Raul, in WSS4J we do Signatures. During the Id resolver we call the circumvent method. AFAIK we do not use XPath to select the nodes to sign, just id references. After locating the element to sign the resolver constructs a node set of all nodes to sign. This node set of course includes all nodes (elements, attributes, text, ...).
However, when I disable the call of the circumvent method I get probelms in signature verification. Thus IMHO it is not so easy just to switch off the circumvent method. Thus if we don't use the circumvent method: is it possible that we do not get all required namespace attributes when build the node set? Regards, Werner Raul Benito wrote: > Don't use any xpath transformation. Select what you want to sign with: > > <Reference URI="#whatToSign">..</Reference> > <NodeToBeSigned id="whatToSign">..</NodeToBeSigned> > > In this way , the circumventBug2650 is not called(and other several > optimizations hit). And you can sign bigger documents. > > Using xpath transformation is always one order the magnitude slower. > > You can see some speed considerations form page 12, in this presentation: > http://r-bg.com/images/SecuringXMLDocuments.pdf > > Regards, > > Raul > > On 9/21/05, John Lanier <[EMAIL PROTECTED]> wrote: > >>Hi, >> >>The circumventBug2650 function in XMLUtils takes up a >>significant amount of memory in adding Attributes to >>each node. Is there any effort underway to rewrite >>this in a more memory-friendly way? >> >>I am unable to sign XML documents larger than about >>10MB using the current (1.2.x) code base. (Pentium >>III, 500MB Java heap size). >> >>Any pointers from anybody who worked around this bug >>or managed to sign larger XML docs? >> >>Thanks >>~john >> >> >> >> >>__________________________________ >>Yahoo! Mail - PC Magazine Editors' Choice 2005 >>http://mail.yahoo.com >> > > > > -- > http://r-bg.com >
