svn commit: r1568321 - in /webservices/wss4j/site/src/site/xdoc: migration.xml streaming.xml user_guide.xml

[co...@apache.org]

Author: coheigea
Date: Fri Feb 14 14:43:19 2014
New Revision: 1568321

URL: http://svn.apache.org/r1568321
Log:
Adding some information about migrating to use the new streaming code

Added:
    webservices/wss4j/site/src/site/xdoc/streaming.xml
Modified:
    webservices/wss4j/site/src/site/xdoc/migration.xml
    webservices/wss4j/site/src/site/xdoc/user_guide.xml

Modified: webservices/wss4j/site/src/site/xdoc/migration.xml
URL: http://svn.apache.org/viewvc/webservices/wss4j/site/src/site/xdoc/migration.xml?rev=1568321&r1=1568320&r2=1568321&view=diff
==============================================================================
--- webservices/wss4j/site/src/site/xdoc/migration.xml (original)
+++ webservices/wss4j/site/src/site/xdoc/migration.xml Fri Feb 14 14:43:19 2014
@@ -6,6 +6,39 @@
 This page is a migration guide for helping Apache WSS4J 1.6.X users to migrate
 to the 2.0.X releases.
 </p>
+<subsection name="Migrating to using the streaming (StAX) code">
+<p>
+WSS4J 2.0.0 introduces a streaming (StAX-based) WS-Security implementation to
+complement the existing DOM-based implementation. The DOM-based implementation
+is quite performant and flexible, but having to read the entire request into
+memory carries performance penalties. The StAX-based code offers largely the
+same functionality as that available as part of the DOM code, and is
+configured in mostly the same way (via configuration tags that are shared
+between both stacks). 
+</p>
+<p>
+As of the time of writing, Apache CXF is the only web services stack to 
+integrate the new WS-Security streaming functionality. To switch to use the
+streaming code for the manual "Action" based approach, simply change the
+outbound and inbound interceptors as follows:
+</p>
+<ul>
+<li>"org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor" to
+"org.apache.cxf.ws.security.wss4j.WSS4JStaxOutInterceptor".</li>
+<li>"org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor" to
+"org.apache.cxf.ws.security.wss4j.WSS4JStaxInInterceptor".</li>
+</ul>
+<p>
+For the WS-SecurityPolicy based approach of configuring WS-Security, simply
+set the JAX-WS property SecurityConstants.ENABLE_STREAMING_SECURITY
+("ws-security.enable.streaming") to "true".
+</p>
+<p>
+For more information on the streaming functionality available in WSS4J 2.0.0, 
+please see the <a href="streaming.html">streaming documentation</a> page.
+</p>
+</subsection>
+
 <subsection name="Crypto/CallbackHandler changes">
 <p>
 Typically, a user configures Signature and Encryption keys via a Crypto

Added: webservices/wss4j/site/src/site/xdoc/streaming.xml
URL: http://svn.apache.org/viewvc/webservices/wss4j/site/src/site/xdoc/streaming.xml?rev=1568321&view=auto
==============================================================================
--- webservices/wss4j/site/src/site/xdoc/streaming.xml (added)
+++ webservices/wss4j/site/src/site/xdoc/streaming.xml Fri Feb 14 14:43:19 2014
@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<document>
+<body>
+<section name="Streaming (StAX) WS-Security support in Apache WSS4J 2.0.0">
+
+<subsection name="Overview of new features">
+<p>
+WSS4J 2.0.0 introduces a streaming (StAX-based) WS-Security implementation to
+complement the existing DOM-based implementation. The DOM-based implementation
+is quite performant and flexible, but suffers from having to read the entire
+XML tree into memory. For large SOAP requests this can have a detrimental
+impact on performance. In addition, for web services stacks such as Apache CXF
+which are streaming-based, it carries an additional performance penalty of
+having to explicitly convert the request stream to a DOM Element.
+</p>
+<p>
+The new StAX-based WS-Security implementation does not read the request into
+memory, and hence uses far less memory for large requests. It is also more
+performant in certain circumstances. The StAX-based code offers largely the
+same functionality as that available as part of the DOM code, and is
+configured in mostly the same way (via configuration tags that are shared
+between both stacks). It does not offer the low-level API available in the DOM
+code to individually construct various WS-Security tokens, but instead must be
+used by specifying various actions to perform.
+</p>
+<p>
+As of the time of writing, Apache CXF is the only web services stack to 
+integrate the new WS-Security streaming functionality. To switch to use the
+streaming code for the manual "Action" based approach, simply change the
+outbound and inbound interceptors as follows:
+</p>
+<ul>
+<li>"org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor" to
+"org.apache.cxf.ws.security.wss4j.WSS4JStaxOutInterceptor".</li>
+<li>"org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor" to
+"org.apache.cxf.ws.security.wss4j.WSS4JStaxInInterceptor".</li>
+</ul>
+<p>
+For the WS-SecurityPolicy based approach of configuring WS-Security, simply
+set the JAX-WS property SecurityConstants.ENABLE_STREAMING_SECURITY
+("ws-security.enable.streaming") to "true".
+</p>
+</subsection>
+
+</section>            
+</body>
+</document>

Modified: webservices/wss4j/site/src/site/xdoc/user_guide.xml
URL: http://svn.apache.org/viewvc/webservices/wss4j/site/src/site/xdoc/user_guide.xml?rev=1568321&r1=1568320&r2=1568321&view=diff
==============================================================================
--- webservices/wss4j/site/src/site/xdoc/user_guide.xml (original)
+++ webservices/wss4j/site/src/site/xdoc/user_guide.xml Fri Feb 14 14:43:19 2014
@@ -10,6 +10,7 @@ by WSS4J and how to configure it.
 <li><a href="using.html">Using Apache WSS4J</a></li>
 <li><a href="config.html">WSS4J Configuration</a></li>
 <li><a href="topics.html">Special Topics</a></li>
+<li><a href="streaming.html">Streaming WS-Security support</a></li>
 <li><a href="migration.html">WSS4J 2.0.0 Migration Guide</a></li>
 <li><a href="wss4j16.html">WSS4J 1.6.0 Migration Guide</a></li>
 <li><a href="best_practice.html">Security Best Practices</a></li>