Depending the structure of signature you can try this patch(http://issues.apache.org/bugzilla/show_bug.cgi?id=32657) It Is a single pass sax verification, I have manage to verify 100MB XML files with just 10MB of footprint. But it only works with some kind of signatures out of the box(but it can be adapted to other types),. I have submitted a proposal to ApacheCon Europe about this subject(speed and memory considerations in xml digital signatures, but it also includes sax parsing). If it is admitted I will post the material that I will do here.(If not i will do it also but it will take longer ;( )
Regards, Raul On Fri, 25 Mar 2005 10:57:39 +0100, Yves Langisch <[EMAIL PROTECTED]> wrote: > All, > > Are there any hints from the XML-security side? > > Thanks > Yves > > -----Original Message----- > From: Werner Dittmann [mailto:[EMAIL PROTECTED] > Sent: Freitag, 25. M�rz 2005 09:24 > To: Yves Langisch > Cc: [EMAIL PROTECTED]; [email protected]; [EMAIL PROTECTED] > Subject: Re: Signing huge SOAP requests > > Yves, > > looking at this it seems that this is not a problem of WSS4J but of the > underlying XML security lib. WSS4J delegates the whole signature processing > to xmlsec lib. > > Maybe you can copy your problem to the xmlsec mailing list? AFAIK there were > some discussions about signing very large objects on this list some time > ago. > > Regards, > Werner > > Yves Langisch schrieb: > > >Not at all! > > > >We really have huge data to sign. And obviously the in-memory > >DOM-representation itself is not the problem. With appropriate > >VM-params I'm able to parse a 100MB file into a DOM-document. The > >problems start while signing. The memory demand is much higher than > >during parsing and I'm able to sign "only" a 10MB SOAP request. > > > >Are there any streaming/event based (SAX, StAX) security libraries > >which are able to handle such huge requests (performance has not top > priority)? > > > >Yves > > > >-----Original Message----- > >From: Davanum Srinivas [mailto:[EMAIL PROTECTED] > >Sent: Donnerstag, 24. M�rz 2005 13:55 > >To: Yves Langisch > >Cc: [email protected] > >Subject: Re: Signing huge SOAP requests > > > >You kidding me? that's huge!. problem is that the whole thing needs to > >be in DOM as xml-security (AND the w3c specs) works on DOM and not > >streaming/sax stuff. > > > >-- dims > > > >On Thu, 24 Mar 2005 09:27:50 +0100, Yves Langisch <[EMAIL PROTECTED]> > wrote: > > > > > >>All, > >> > >>Is there anyone having experiences (memory requirements, performance, > >>...) with signing huge SOAP requests (w/o attachments, body is about > >>100MB) with WSS4J? > >> > >>Thanks > >>Yves > >> > >> > >> > >> > > > > > > > > > > -- http://r-bg.com
