[
https://issues.apache.org/jira/browse/CXF-9065?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17892823#comment-17892823
]
Mehmet Can Cömert commented on CXF-9065:
----------------------------------------
Sorry for late answer, unfortunately I do not have a small application that can
reproduce the issue.
We have an OSGI Application where Apache CXF Server is running to provide REST
API and for OpenID Session management we call the endpoints of an OpenID
Provider (Keycloak) with CXF Web Client libraries.
As we call the token endpoint for revoking the existing tokens to process
logout, time to time this error occurs.
At first I toght it was an abnormality in one installation but it happened in
different installations in different times therefore I wanted to report the
issue.
In last 6 months it happened really rare, 2 or 3 times reported by users on
different installations.
How it is triggered is not clear to me, maybe a double click on logout causes
multiple threads to call "Client" object at the same time.
As a workaround we re-implemented the same functionality with another Web
Client instead of CXF Web Client libraries.
Both of the places are a SSL delegate is calling a method with the same name
from a proxy, somehow if delegate gets its own instance such as (this) as proxy
this error can happen, but how a Wrapper gets itself, or a Wrapper that
contains itself is also not clear to me.
> StackOverflow Exception during execution of WebClient POST Request on
> SSLUtils class
> ------------------------------------------------------------------------------------
>
> Key: CXF-9065
> URL: https://issues.apache.org/jira/browse/CXF-9065
> Project: CXF
> Issue Type: Bug
> Components: JAX-RS
> Affects Versions: 3.6.4
> Reporter: Mehmet Can Cömert
> Assignee: Andriy Redko
> Priority: Major
> Fix For: 3.6.5, 4.0.6
>
>
> I am trying to make a POST call by using CXF with following code:
> {code:java}
> MultivaluedMap<String, String> map = new MultivaluedHashMap<String,
> String>();
> map.put("client_id", Arrays.asList(clientId));
> map.put("client_secret", Arrays.asList(clientSecret));
> map.put("token", Arrays.asList(token));
> boolean result = false;
> try {
> Client client = getClientBuilder().build();
> WebTarget target = client.target(revocationEndpoint);
> Invocation.Builder tokenRequest =
> target.request(MediaType.APPLICATION_JSON);
> tokenRequest.cookie(cookie);
> Response response = tokenRequest.post(Entity.entity(map,
> MediaType.APPLICATION_FORM_URLENCODED_TYPE));
> result = response.getStatus() == 200;
> } catch (RuntimeException e) {
> LOG.error("Token revocation for the logout has failed: " +
> e.getMessage(), e);
> }
> {code}
> Then I get a Stack Overflow Exception on SSL Utils 301:
> {code:java}
> Caused by: java.io.IOException: IOException invoking
> https://some-server/realms/some-realm-default/protocol/openid-connect/revoke:
> java.lang.StackOverflowError
> at
> java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native
> Method)
> at
> java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
> at
> java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
> at
> java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:490)
> at
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.mapException(HTTPConduit.java:1452)
> at
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1433)
> at
> org.apache.cxf.io.AbstractWrappedOutputStream.close(AbstractWrappedOutputStream.java:77)
> at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
> at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:717)
> at
> org.apache.cxf.transport.http.HttpClientHTTPConduit.close(HttpClientHTTPConduit.java:112)
> at
> org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:63)
> at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307)
> at
> org.apache.cxf.jaxrs.client.AbstractClient.doRunInterceptorChain(AbstractClient.java:710)
> at
> org.apache.cxf.jaxrs.client.WebClient.doChainedInvocation(WebClient.java:1086)
> ... 69 common frames omitted
> Caused by: java.io.IOException: java.lang.StackOverflowError
> at
> org.apache.cxf.transport.http.HttpClientHTTPConduit$HttpClientWrappedOutputStream.getResponse(HttpClientHTTPConduit.java:590)
> at
> org.apache.cxf.transport.http.HttpClientHTTPConduit$HttpClientWrappedOutputStream.getResponseCode(HttpClientHTTPConduit.java:601)
> at
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.doProcessResponseCode(HTTPConduit.java:1653)
