Are you building Apache XML-Security from source or using one of the binary releases? I pushed a fix back which has a huge performance gain a while back but unfortunately there is no binary yet - you'll have to build the source yourself to pick up the fix. See:
http://nagoya.apache.org/eyebrowse/[EMAIL PROTECTED]&msgNo=1497
for further details on the fix.
I also have another performance-related fix but I am currently testing it some more before I push it back.
--Sean
Anderson Jonathan wrote:
We're using Apache's WSS4J, which uses XML-Security under the covers. We're seeing similar orders of magnitude.
Also, just FYI - there is an XML-Users mailing list in addition to the XML-Dev list. I know the XML-Dev guys like to keep the user traffic down. :)
-Jon
-----Original Message----- From: Erwin van der Koogh [mailto:[EMAIL PROTECTED] Sent: Friday, February 27, 2004 10:57 AM To: [EMAIL PROTECTED] Subject: Re: Using XML security slows down the Axis Call
But I am very much worried about the PERFORMANCE. After "org.apache.xml.security.Init.init()" of xml security is called (during authentication), calling Call.invoke method takes more time. The difference is in the order of multiples of 5.
Verifying signatures is a very expensive operation.. Back in the days when we were extremely serious about performance it could take up to a second on a P100 and that was just the verify.. With XML-DSig there's a whole bunch of extra parsing and verification to be done, slowing it down even more. Of course computers are a lot more powerful, but I think they pretty much keep up :)
Have any of you faced this problem? Why org.apache.xml.security.Init.init() slows down the Call.invoke()
Is the performance really Init.init()? Cause that might take a while, but that should only be one once. Subsequent calls to this method should return instantly.
Erwin
