Raul, Unfortunately, this means we will need changes to wss4j to use your code in the bug report. Right?
-- dims On Fri, 25 Mar 2005 22:34:59 +0100, Raul Benito <[EMAIL PROTECTED]> wrote: > Depending the structure of signature you can try this > patch(http://issues.apache.org/bugzilla/show_bug.cgi?id=32657) > It Is a single pass sax verification, I have manage to verify 100MB > XML files with just 10MB of footprint. But it only works with some > kind of signatures out of the box(but it can be adapted to other > types),. > I have submitted a proposal to ApacheCon Europe about this > subject(speed and memory considerations in xml digital signatures, but > it also includes sax parsing). If it is admitted I will post the > material that I will do here.(If not i will do it also but it will > take longer ;( ) > > Regards, > > Raul > > On Fri, 25 Mar 2005 10:57:39 +0100, Yves Langisch <[EMAIL PROTECTED]> wrote: > > All, > > > > Are there any hints from the XML-security side? > > > > Thanks > > Yves > > > > -----Original Message----- > > From: Werner Dittmann [mailto:[EMAIL PROTECTED] > > Sent: Freitag, 25. M�rz 2005 09:24 > > To: Yves Langisch > > Cc: [EMAIL PROTECTED]; [email protected]; [EMAIL PROTECTED] > > Subject: Re: Signing huge SOAP requests > > > > Yves, > > > > looking at this it seems that this is not a problem of WSS4J but of the > > underlying XML security lib. WSS4J delegates the whole signature processing > > to xmlsec lib. > > > > Maybe you can copy your problem to the xmlsec mailing list? AFAIK there were > > some discussions about signing very large objects on this list some time > > ago. > > > > Regards, > > Werner > > > > Yves Langisch schrieb: > > > > >Not at all! > > > > > >We really have huge data to sign. And obviously the in-memory > > >DOM-representation itself is not the problem. With appropriate > > >VM-params I'm able to parse a 100MB file into a DOM-document. The > > >problems start while signing. The memory demand is much higher than > > >during parsing and I'm able to sign "only" a 10MB SOAP request. > > > > > >Are there any streaming/event based (SAX, StAX) security libraries > > >which are able to handle such huge requests (performance has not top > > priority)? > > > > > >Yves > > > > > >-----Original Message----- > > >From: Davanum Srinivas [mailto:[EMAIL PROTECTED] > > >Sent: Donnerstag, 24. M�rz 2005 13:55 > > >To: Yves Langisch > > >Cc: [email protected] > > >Subject: Re: Signing huge SOAP requests > > > > > >You kidding me? that's huge!. problem is that the whole thing needs to > > >be in DOM as xml-security (AND the w3c specs) works on DOM and not > > >streaming/sax stuff. > > > > > >-- dims > > > > > >On Thu, 24 Mar 2005 09:27:50 +0100, Yves Langisch <[EMAIL PROTECTED]> > > wrote: > > > > > > > > >>All, > > >> > > >>Is there anyone having experiences (memory requirements, performance, > > >>...) with signing huge SOAP requests (w/o attachments, body is about > > >>100MB) with WSS4J? > > >> > > >>Thanks > > >>Yves > > >> > > >> > > >> > > >> > > > > > > > > > > > > > > > > > > -- > http://r-bg.com > -- Davanum Srinivas - http://webservices.apache.org/~dims/
