[ http://issues.apache.org/jira/browse/WSS-24?page=comments#action_12364986 ]
Paul Grillo commented on WSS-24: -------------------------------- We are still seeing this very sporadically. However, we don't have a lot of activity. I've been waiting for our partner to rev up the transactions. When i feel confident that it is reproducable and happens reliably enough (once a day vs once a week) i'll redeploy and see if the problem goes away. I'm assuming the latest available would have whatever was in SVN back in November. If that doesn't work, i'll apply the suggested patch and see what happens. This will not be happening in the immediate future, probably over the next couple of months. > Thread safety in WSDoAllReceiver using WSSecEngine > -------------------------------------------------- > > Key: WSS-24 > URL: http://issues.apache.org/jira/browse/WSS-24 > Project: WSS4J > Type: Bug > Environment: Windows 2000, JDK 1.4.2_06, 2 CPU, 2GHz > Reporter: Samrat Ketu > Assignee: Davanum Srinivas > > We have a multi-threaded program that uses Axis and WSS4J to send encrypted > messages to a web service and decrypts the contents as they are received. > We intermittently face the below exception - like 10 out of 5000 requests. > Typical number of threads running are 10, pumping 10 messages per second. As > you can see, the problem is happening while decrypting the response. > I was looking into the source code of WSS4J and realized that it could be > because of > a. the way session/symmetric key is stored in WSSecEngine (decryptedBytes > variable is used to store the session key and it is declared at the class > level) > b. the fact that reference to WSSecEngine is actually a static final variable > in WSHandler (which is extended ultimately by WSDoAllReceiver) > Apparently, all instances of WSDoAllReceiver use the same instance of > WSSecEngine to do encryption and decryption. And within WSSecEngine, the > symmetric key is a global variable, so different method invocations to > decrypt data will overwrite each other's symmetric key. > Exception is > org.apache.ws.security.WSSecurityException: Error Class: > org.apache.ws.security.WSSecurityException > Cannot encrypt/decrypt data; nested exception is: > org.apache.xml.security.encryption.XMLEncryptionException: pad block > corrupted > Original Exception was javax.crypto.BadPaddingException: pad block > corrupted > org.apache.ws.security.WSSecurityException: Cannot > encrypt/decrypt data; nested exception is: > org.apache.xml.security.encryption.XMLEncryptionException: pad > block corrupted > Original Exception was javax.crypto.BadPaddingException: pad block > corrupted > at > org.apache.ws.security.WSSecurityEngine.decryptDataRef(WSSecurityEngine.java:1226) > at org.apache.ws.security.WSSecurityEngine.handleEncryptedKey > (WSSecurityEngine.java:1171) > at > org.apache.ws.security.WSSecurityEngine.handleEncryptedKey(WSSecurityEngine.java:926) > at > org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java > :349) > at > org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:245) > at > org.apache.ws.axis.security.WSDoAllReceiver.invoke(WSDoAllReceiver.java:156) > at org.apache.axis.strategies.InvocationStrategy.visit > (InvocationStrategy.java:32) > at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118) > at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83) > at org.apache.axis.client.AxisClient.invoke (AxisClient.java:190) > at org.apache.axis.client.Call.invokeEngine(Call.java:2765) > at org.apache.axis.client.Call.invoke(Call.java:2748) > at org.apache.axis.client.Call.invoke(Call.java:2424) > at org.apache.axis.client.Call.invoke(Call.java:2347) > at org.apache.axis.client.Call.invoke(Call.java:1804) > .... > .... > Caused by: org.apache.xml.security.encryption.XMLEncryptionException > : pad block corrupted > Original Exception was javax.crypto.BadPaddingException: pad block > corrupted > at > org.apache.xml.security.encryption.XMLCipher.decryptToByteArray(Unknown > Source) > at org.apache.xml.security.encryption.XMLCipher.decryptElement > (Unknown Source) > at > org.apache.xml.security.encryption.XMLCipher.decryptElementContent(Unknown > Source) > at org.apache.xml.security.encryption.XMLCipher.doFinal(Unknown > Source) > at org.apache.ws.security.WSSecurityEngine.decryptDataRef > (WSSecurityEngine.java:1224) > ... 17 more -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
