String.intern() issues?

Thu, 08 Jul 2010 07:48:05 -0700 

Dear Xml Security,

We are using Xml Security via WSS4J and have encountered the following error:

Caused by: org.apache.ws.security.WSSecurityException: The signature or 
decryption was invalid (Cannot setup signature data structure); nested 
exception is: 
        org.apache.xml.security.exceptions.XMLSecurityException: Cannot create 
a http://www.w3.org/2000/09/xmldsig#:KeyInfo from a 
http://www.w3.org/2000/09/xmldsig#:KeyInfo element
        at 
org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:199)
        at 
org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:97)
        at 
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:326)
        at 
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:243)
        at 
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:196)
        at 
com.bt.pi.api.security.CryptoFacade.processSecurityHeader(CryptoFacade.java:151)
        at 
com.bt.pi.api.security.UserServiceCachingCryptoFacadeWrapper.processSecurityHeader(UserServiceCachingCryptoFacadeWrapper.java:132)
        at 
com.bt.pi.api.servlet.WSSecurityHandler.processSecurityHeader(WSSecurityHandler.java:67)
        ... 8 more
Caused by: org.apache.xml.security.exceptions.XMLSecurityException: Cannot 
create a http://www.w3.org/2000/09/xmldsig#:KeyInfo from a 
http://www.w3.org/2000/09/xmldsig#:KeyInfo element
        at 
org.apache.xml.security.utils.ElementCheckerImpl$InternedNsChecker.guaranteeThatElementInCorrectSpace(Unknown
 Source)
        at 
org.apache.xml.security.utils.ElementProxy.guaranteeThatElementInCorrectSpace(Unknown
 Source)
        at org.apache.xml.security.utils.ElementProxy.<init>(Unknown Source)
        at org.apache.xml.security.utils.SignatureElementProxy.<init>(Unknown 
Source)
        at org.apache.xml.security.keys.KeyInfo.<init>(Unknown Source)
        at org.apache.xml.security.signature.XMLSignature.<init>(Unknown Source)
        at 
org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:197)
        ... 15 more


This error only occurs are our application has been running for some time. Some 
Googling suggests issues with the use of != rather than !.equals() also related 
to String.intern() (used by xml parser?) and Permgen garbage collection.

We are going to try running with a patched version of 
org.apache.xml.security.utils.ElementCheckerImpl replacing:

      if ((namespaceSHOULDBE!=namespaceIS) || 
!localnameSHOULDBE.equals(localnameIS) ) {      

with

     if (!namespaceSHOULDBE.equals(namespaceIS) || 
!localnameSHOULDBE.equals(localnameIS) ) {      

I will post again with a process report.

Adrian Smith   
BT Design

Reply via email to