Hi, We've rolled our own specialized WS-Security in-interceptor (implementing PhaseInterceptor) to integrate with our single sign-on system.
This is all nice, except that this interceptor seems to add quite an overhead to our web services. The interceptor operates in the UNMARSHAL phase and specifies its placement in the PhaseInterceptorChain to be AFTER a SAAJInInterceptor and an RPCInInterceptor. It uses the SAAJInInterceptor's SOAPMessage to read the WS-Security headers, and the RPCInInterceptor is used for improved fault handling. I haven't done any real profiling on it yet (shame on me), but I'm thinking that maybe the SAAJInInterceptor is one of bad guys, performance wise, and we've discusses if we should read the wss headers with stax instead. I wonder if you have any performance tips, or other ideas that might help improve this setup? -- Venlig hilsen / Kind regards, Christian Vest Hansen.
