元数据刷新死锁(spring-security-saml)
Posted
技术标签:
【中文标题】元数据刷新死锁(spring-security-saml)【英文标题】:Metadata refresh deadlock (spring-security-saml) 【发布时间】:2015-07-31 04:43:48 【问题描述】:每隔几天,我们使用 Spring Security SAML 的 Web 应用就会出现死锁。刷新元数据时发生死锁。
我也尝试过从源代码中理解问题所在,但没有成功。
这是来自三个处于死锁状态的线程的堆栈跟踪:
1。 堆栈跟踪 元数据重新加载 [136] (BLOCKED)
org.opensaml.saml2.metadata.provider.AbstractMetadataProvider.initialize line: 402
org.springframework.security.saml.metadata.ExtendedMetadataDelegate.initialize line: 167
org.springframework.security.saml.metadata.MetadataManager.initializeProvider line: 398
org.springframework.security.saml.metadata.MetadataManager.refreshMetadata line: 246
org.springframework.security.saml.metadata.CachingMetadataManager.refreshMetadata line: 86
org.springframework.security.saml.metadata.MetadataManager$RefreshTask.run line: 1027
java.util.TimerThread.mainLoop line: 555
java.util.TimerThread.run line: 505
2。 堆栈跟踪 Timer-5 [135](等待中)
sun.misc.Unsafe.park line: not available [native method]
java.util.concurrent.locks.LockSupport.park line: 186
java.util.concurrent.locks.AbstractQueuedSynchronizer.parkAndCheckInterrupt line: 834
java.util.concurrent.locks.AbstractQueuedSynchronizer.acquireQueued line: 867
java.util.concurrent.locks.AbstractQueuedSynchronizer.acquire line: 1197
java.util.concurrent.locks.ReentrantReadWriteLock$WriteLock.lock line: 945
org.springframework.security.saml.metadata.MetadataManager.setRefreshRequired line: 983
org.springframework.security.saml.metadata.MetadataManager$MetadataProviderObserver.onEvent line: 1047
org.opensaml.saml2.metadata.provider.ChainingMetadataProvider.emitChangeEvent line: 359
org.opensaml.saml2.metadata.provider.ChainingMetadataProvider$ContainedProviderObserver.onEvent line: 371
org.opensaml.saml2.metadata.provider.AbstractObservableMetadataProvider.emitChangeEvent line: 62
org.opensaml.saml2.metadata.provider.AbstractReloadingMetadataProvider.processNonExpiredMetadata line: 427
org.opensaml.saml2.metadata.provider.AbstractReloadingMetadataProvider.processNewMetadata line: 355
org.opensaml.saml2.metadata.provider.AbstractReloadingMetadataProvider.refresh line: 261
org.opensaml.saml2.metadata.provider.AbstractReloadingMetadataProvider$RefreshMetadataTask.run line: 513
java.util.TimerThread.mainLoop line: 555
java.util.TimerThread.run line: 505
3。 堆栈跟踪 http-bio-7020-exec-548 [614](等待中)
sun.misc.Unsafe.park line: not available [native method]
java.util.concurrent.locks.LockSupport.park line: 186
java.util.concurrent.locks.AbstractQueuedSynchronizer.parkAndCheckInterrupt line: 834
java.util.concurrent.locks.AbstractQueuedSynchronizer.doAcquireShared line: 964
java.util.concurrent.locks.AbstractQueuedSynchronizer.acquireShared line: 1282
java.util.concurrent.locks.ReentrantReadWriteLock$ReadLock.lock line: 731
org.springframework.security.saml.metadata.CachingMetadataManager.getFromCacheOrUpdate line: 160
org.springframework.security.saml.metadata.CachingMetadataManager.getEntityDescriptor line: 116
org.springframework.security.saml.context.SAMLContextProviderImpl.populateLocalEntity line: 314
org.springframework.security.saml.context.SAMLContextProviderImpl.populateLocalContext line: 216
org.springframework.security.saml.context.SAMLContextProviderImpl.getLocalAndPeerEntity line: 126
org.springframework.security.saml.SAMLEntryPoint.commence line: 146
org.springframework.security.saml.SAMLEntryPoint.doFilter line: 107
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter line: 342
org.springframework.security.web.FilterChainProxy.doFilterInternal line: 192
org.springframework.security.web.FilterChainProxy.doFilter line: 166
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter line: 342
org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter line: 199
