanks, >>> Hasini. >>> >> >> >> >> -- >> Colm O hEigeartaigh >> >> Talend Community Coder >> http://coders.talend.com >> >> > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
