[jira] [Created] (WSS-401) Concurrency issue in generating signature under high load

Mon, 27 Aug 2012 14:41:09 -0700 

Hasini Gunasinghe created WSS-401:
-------------------------------------

             Summary: Concurrency issue in generating signature under high load
                 Key: WSS-401
                 URL: https://issues.apache.org/jira/browse/WSS-401
             Project: WSS4J
          Issue Type: Bug
    Affects Versions: 1.5.11
            Reporter: Hasini Gunasinghe
            Assignee: Colm O hEigeartaigh
            Priority: Critical
             Fix For: 1.5.13


Error Logs:

1.
Caused by: org.apache.rampart.RampartException: Error in signature with 
X509Token
at 
org.apache.rampart.builder.AsymmetricBindingBuilder.doSignature(AsymmetricBindingBuilder.java:741)
at 
org.apache.rampart.builder.AsymmetricBindingBuilder.doSignBeforeEncrypt(AsymmetricBindingBuilder.java:414)
at 
org.apache.rampart.builder.AsymmetricBindingBuilder.build(AsymmetricBindingBuilder.java:90)
at org.apache.rampart.MessageBuilder.build(MessageBuilder.java:147)
at org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:65)
... 18 more
Caused by: org.apache.ws.security.WSSecurityException: Signature creation 
failed; nested exception is: 
java.util.ConcurrentModificationException
at 
org.apache.ws.security.message.WSSecSignature.computeSignature(WSSecSignature.java:732)
at 
org.apache.rampart.builder.AsymmetricBindingBuilder.doSignature(AsymmetricBindingBuilder.java:732)
... 22 more
Caused by: java.util.ConcurrentModificationException
at java.util.AbstractList$Itr.checkForComodification(AbstractList.java:372)
at java.util.AbstractList$Itr.next(AbstractList.java:343)
at org.apache.ws.security.WSDocInfo.getSecurityTokenReference(WSDocInfo.java:86)
at 
org.apache.ws.security.message.EnvelopeIdResolver.engineResolve(EnvelopeIdResolver.java:114)
at org.apache.xml.security.utils.resolver.ResourceResolver.resolve(Unknown 
Source)
at 
org.apache.xml.security.signature.Reference.getContentsBeforeTransformation(Unknown
 Source)
at 
org.apache.xml.security.signature.Reference.dereferenceURIandPerformTransforms(Unknown
 Source)
at org.apache.xml.security.signature.Reference.calculateDigest(Unknown Source)
at org.apache.xml.security.signature.Reference.generateDigestValue(Unknown 
Source)
at org.apache.xml.security.signature.Manifest.generateDigestValues(Unknown 
Source)
at org.apache.xml.security.signature.XMLSignature.sign(Unknown Source)
at 
org.apache.ws.security.message.WSSecSignature.computeSignature(WSSecSignature.java:724)
... 23 more

2.
java.util.ConcurrentModificationException
at java.util.AbstractList$Itr.checkForComodification(AbstractList.java:372)
at java.util.AbstractList$Itr.next(AbstractList.java:343)
at org.apache.ws.security.WSDocInfo.getSecurityTokenReference(WSDocInfo.java:86)
at 
org.apache.ws.security.message.EnvelopeIdResolver.engineResolve(EnvelopeIdResolver.java:114)
at org.apache.xml.security.utils.resolver.ResourceResolver.resolve(Unknown 
Source)
at 
org.apache.xml.security.signature.Reference.getContentsBeforeTransformation(Unknown
 Source)
at 
org.apache.xml.security.signature.Reference.dereferenceURIandPerformTransforms(Unknown
 Source)
at org.apache.xml.security.signature.Reference.calculateDigest(Unknown Source)
at org.apache.xml.security.signature.Reference.verify(Unknown Source)
at org.apache.xml.security.signature.Manifest.verifyReferences(Unknown Source)
at org.apache.xml.security.signature.SignedInfo.verify(Unknown Source)
at org.apache.xml.security.signature.XMLSignature.checkSignatureValue(Unknown 
Source)
at org.apache.xml.security.signature.XMLSignature.checkSignatureValue(Unknown 
Source)
at 
org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:516)
at 
org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:120)
at 
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:332)
at 
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:249)
at org.apache.rampart.RampartEngine.process(RampartEngine.java:177)
at org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:92)

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to