ConcurrentModificationException in WildFly 26.0.1 on Java 17

[Mike Degteariov]

Hello,

We are in the process of upgrade of our platform to Wildfly 26.0.1 and Java 17. During recent load test we noticed that about 0.1% of calls failed due to exception thrown from elytron (see below).  This same instance of WF26 worked fine with Java 8 - I understand this is due to change made in the implementation of HashMap#computeIfAbsent some time around Java9.

Has anyone came across same problem and knows whether workaround exists?

The exception is below, thank you guys in advance!

2022-04-08 15:45:56,562 ERROR [io.undertow.request] (default task-38) UT005023: Exception handling request to /api/rest/service/v2/recentServiceChange: java.util.ConcurrentModificationException    at java.base/java.util.HashMap.computeIfAbsent(HashMap.java:1221)    at org.wildfly.security.elytron-base@1.18.3.Final//org.wildfly.security.authz.MapAttributes.get(MapAttributes.java:322)    at org.wildfly.security.elytron-base@1.18.3.Final//org.wildfly.security.authz.RoleDecoder.lambda$simple$1(RoleDecoder.java:70)    at org.wildfly.security.elytron-base@1.18.3.Final//org.wildfly.security.auth.server.SecurityDomain.mapRoles(SecurityDomain.java:709)    at org.wildfly.security.elytron-base@1.18.3.Final//org.wildfly.security.auth.server.SecurityIdentity.getRoles(SecurityIdentity.java:559)    at org.wildfly.security.elytron-base@1.18.3.Final//org.wildfly.security.auth.server.SecurityDomain.mapPermissions(SecurityDomain.java:731)    at org.wildfly.security.elytron-base@1.18.3.Final//org.wildfly.security.auth.server.SecurityIdentity.<init>(SecurityIdentity.java:98)    at org.wildfly.security.elytron-base@1.18.3.Final//org.wildfly.security.auth.server.ServerAuthenticationContext$NameAssignedState.doAuthorization(ServerAuthenticationContext.java:2024)    at org.wildfly.security.elytron-base@1.18.3.Final//org.wildfly.security.auth.server.ServerAuthenticationContext$NameAssignedState.authorize(ServerAuthenticationContext.java:2053)    at org.wildfly.security.elytron-base@1.18.3.Final//org.wildfly.security.auth.server.ServerAuthenticationContext.authorize(ServerAuthenticationContext.java:517)    at org.wildfly.security.elytron-base@1.18.3.Final//org.wildfly.security.auth.server.ServerAuthenticationContext.authorize(ServerAuthenticationContext.java:497)    at org.wildfly.security.elytron-base@1.18.3.Final//org.wildfly.security.auth.server.ServerAuthenticationContext$1.handleOne(ServerAuthenticationContext.java:901)    at org.wildfly.security.elytron-base@1.18.3.Final//org.wildfly.security.auth.server.ServerAuthenticationContext$1.handle(ServerAuthenticationContext.java:868)    at org.wildfly.security.elytron-base@1.18.3.Final//org.wildfly.security.auth.server.SecurityIdentityServerMechanismFactory$SecurityIdentityCallbackHandler.handle(SecurityIdentityServerMechanismFactory.java:126)    at org.wildfly.security.elytron-base@1.18.3.Final//org.wildfly.security.mechanism.http.UsernamePasswordAuthenticationMechanism.authorize(UsernamePasswordAuthenticationMechanism.java:104)    at org.wildfly.security.elytron-base@1.18.3.Final//org.wildfly.security.http.basic.BasicAuthenticationMechanism.evaluateRequest(BasicAuthenticationMechanism.java:163)    at org.wildfly.security.elytron-base@1.18.3.Final//org.wildfly.security.http.util.SetMechanismInformationMechanismFactory$1.evaluateRequest(SetMechanismInformationMechanismFactory.java:119)    at org.wildfly.security.elytron-base@1.18.3.Final//org.wildfly.security.http.util.SocketAddressCallbackServerMechanismFactory$1.evaluateRequest(SocketAddressCallbackServerMechanismFactory.java:82)    at org.wildfly.security.elytron-base@1.18.3.Final//org.wildfly.security.auth.server.SecurityIdentityServerMechanismFactory$1.evaluateRequest(SecurityIdentityServerMechanismFactory.java:85)    at org.wildfly.security.elytron-base@1.18.3.Final//org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.authenticate(HttpAuthenticator.java:325)    at org.wildfly.security.elytron-base@1.18.3.Final//org.wildfly.security.http.HttpAuthenticator$AuthenticationExchange.access$800(HttpAuthenticator.java:300)    at org.wildfly.security.elytron-base@1.18.3.Final//org.wildfly.security.http.HttpAuthenticator.authenticate(HttpAuthenticator.java:94)    at org.wildfly.security.elytron-web.undertow-server@1.10.1.Final//org.wildfly.elytron.web.undertow.server.SecurityContextImpl.authenticate(SecurityContextImpl.java:107)

[Diana Krepinska]

Hello, this seems to be a bug. If you could create an issue for it in the jira https://issues.redhat.com/projects/ELY/summary that would be great! Thanks a lot!