Its not straightforward as you need to canonicalize the document. I *think* this requires you to load it all into memory as things need to be reordered.
However, it might be possible to canonicalize & verify signatures on the fly. Such a thing would make a very interesting project. Unfortunately, I'm clear out of time for such a thing. Anyone else up for digging into it? ;-) - Dan On 3/14/07, Andrey Utis <[EMAIL PROTECTED]> wrote:
Yeah, that's what I figured. Are there any plans to update WSS4J to use StAX directly? *Tomek Sztelak <[EMAIL PROTECTED]>* wrote: I don't think you can do much about it. WSS4J used as WS-Sec implementation needs XML data in DOM format so flow looks like : StAX -> DOM -> SIGN ->(DOM) -> StAX. Operations on DOM are slow, so every request must takes more time. But the difference in time isn't so big in "normal" environment where business logic takes time and data send over the wire is bigger. I did some tests of different aspects of ws-sec and i got "only" 2 or 3 times worse result then plain call. On 3/14/07, Andrey Utis wrote: > Some of you may be interested in these performance stats that I collected. > > My setup: > Web Service client and server: XFire 1.2.4 with JiBX binding, both on > localhost (Pentium 4, 2.8Ghz, 1GB memory) > Web server: Tomcat 5.0 > JRE: Sun 1.4.2_13 > > The web service request contains just a couple fields, populated by > constants. The response also contains just a couple fields, also constants > (so no logic is executed). > > When I invoke the service 100000 times without any security, it takes an > average of 5 milliseconds per call. > > When I sign the request only, and invoke this service 10000 times, it takes > an average of 40 milliseconds per call. I used a self-signed cert and > BouncyCastle provider. > > Does anyone know a way to improve the performance of the request signature > process? Or is this pretty much consistent with the norm? > > Thanks > > Andrey > > ________________________________ > Sucker-punch spam with award-winning protection. > Try the free Yahoo! Mail Beta. > > -- ----- When one of our products stops working, we'll blame another vendor within 24 hours. --------------------------------------------------------------------- To unsubscribe from this list please visit: http://xircles.codehaus.org/manage_email ------------------------------ Get your own web address.<http://us.rd.yahoo.com/evt=49678/*http://smallbusiness.yahoo.com/domains/?p=BESTDEAL> Have a HUGE year through Yahoo! Small Business.
-- Dan Diephouse Envoi Solutions http://envoisolutions.com | http://netzooid.com/blog
