Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-14307

ConcurrentModificationException when creating resource_set

    XMLWordPrintable

    Details

    • Sprint:
      AM Sustaining Sprint 59
    • Story Points:
      1
    • Needs backport:
      No
    • Verified Version/s:
    • Needs QA verification:
      Yes
    • Functional tests:
      No
    • Are the reproduction steps defined?:
      Yes and I used the same an in the description

      Description

      Bug description

      ConcurrentModificationException when creating resource_set with multiple concurrent users

      How to reproduce the issue

      1. Create an OAuth2 client with scope uma_protection
      2. Configure UMA server (from Dashboard > Configure > OAuth Provider > Configure User Managed Access)
      3. Obtain a PAT access token (OAuth2 access token with scope uma_protection): 
        curl --request POST --header 'authorization: Basic cnNjbGllbnQ6cnNwYXNzd29yZA==' --data 'grant_type=password&username=demo&password=changeit&scope=uma_protection' 'http://openam.example.com:8080/openam/oauth2/access_token'
      1. Register a resource using the PAT obtained in 3. 
        curl --request POST --header 'Content-Type: application/json' --header "Authorization: Bearer $PAT" --data '{"name" : "New_Resource","resource_scopes" : ["read"], "labels" : ["New_resource_Label"],"type" : "MyType"}' 'http://openam.example.com:8080/openam/uma/resource_set'
      1. Create resource_set with 10 concurrent users and you will receive response code 500
      Expected behaviour
      resource_set can be created with multiple concurrent users.
      Current behaviour
      UmaResourceSetRegistrationHook throws ConcurrentModificationException

      Work around

      register resource_set one at a time

      Code analysis

      resourceTypeUuids in Application.java use plain HashSet without any synchronization but UmaResourceSetRegistrationHook iterate through resourceTypeUuids and then update this Set without synchronization which leads to ConcurrentModificationException

      com.sun.identity.entitlement.Application.java
      private final Set<String> resourceTypeUuids = new HashSet<>();

      There are two places which could throw ConcurrentModificationException :

      Caused by: java.util.ConcurrentModificationException
        at java.util.HashMap$HashIterator.nextNode(HashMap.java:1442)
        at java.util.HashMap$KeyIterator.next(HashMap.java:1466)
        at org.forgerock.openam.entitlement.service.ApplicationServiceImpl.checkIfResourceTypeExists(ApplicationServiceImpl.java:154)
        at org.forgerock.openam.entitlement.service.ApplicationServiceImpl.saveApplication(ApplicationServiceImpl.java:129)
        at org.forgerock.openam.uma.rest.UmaResourceSetRegistrationHook.updatePolicySet(UmaResourceSetRegistrationHook.java:131)
        at org.forgerock.openam.uma.rest.UmaResourceSetRegistrationHook.addResourceTypeToPolicySet(UmaResourceSetRegistrationHook.java:118)
        at org.forgerock.openam.uma.rest.UmaResourceSetRegistrationHook.resourceSetCreated(UmaResourceSetRegistrationHook.java:78)
        at org.forgerock.openam.uma.ResourceSetRegistrationEndpoint.createResourceSet(ResourceSetRegistrationEndpoint.java:154)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at org.restlet.resource.ServerResource.doHandle(ServerResource.java:508)

      and 

      Caused by: java.util.ConcurrentModificationException
        at java.util.HashMap$HashIterator.nextNode(HashMap.java:1437)
        at java.util.HashMap$KeyIterator.next(HashMap.java:1461)
        at com.sun.identity.entitlement.opensso.EntitlementService.extractApplicationData(EntitlementService.java:670)
        at com.sun.identity.entitlement.opensso.EntitlementService.storeApplication(EntitlementService.java:509)
        at org.forgerock.openam.entitlement.service.ApplicationServiceImpl.saveApplication(ApplicationServiceImpl.java:143)
        at org.forgerock.openam.uma.rest.UmaResourceSetRegistrationHook.updatePolicySet(UmaResourceSetRegistrationHook.java:131)
        at org.forgerock.openam.uma.rest.UmaResourceSetRegistrationHook.addResourceTypeToPolicySet(UmaResourceSetRegistrationHook.java:118)
        at org.forgerock.openam.uma.rest.UmaResourceSetRegistrationHook.resourceSetCreated(UmaResourceSetRegistrationHook.java:78)
        at org.forgerock.openam.uma.ResourceSetRegistrationEndpoint.createResourceSet(ResourceSetRegistrationEndpoint.java:154)

        Attachments

          Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. OPENAM-14232 Performance issue when creating resource_set in UMA with many existing resource_set

          • Major - Major loss of function.
          • Resolved

            Activity

              People

              Assignee:
              sachiko Sachiko Wallace
              Reporter:
              sachiko Sachiko Wallace
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: