Uploaded image for project: 'Camel'
  1. Camel
  2. CAMEL-10830

Race condition when reading principal for one-way web services

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Minor
    • Resolution: Fixed
    • 2.16.2
    • 2.19.0
    • camel-cxf
    • None
    • Unknown

    Description

      This is an issue of the more esoteric kind.

      If camel-cxf is running on Tomcat 7 and the provided web service is a one-way webservice and if the robust feature is not set in very rare cases the following exception can occur:

      nowjava.lang.SecurityException: attempting to add an object which is not an instance of java.security.Principal to a Subject's Principal Set
              at javax.security.auth.Subject$SecureSet.add(Subject.java:1106)
              at java.util.Collections$SynchronizedCollection.add(Collections.java:1636)
              at org.apache.camel.component.cxf.DefaultCxfBinding.populateExchangeFromCxfRequest(DefaultCxfBinding.java:275)
              at org.apache.camel.component.cxf.CxfConsumer$1.prepareCamelExchange(CxfConsumer.java:187)
              at org.apache.camel.component.cxf.CxfConsumer$1.syncInvoke(CxfConsumer.java:132)
              at org.apache.camel.component.cxf.CxfConsumer$1.invoke(CxfConsumer.java:78)
              at org.apache.cxf.interceptor.ServiceInvokerInterceptor$1.run(ServiceInvokerInterceptor.java:59)
              at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
              at java.util.concurrent.FutureTask.run(FutureTask.java:262)
              at org.apache.cxf.interceptor.ServiceInvokerInterceptor$2.run(ServiceInvokerInterceptor.java:126)
              at org.apache.cxf.workqueue.SynchronousExecutor.execute(SynchronousExecutor.java:37)
              at org.apache.cxf.interceptor.ServiceInvokerInterceptor.handleMessage(ServiceInvokerInterceptor.java:131)
              at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308)
              at org.apache.cxf.phase.PhaseInterceptorChain.resume(PhaseInterceptorChain.java:278)
              at org.apache.cxf.interceptor.OneWayProcessorInterceptor$1.run(OneWayProcessorInterceptor.java:137)
              at org.apache.cxf.workqueue.AutomaticWorkQueueImpl$3.run(AutomaticWorkQueueImpl.java:428)
              at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
              at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
              at org.apache.cxf.workqueue.AutomaticWorkQueueImpl$AWQThreadFactory$1.run(AutomaticWorkQueueImpl.java:353)
              at java.lang.Thread.run(Thread.java:807)
      

      The reason for that is in the combination of this code

      DefaultCxfBinding.java
              if (securityContext instanceof LoginSecurityContext
                  && ((LoginSecurityContext)securityContext).getSubject() != null) {
                  camelExchange.getIn().getHeaders().put(Exchange.AUTHENTICATION, 
                                                         ((LoginSecurityContext)securityContext).getSubject());
              } else if (securityContext != null && securityContext.getUserPrincipal() != null) {
                  Subject subject = new Subject();
                  subject.getPrincipals().add(securityContext.getUserPrincipal());
                  camelExchange.getIn().getHeaders().put(Exchange.AUTHENTICATION, subject);
              }
      

      with the implementation of the CXF securtyContext, the way Tomcat implements the login context, and the thread context change created by CXF for the one-way web services. As a result the behaviour of securityContext.getUserPrincipal() may change asynchonously at any time (so it may return a principal when the null check happens and may return null on the second call). Trying to add null to the principals will create above exception.

      The fix for this is to call getUserPrincipal() only once and perform the null check and the add() operation with the result.

      Obviously the issue is not testable (because even in the environment where this may happen it is very improbable that it can be reproduced).

      Attachments

        Activity

          People

            siano Stephan Siano
            siano Stephan Siano
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: