[
https://issues.apache.org/jira/browse/WSS-430?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13631483#comment-13631483
]
Nathan Clement commented on WSS-430:
------------------------------------
Hi Marc,
Thanks for clarifying the streaming functionality.
Since I last posted, I'd re-read the details of the Attachment Content Only
transform and realised that it performs the canonicalisation itself rather than
chaining with another transform. The transform parses the attachment XML
content and calls the existing Canonicalizer. I've attached my version of the
transform in case it's helpful. I've done a quick interoperability test
against Metro, and Metro was able to validate the signature I created against
text/xml, text/plain and application/octet-stream attachments.
Axiom provides the org.apache.axiom.attachments.Attachments class, and the
Axis2 MessageContext has some wrapper methods around this (as well as providing
direct access).
Regarding message size, I've been allowing a 20x factor for DOM memory usage.
Our maximum XML size (in the SOAP part or an attachment) is limited to 20MB by
the standards we're implementing. The documents will have lots of start
elements, but not large text nodes. The structure will be quite repetitive and
some element names are quite long (upwards of 100 characters - we didn't define
this structure ourselves). Messages larger than this must be compressed with
GZIP before transmission (which makes them binary attachments and therefore not
requiring canonicalisation). We were going with 1GB for our server heap space,
but based on what you've said, I might try to get that bumped up to 2GB.
Thanks,
Nathan
> Support for secured SOAP attachments
> ------------------------------------
>
> Key: WSS-430
> URL: https://issues.apache.org/jira/browse/WSS-430
> Project: WSS4J
> Issue Type: New Feature
> Components: WSS4J Core
> Reporter: Marc Giger
> Assignee: Marc Giger
> Priority: Minor
> Attachments: santuario-swa.diff, wss4j-swa.diff
>
>
> The attached patches should serve as a basis for discussions how
> the support for SwA in WSS4j and the integration in
> a SOAP-Stack should look like.
> Some notes to the patch:
> - Applies to the current trunk of santuario and wss4j.
> - The client side demonstrates the DOM approach whereas the server side uses
> the StAX implementation.
> - I've implemented the very basic just to have a working proof-of-concept.
> - Attachments are requested via callback from the soap-stack because
> - of decoupling from soap-stack
> - to support full streaming from network to SIB as far as possible
> - CXF dependencies are just a leftover from V1 and because the
> SecurityInInterceptor is not ported to V2
> - Encryption / Decryption of an attachment is streaming oriented, no
> buffering is done in WSS4J.
> - Signature creation and verification is at the moment buffered in WSS4j but
> the signature-verification can, under some conditions, be streamed as well.
> - To prevent patching of CXF for the prototype the WSS4J Interceptors and
> some dependencies are copied and modified and also included in the patch. The
> santuatio changes are necessary for the StAX impl.
> For DOM all necessary santuario changes are done via reflection or other
> hacks for now.
> Feedback is very welcome and also necessary!
> Thanks,
> Marc
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
