Hi Asankha,
From what I've seen, most of the performance problems with
Axis2/Rampart lay outside of WSS4J. Rampart could certainly do a better
job of optimizing its use of WSS4J - for example by not going through
the overhead of constructing an AXIOM DOM representation of the message
and passing that to WSS4J when the security configuration does not
require any processing on a particular message (such as for the response
message when only using UsernameToken) - but for cases where security
processing is actually needed, Rampart also does not appear to be the
cause of most of the added overhead.
I suspect the problems lie in the Axis2/AXIOM interaction, with
conversions between different forms of the message soaking up a lot of
time (and memory). One of these conversions, the building of an AXIOM
DOM representation, does show up as part of the Rampart timings, but I
suspect there are more conversions going on outside of Rampart once the
message body has to be parsed into a document model. The original Axis
has problems of this type, with repeated conversions between string and
DOM representations of a message which add a lot of overhead.
I'm only working with open source code in my articles, so your products
are not something I'd cover. If you want a better comparison for
WS-Security performance I suggest you try Metro to see how that compares
to your code.
- Dennis
Asankha C. Perera wrote:
Hi Dennis
I looked at WSS4j as a foundation for providing WS-Security support
for the UltraESB, <http://adroitlogic.org> and realized the fact that
its not really optimized for use on an ESB; in addition to a few more
issues I came across. Thus we developed a new library - which is
functionally similar to WSS4J, which performs over 3 X times or better
than WSS4J. However, currently it does not yet ship as a separate
library - although we may decide to do that if there is user interest
and demand.
Here is a comparison of it in use against WS-Security based on
WSS4J/Rampart
http://adroitlogic.org/samples-articles-and-tutorials/15-tutorials/48-esb-performance.html
cheers
asankha
Following up on some earlier discussions of Axis2/Rampart WS-Security
performance, devWorks has now published my latest article in the Java
Web Services series, comparing Axis2/Rampart with Metro WS-Security
performance: http://www.ibm.com/developerworks/java/library/j-jws11/
The results are very bad for Axis2/Rampart, with Metro more than
twice as fast overall in the WS-Security tests.
As mentioned in the article, some timing tests with
org.apache.rampart.TIME logging seemed to indicate that a lot of the
overhead is actually occurring outside the Rampart handler. I suspect
that Axis2 has fallen into the same performance pit as Axis in doing
conversions to and from different forms of the message.
If anyone is interested in investigating further, the full source
code for the performance comparison is available as a download from
the article.
- Dennis
--
Asankha C. Perera
AdroitLogic, http://adroitlogic.org
http://esbmagic.blogspot.com