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter line: 342
org.springframework.security.web.authentication.logout.LogoutFilter.doFilter line: 110
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter line: 342
org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal line: 50
org.springframework.web.filter.OncePerRequestFilter.doFilter line: 106
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter line: 342
org.springframework.security.web.session.ConcurrentSessionFilter.doFilter line: 125
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter line: 342
org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter line: 87
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter line: 342
org.springframework.security.saml.metadata.MetadataGeneratorFilter.doFilter line: 87
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter line: 342
org.springframework.security.web.FilterChainProxy.doFilterInternal line: 192
org.springframework.security.web.FilterChainProxy.doFilter line: 160
org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate line: 343
org.springframework.web.filter.DelegatingFilterProxy.doFilter line: 260
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter line: 241
org.apache.catalina.core.ApplicationFilterChain.doFilter line: 208
org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal line: 88
org.springframework.web.filter.OncePerRequestFilter.doFilter line: 106
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter line: 241
org.apache.catalina.core.ApplicationFilterChain.doFilter line: 208
hr.isvu.studomat.web.filter.RequestLoggerFilter.proslijediObraduZahtjeva line: 126
hr.isvu.studomat.web.filter.RequestLoggerFilter.doFilter line: 57
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter line: 241
org.apache.catalina.core.ApplicationFilterChain.doFilter line: 208
org.apache.catalina.core.StandardWrapperValve.invoke line: 220
org.apache.catalina.core.StandardContextValve.invoke line: 122
org.apache.catalina.authenticator.AuthenticatorBase.invoke line: 501
org.apache.catalina.core.StandardHostValve.invoke line: 171
org.apache.catalina.valves.ErrorReportValve.invoke line: 102
org.apache.catalina.valves.AccessLogValve.invoke line: 950
org.apache.catalina.core.StandardEngineValve.invoke line: 116
org.apache.catalina.connector.CoyoteAdapter.service line: 408
org.apache.coyote.http11.AbstractHttp11Processor.process line: 1040
org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process line: 607
org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run line: 314
java.util.concurrent.ThreadPoolExecutor.runWorker line: 1145
java.util.concurrent.ThreadPoolExecutor$Worker.run line: 615
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run line: 61
java.lang.Thread.run line: 722
我们使用:
-
spring-security-saml2-core 1.0.0.RELEASE
org.opensaml.opensaml 2.6.1
这是元数据刷新配置:
...
<!-- IDP Metadata configuration - paths to metadata of IDPs in circle of
trust is here -->
<bean id="metadata"
class="org.springframework.security.saml.metadata.CachingMetadataManager">
<constructor-arg>
<list>
<bean class="org.opensaml.saml2.metadata.provider.HTTPMetadataProvider">
<constructor-arg>
<value>https://www.example.org/saml2/idp/metadata.php</value>
</constructor-arg>
<constructor-arg>
<value type="int">5000</value>
</constructor-arg>
<property name="parserPool" ref="parserPool" />
</bean>
</list>
</constructor-arg>
</bean>
...
我们如何解决这个死锁?
提前致谢, 丹尼斯
【问题讨论】:
【参考方案1】:这是一个有效的问题,我在 Jira 中打开了一个 ticket 并推送了一个 fix to master。 snapshot repo 明天应该会有一个新的版本,你能重新测试一下吗?
【讨论】:
感谢您的修复。下周我会试试,几天后给出反馈。 通过生产中的这个修复,我们在一个多月内没有出现死锁问题。以上是关于元数据刷新死锁(spring-security-saml)的主要内容,如果未能解决你的问题,请参考以下文章
Mysql 死锁过程及案例详解之元数据锁MetaData Lock
Mysql 死锁过程及案例详解之元数据锁MetaData Lock
在 Firebird 脚本中创建表会导致“元数据更新失败”并出现死锁