axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chamara Philips <chcphilips....@gmail.com>
Subject Concurrency issue with DocumentBuilderFactoryImpl.setDOOMRequired in SAMLTokenIssuer
Date Fri, 25 Mar 2016 07:02:05 GMT
Hi devs,

There are two issues found when we test WSO2 Identity Server with Passive
STS and SAML SSO. We do a load test by sending requests to passivests
endpoint requesting for a user login. And we try to login through SAML SSO
endpoint at the sametime. Attached NPE was given when doing this.
We have found the [1],[2],[3],[4] which described the scenario and the fix
for this issue.

But at the moment we have a problem with upgrading wso2-rampart to use the
latest apache-rampart version which has the fix for this issue. We are
using axiom version 1.2.11-wso2v5 and rampart version 1.6.1-wso2v17.

The issue is with [5] [6] lines. We need to introduce the AxiomParserPool
to get rid of this. But the existing axiom version doesn't support this.
Any thoughts to overcome this with existing resources is highly
appreciated.


[1]
http://www.archivum.info/axis-user@ws.apache.org/2007-02/00065/Re-(Axis2-1.0)-Rampart-Axoim-Threading-Issues.html
[2] http://mail.wso2.org/mailarchive/dev/2014-January/026710.html
[3] https://issues.apache.org/jira/browse/AXIS2-1570
[4] https://issues.apache.org/jira/browse/AXIOM-332
[5]
https://github.com/wso2/wso2-rampart/blob/master/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenIssuer.java#L132

[6]
https://github.com/wso2/wso2-rampart/blob/master/modules/rampart-trust/src/main/java/org/apache/rahas/impl/SAMLTokenIssuer.java#L293

Thanks & Regards,
Hareendra Chamara Philips

Mime
View raw message