Search code examples
springhibernatespring-securitystruts

ConcurrentModificationException after update to Hibernate 5.2.4, Spring 4.3.3 , Struts 2.5.5

I am upgrading the frameworks of an old project. The updates involve several major versions:

  1. Hibernate 3.1 -> 5.2.4
  2. Spring 2.1 -> 4.3.3
  3. Struts 2.1 -> 2.5.5
  4. Spring-Security 2.x -> 4.1.3
  5. Apache Commons Collections 3.2.1 -> 3.2.2 (update to 4.x is possible if needed)

JDK did not suffer any updates, we are using Java 8. Though I believe there was no source code using any Java 8 features before the update.

I was leaning on the compiler and I fixed all the class references, updated DTD for the frameworks, etc.

Finally the project compiles with just a few deprecation wornings and no errors. However as soon as I load the index page, with the login prompt, I get the error below.

There are only 4 classes in the code below that are not part of Spring/Strut/Hibernate, but all they do is to call doFilter on Spring security. Simple delegation. I do not create, return, or iterate over any lists or hashmaps.

Any ideas are appreciated. Full stack trace below. Thank you.

    SEVERE: Servlet.service() for servlet [default] in context with path [/FeedXLWebapp] threw exception
java.util.ConcurrentModificationException
    at java.util.HashMap$HashIterator.nextNode(HashMap.java:1437)
    at java.util.HashMap$KeyIterator.next(HashMap.java:1461)
    at org.apache.commons.collections.iterators.IteratorEnumeration.nextElement(IteratorEnumeration.java:76)
    at java.util.ResourceBundle.handleKeySet(ResourceBundle.java:1854)
    at java.util.ResourceBundle.containsKey(ResourceBundle.java:1807)
    at org.springframework.context.support.ResourceBundleMessageSource.getStringOrNull(ResourceBundleMessageSource.java:291)
    at org.springframework.context.support.ResourceBundleMessageSource.resolveCodeWithoutArguments(ResourceBundleMessageSource.java:131)
    at org.springframework.context.support.AbstractMessageSource.getMessageInternal(AbstractMessageSource.java:218)
    at org.springframework.context.support.AbstractMessageSource.getMessage(AbstractMessageSource.java:136)
    at org.springframework.context.support.AbstractApplicationContext.getMessage(AbstractApplicationContext.java:1249)
    at org.springframework.context.support.MessageSourceAccessor.getMessage(MessageSourceAccessor.java:83)
    at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:84)
    at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:233)
    at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:124)
    at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:91)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
    at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:115)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
    at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
    at au.com.xprime.feedxl.accounts.security.spring.AuthenticationPostProcessingFilter.doFilterHttp(AuthenticationPostProcessingFilter.java:33)
    at au.com.xprime.feedxl.accounts.security.spring.AuthenticationPostProcessingFilter.doFilter(AuthenticationPostProcessingFilter.java:22)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
    at org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.java:150)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
    at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:200)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
    at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:121)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
    at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
    at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214)
    at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:177)
    at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
    at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
    at au.com.xprime.feedxl.accounts.auth.filters.BrowserCheckFilter.doFilter(BrowserCheckFilter.java:32)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
    at au.com.xprime.webapp.filters.ResponseCacheControlFilter.doFilter(ResponseCacheControlFilter.java:102)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
    at org.tuckey.web.filters.urlrewrite.RuleChain.handleRewrite(RuleChain.java:176)
    at org.tuckey.web.filters.urlrewrite.RuleChain.doRules(RuleChain.java:145)
    at org.tuckey.web.filters.urlrewrite.UrlRewriter.processRequest(UrlRewriter.java:92)
    at org.tuckey.web.filters.urlrewrite.UrlRewriteFilter.doFilter(UrlRewriteFilter.java:389)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100)
    at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:953)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1041)
    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:603)
    at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:312)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
    at java.lang.Thread.run(Thread.java:745)
Solution

  • So. I figured this our. The issue was a chained message fetcher class.

    It seems like concurrent modification exception is thrown when you have a collection (like a HashMap) of objects and one of the objects in this collection tries to append new elements to the same collection.