Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-14307

ConcurrentModificationException when creating resource_set

    Details

    • Sprint:
      AM Sustaining Sprint 59
    • Story Points:
      1
    • Needs backport:
      No
    • Verified Version/s:
    • Needs QA verification:
      Yes
    • Functional tests:
      No
    • Are the reproduction steps defined?:
      Yes and I used the same an in the description

      Description

      Bug description

      ConcurrentModificationException when creating resource_set with multiple concurrent users

      How to reproduce the issue

      1. Create an OAuth2 client with scope uma_protection
      2. Configure UMA server (from Dashboard > Configure > OAuth Provider > Configure User Managed Access)
      3. Obtain a PAT access token (OAuth2 access token with scope uma_protection):
        curl --request POST --header 'authorization: Basic cnNjbGllbnQ6cnNwYXNzd29yZA==' --data 'grant_type=password&username=demo&password=changeit&scope=uma_protection' 'http://openam.example.com:8080/openam/oauth2/access_token'
      1. Register a resource using the PAT obtained in 3.
        curl --request POST --header 'Content-Type: application/json' --header "Authorization: Bearer $PAT" --data '{"name" : "New_Resource","resource_scopes" : ["read"], "labels" : ["New_resource_Label"],"type" : "MyType"}' 'http://openam.example.com:8080/openam/uma/resource_set'
      1. Create resource_set with 10 concurrent users and you will receive response code 500
      Expected behaviour
      resource_set can be created with multiple concurrent users.
      
      Current behaviour
      UmaResourceSetRegistrationHook throws ConcurrentModificationException
      

      Work around

      register resource_set one at a time

      Code analysis

      resourceTypeUuids in Application.java use plain HashSet without any synchronization but UmaResourceSetRegistrationHook iterate through resourceTypeUuids and then update this Set without synchronization which leads to ConcurrentModificationException

      com.sun.identity.entitlement.Application.java
      private final Set<String> resourceTypeUuids = new HashSet<>();
      

      There are two places which could throw ConcurrentModificationException :

      Caused by: java.util.ConcurrentModificationException
              at java.util.HashMap$HashIterator.nextNode(HashMap.java:1442)
              at java.util.HashMap$KeyIterator.next(HashMap.java:1466)
              at org.forgerock.openam.entitlement.service.ApplicationServiceImpl.checkIfResourceTypeExists(ApplicationServiceImpl.java:154)
              at org.forgerock.openam.entitlement.service.ApplicationServiceImpl.saveApplication(ApplicationServiceImpl.java:129)
              at org.forgerock.openam.uma.rest.UmaResourceSetRegistrationHook.updatePolicySet(UmaResourceSetRegistrationHook.java:131)
              at org.forgerock.openam.uma.rest.UmaResourceSetRegistrationHook.addResourceTypeToPolicySet(UmaResourceSetRegistrationHook.java:118)
              at org.forgerock.openam.uma.rest.UmaResourceSetRegistrationHook.resourceSetCreated(UmaResourceSetRegistrationHook.java:78)
              at org.forgerock.openam.uma.ResourceSetRegistrationEndpoint.createResourceSet(ResourceSetRegistrationEndpoint.java:154)
              at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
              at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
              at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
              at java.lang.reflect.Method.invoke(Method.java:498)
              at org.restlet.resource.ServerResource.doHandle(ServerResource.java:508)
      

      and

      Caused by: java.util.ConcurrentModificationException
              at java.util.HashMap$HashIterator.nextNode(HashMap.java:1437)
              at java.util.HashMap$KeyIterator.next(HashMap.java:1461)
              at com.sun.identity.entitlement.opensso.EntitlementService.extractApplicationData(EntitlementService.java:670)
              at com.sun.identity.entitlement.opensso.EntitlementService.storeApplication(EntitlementService.java:509)
              at org.forgerock.openam.entitlement.service.ApplicationServiceImpl.saveApplication(ApplicationServiceImpl.java:143)
              at org.forgerock.openam.uma.rest.UmaResourceSetRegistrationHook.updatePolicySet(UmaResourceSetRegistrationHook.java:131)
              at org.forgerock.openam.uma.rest.UmaResourceSetRegistrationHook.addResourceTypeToPolicySet(UmaResourceSetRegistrationHook.java:118)
              at org.forgerock.openam.uma.rest.UmaResourceSetRegistrationHook.resourceSetCreated(UmaResourceSetRegistrationHook.java:78)
              at org.forgerock.openam.uma.ResourceSetRegistrationEndpoint.createResourceSet(ResourceSetRegistrationEndpoint.java:154)
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                sachiko Sachiko Wallace
                Reporter:
                sachiko Sachiko Wallace
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: