Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ConcurrentModificationException in HttpSignProvider #5594

Closed
janotav opened this issue Dec 5, 2022 · 1 comment
Closed

ConcurrentModificationException in HttpSignProvider #5594

janotav opened this issue Dec 5, 2022 · 1 comment
Assignees
@Verdent
Labels
2.x Issues for 2.x version branch bug Something isn't working P2 security

Comments

@janotav
Copy link

janotav commented Dec 5, 2022

Environment Details

  • Helidon Version: 2.5.4
  • Helidon SE
  • JDK version: 11
  • OS: Linux

Problem Description

Under load, following exception is encountered in HttpSignProvider:

Caused by: java.util.ConcurrentModificationException
	at java.util.HashMap.computeIfAbsent(HashMap.java:1135) ~[?:?]
	at io.helidon.security.providers.httpsign.HttpSignProvider.lambda$signRequest$9(HttpSignProvider.java:270) ~[helidon-security-providers-http-sign-2.5.4.jar:2.5.4]
	at java.util.Optional.map(Optional.java:265) ~[?:?]
	at io.helidon.security.providers.httpsign.HttpSignProvider.signRequest(HttpSignProvider.java:269) ~[helidon-security-providers-http-sign-2.5.4.jar:2.5.4]
	at io.helidon.security.providers.httpsign.HttpSignProvider.lambda$outboundSecurity$4(HttpSignProvider.java:261) ~[helidon-security-providers-http-sign-2.5.4.jar:2.5.4]
	at java.util.concurrent.CompletableFuture$AsyncSupply.run(CompletableFuture.java:1700) ~[?:?]
	at io.helidon.common.context.Contexts.runInContext(Contexts.java:117) ~[helidon-common-context-2.5.4.jar:2.5.4]
	at io.helidon.common.context.ContextAwareExecutorImpl.lambda$wrap$7(ContextAwareExecutorImpl.java:154) ~[helidon-common-context-2.5.4.jar:2.5.4]
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) ~[?:?]
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) ~[?:?]
	... 1 more

In order to minimize latency of our reverse proxy, we cache/reuse HttpSignProvider across requests. Is that valid?
@m0mus m0mus added security bug Something isn't working P2 labels Dec 8, 2022
@github-actions github-actions bot added the 2.x Issues for 2.x version branch label Sep 15, 2023
This was referenced Sep 15, 2023
Closed
Closed
@Verdent Verdent mentioned this issue Sep 15, 2023
Merged
@Verdent
Copy link
Member

Verdent commented Sep 27, 2023

Fixed

@Verdent Verdent closed this as completed Sep 27, 2023
@m0mus m0mus added this to Backlog Aug 12, 2024
@m0mus m0mus moved this to Closed in Backlog Aug 12, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Verdent Verdent

Labels
2.x Issues for 2.x version branch bug Something isn't working P2 security
Projects
Backlog
Archived in project
Milestone
No milestone
Development

No branches or pull requests
3 participants
@janotav @Verdent @m0mus