On Tue, 2005-09-13 at 08:48 +0200, Werner Dittmann wrote: > > As for DOM centic: yes, you are right. IMHO it is not easy to use > > SAX or pull parsers or other optimizations. Several reasons: > > - during Security processing you often must alter existing elements, > > e.g. in the Body, replace elements, insert new elements > > - The scurity elements need to refer to elements in the Body and > > elsewhere. > > - if you need to sign/encrypt you need the real content and, in case > > of encryption, replace it with the encrypted data. > > - depeding on the order of the security actions to perform you may > > again need to reference / sign these elements > > - last but not least: the libraries WSS4J uses (xml-sec, xalan) are > > also based on DOM. > > > > Many of these things need a "full tree" to be able to navigate inside > > the tree and modify it where needed. > > > > While it may be possible to rewrite WSS4J to use SAX or pull parsers > > it will introduce additional logic to keep track of references, element > > replacements etc. These functions are available in DOM. Thus, IMHO, it > > would not be simpler - maybe even more complex from the WSS4J code point > > of view.
I wonder whether its possible to build XML Security and WSS4J on top of AXIOM directly. That would be great because currently in Axis2 we convert the trees to be able to run WSS4J, which obviously sucks. Sanjiva. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