> at
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:1684)
> at
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:1626)
> at
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1420)
> ... 77 common frames omitted
> Caused by: java.lang.StackOverflowError: null
> at
> java.base/java.util.Collections$UnmodifiableCollection.size(Collections.java:1034)
> at
> java.base/sun.security.ssl.ProtocolVersion.toStringArray(ProtocolVersion.java:250)
> at
> java.base/sun.security.ssl.SSLConfiguration.getSSLParameters(SSLConfiguration.java:177)
> at
> java.base/sun.security.ssl.SSLEngineImpl.getSSLParameters(SSLEngineImpl.java:867)
> at
> org.apache.cxf.transport.https.SSLUtils$SSLEngineWrapper.getSSLParameters(SSLUtils.java:301)
> at
> org.apache.cxf.transport.https.SSLUtils$SSLEngineWrapper.getSSLParameters(SSLUtils.java:301)
> at
> org.apache.cxf.transport.https.SSLUtils$SSLEngineWrapper.getSSLParameters(SSLUtils.java:301)
> at
> org.apache.cxf.transport.https.SSLUtils$SSLEngineWrapper.getSSLParameters(SSLUtils.java:301)
> at
> org.apache.cxf.transport.https.SSLUtils$SSLEngineWrapper.getSSLParameters(SSLUtils.java:301)
> at
> org.apache.cxf.transport.https.SSLUtils$SSLEngineWrapper.getSSLParameters(SSLUtils.java:301)
> at
> org.apache.cxf.transport.https.SSLUtils$SSLEngineWrapper.getSSLParameters(SSLUtils.java:301)
> at
> org.apache.cxf.transport.https.SSLUtils$SSLEngineWrapper.getSSLParameters(SSLUtils.java:301)
> at
> org.apache.cxf.transport.https.SSLUtils$SSLEngineWrapper.getSSLParameters(SSLUtils.java:301)
> at
> org.apache.cxf.transport.https.SSLUtils$SSLEngineWrapper.getSSLParameters(SSLUtils.java:301)
> {code}
> Another variant is on SSL Utils 307:
> {code:java}
> Caused by: java.io.IOException: IOException invoking
> https://some-server/realms/some-realm-default/protocol/openid-connect/revoke:
> java.lang.StackOverflowError
> at
> java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native
> Method)
> at
> java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
> at
> java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
> at
> java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:490)
> at
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.mapException(HTTPConduit.java:1452)
> at
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1433)
> at
> org.apache.cxf.io.AbstractWrappedOutputStream.close(AbstractWrappedOutputStream.java:77)
> at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
> at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:717)
> at
> org.apache.cxf.transport.http.HttpClientHTTPConduit.close(HttpClientHTTPConduit.java:112)
> at
> org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:63)
> at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:307)
> at
> org.apache.cxf.jaxrs.client.AbstractClient.doRunInterceptorChain(AbstractClient.java:710)
> at
> org.apache.cxf.jaxrs.client.WebClient.doChainedInvocation(WebClient.java:1086)
> ... 69 common frames omitted
> Caused by: java.io.IOException: java.lang.StackOverflowError
> at
> org.apache.cxf.transport.http.HttpClientHTTPConduit$HttpClientWrappedOutputStream.getResponse(HttpClientHTTPConduit.java:590)
> at
> org.apache.cxf.transport.http.HttpClientHTTPConduit$HttpClientWrappedOutputStream.getResponseCode(HttpClientHTTPConduit.java:601)
> at
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.doProcessResponseCode(HTTPConduit.java:1653)
> at
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:1684)
> at
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:1626)
> at
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1420)
> ... 77 common frames omitted
> Caused by: java.lang.StackOverflowError: null
> at
> org.apache.cxf.transport.https.SSLUtils$SSLEngineWrapper.getHandshakeSession(SSLUtils.java:307)
> at
> org.apache.cxf.transport.https.SSLUtils$SSLEngineWrapper.getHandshakeSession(SSLUtils.java:307)
> at
> org.apache.cxf.transport.https.SSLUtils$SSLEngineWrapper.getHandshakeSession(SSLUtils.java:307)
> at
> org.apache.cxf.transport.https.SSLUtils$SSLEngineWrapper.getHandshakeSession(SSLUtils.java:307)
> at
> org.apache.cxf.transport.https.SSLUtils$SSLEngineWrapper.getHandshakeSession(SSLUtils.java:307)
> at
> org.apache.cxf.transport.https.SSLUtils$SSLEngineWrapper.getHandshakeSession(SSLUtils.java:307)
> at
> org.apache.cxf.transport.https.SSLUtils$SSLEngineWrapper.getHandshakeSession(SSLUtils.java:307)
> {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
