[ http://issues.apache.org/jira/browse/WSS-28?page=comments#action_12360542 ]
Aleksander Slominski commented on WSS-28: ----------------------------------------- it is possible to use streaming however, as Werner noted, not for all cases but only for those cases user will need to pay full price of DOM/in-memory c14 ... in past we have identified streaming cases where WSS4J could use StAX see this paper (it is about C++ bit the same principles apply to Java): Wei Lu, Kenneth Chiu, Aleksander Slominski, and Dennis Gannon. A streaming validation model for soap digital signature. In The 14th IEEE International Symposium on High Performance Distributed Computing (HPDC-14), 2005 - PDF available at http://www.extreme.indiana.edu/labpubs.html however as noted in the paper to take full advantage of streaming it is preferable to do computing of digest for signatures on very low level - on the same level that parsing happens - and the same, i think, would be beneficial for decryption ... for actual signing (and encryption) depending on the representation what is the SOAP message content it may be beneficial to have a specialized XML serializer that will compute digest and stream output to buffer - too bad that SOAP does not have SOAP:Footer as it would be perfect place to put signature values for full streaming (it seems that digest value can only be put in SOAP:Header - not even referenced after/in SOAP:Body?) > WSS4J & StaX > ------------ > > Key: WSS-28 > URL: http://issues.apache.org/jira/browse/WSS-28 > Project: WSS4J > Type: Improvement > Environment: Any > Reporter: Kevin Fung > Assignee: Davanum Srinivas > > Currently WSSecurityEngine uses DOM API in the processSecurityHeader() > function. Can it also support StAX API? > There are many WS-Security scenarios (e.g. signature action only) that only > the SOAP header needs to be processed or minimal portion of the SOAP body > needs to be processed. In these scenarios, parsing the entire SOAP envelope > into a DOM before the WSSecurityEngine is used seems to incur unecessary > overhead, especially when the SOAP body is large. Since the SOAP header for > WS-Security is well defined, StAX API can be very efficiently used to process > only the WS-Security related elements. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
