Details
Description
Bug description
ConcurrentModificationException when creating resource_set with multiple concurrent users
How to reproduce the issue
- Create an OAuth2 client with scope uma_protection
- Configure UMA server (from Dashboard > Configure > OAuth Provider > Configure User Managed Access)
- Obtain a PAT access token (OAuth2 access token with scope uma_protection):
curl --request POST --header 'authorization: Basic cnNjbGllbnQ6cnNwYXNzd29yZA==' --data 'grant_type=password&username=demo&password=changeit&scope=uma_protection' 'http://openam.example.com:8080/openam/oauth2/access_token'
- Register a resource using the PAT obtained in 3.
curl --request POST --header 'Content-Type: application/json' --header "Authorization: Bearer $PAT" --data '{"name" : "New_Resource","resource_scopes" : ["read"], "labels" : ["New_resource_Label"],"type" : "MyType"}' 'http://openam.example.com:8080/openam/uma/resource_set'
- Create resource_set with 10 concurrent users and you will receive response code 500
Expected behaviour
resource_set can be created with multiple concurrent users.
Current behaviour
UmaResourceSetRegistrationHook throws ConcurrentModificationException
Work around
register resource_set one at a time
Code analysis
resourceTypeUuids in Application.java use plain HashSet without any synchronization but UmaResourceSetRegistrationHook iterate through resourceTypeUuids and then update this Set without synchronization which leads to ConcurrentModificationException
com.sun.identity.entitlement.Application.java
private final Set<String> resourceTypeUuids = new HashSet<>();
There are two places which could throw ConcurrentModificationException :
Caused by: java.util.ConcurrentModificationException
at java.util.HashMap$HashIterator.nextNode(HashMap.java:1442)
at java.util.HashMap$KeyIterator.next(HashMap.java:1466)
at org.forgerock.openam.entitlement.service.ApplicationServiceImpl.checkIfResourceTypeExists(ApplicationServiceImpl.java:154)
at org.forgerock.openam.entitlement.service.ApplicationServiceImpl.saveApplication(ApplicationServiceImpl.java:129)
at org.forgerock.openam.uma.rest.UmaResourceSetRegistrationHook.updatePolicySet(UmaResourceSetRegistrationHook.java:131)
at org.forgerock.openam.uma.rest.UmaResourceSetRegistrationHook.addResourceTypeToPolicySet(UmaResourceSetRegistrationHook.java:118)
at org.forgerock.openam.uma.rest.UmaResourceSetRegistrationHook.resourceSetCreated(UmaResourceSetRegistrationHook.java:78)
at org.forgerock.openam.uma.ResourceSetRegistrationEndpoint.createResourceSet(ResourceSetRegistrationEndpoint.java:154)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.restlet.resource.ServerResource.doHandle(ServerResource.java:508)
and
Caused by: java.util.ConcurrentModificationException
at java.util.HashMap$HashIterator.nextNode(HashMap.java:1437)
at java.util.HashMap$KeyIterator.next(HashMap.java:1461)
at com.sun.identity.entitlement.opensso.EntitlementService.extractApplicationData(EntitlementService.java:670)
at com.sun.identity.entitlement.opensso.EntitlementService.storeApplication(EntitlementService.java:509)
at org.forgerock.openam.entitlement.service.ApplicationServiceImpl.saveApplication(ApplicationServiceImpl.java:143)
at org.forgerock.openam.uma.rest.UmaResourceSetRegistrationHook.updatePolicySet(UmaResourceSetRegistrationHook.java:131)
at org.forgerock.openam.uma.rest.UmaResourceSetRegistrationHook.addResourceTypeToPolicySet(UmaResourceSetRegistrationHook.java:118)
at org.forgerock.openam.uma.rest.UmaResourceSetRegistrationHook.resourceSetCreated(UmaResourceSetRegistrationHook.java:78)
at org.forgerock.openam.uma.ResourceSetRegistrationEndpoint.createResourceSet(ResourceSetRegistrationEndpoint.java:154)
Attachments
Issue Links
- is related to
-
OPENAM-14232 Performance issue when creating resource_set in UMA with many existing resource_set
-
- Resolved
-