You are viewing a plain text version of this content. The canonical link for it is here.

Posted to fx-dev@ws.apache.org by Idan Miller <id...@actcom.co.il> on 2005/09/01 02:13:43 UTC

Using WSS4J for signing large XML messages

Hi everyone,

Our project uses web services to transfer XML messages that can be of a very large size (up to 100MB).

Currently, we are using WSE over IIS for verifying the signing for incoming messages. Due to a problem with WSE loading the XML using a DOM Document (probably due to cannonization), combined with memory being held in the large object heap in .NET, we are unable to transfer very large messages, since we simply run out of memory that doesn't get released.

Now that WSS4J is out, we would like to know if this problem will be solved by changing our architecture to use apache axis and WSS4J:

How does WSS4J handle large messages?
Does it use DOM or does it use a reader (SAX) for cannonization?
Also, if it does use DOM, has it been tested for out of memory errors?

p.s. we are using X509 certificates for the signing.

Thanks,
Idan.

Re: Using WSS4J for signing large XML messages

Posted by Idan Miller <id...@actcom.co.il>.

The hardware is a server with 4GB of memory and 2 processors. We would love
for you to test and see if WSS4J handles large messages. We are most
interested in seeing if the memory gets released once the message has done
processing...

Thanks,
Idan.
----- Original Message ----- 
From: "Davanum Srinivas" <da...@gmail.com>
To: "Idan Miller" <id...@actcom.co.il>
Cc: <ws...@ws.apache.org>
Sent: Thursday, September 01, 2005 3:20 AM
Subject: Re: Using WSS4J for signing large XML messages

very interesting...what sort of hardware do you run this on currently?
we haven't tested this large messages. internally yes we use DOM.
Xerces does have some deferred load capabilities, depends on the jvm
performance as well. would be worth our time to try this out and see
if we can help you. let us know. If we see stuff that fails, am
positive we can get it fixed one way or another (since all components
in wss4j are open source as well)

thanks,
dims

On 8/31/05, Idan Miller <id...@actcom.co.il> wrote:
>
> Hi everyone,
>
> Our project uses web services to transfer XML messages that can be of a
very
> large size (up to 100MB).
>
> Currently, we are using WSE over IIS for verifying the signing for
incoming
> messages. Due to a problem with WSE loading the XML using a DOM Document
> (probably due to cannonization), combined with memory being held in the
> large object heap in .NET, we are unable to transfer very large messages,
> since we simply run out of memory that doesn't get released.
>
> Now that WSS4J is out, we would like to know if this problem will be
solved
> by changing our architecture to use apache axis and WSS4J:
>
> How does WSS4J handle large messages?
> Does it use DOM or does it use a reader (SAX) for cannonization?
> Also, if it does use DOM, has it been tested for out of memory errors?
>
> p.s. we are using X509 certificates for the signing.
>
> Thanks,
> Idan.

-- 
Davanum Srinivas : http://wso2.com/ - Oxygenating The Web Service Platform

---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org

Re: Using WSS4J for signing large XML messages - crosspost to XML-SEC

Posted by Werner Dittmann <We...@t-online.de>.

I would doubt if WSS4J works with this type of messages. We use
DOM, XML-SEC uses DOM, and Xalan uses DOM too. Also during the
processing of the message there is a need to perform cannonicalization.
IMHO, the current c14n implementation requires to have the
full document as DOM in memory.

I'm not a specialist in c14, but I can imagine that some c14n
algorithms are not possible without having the doc in memory. I'm sure
the c14n-insiders can answer this question.

I crosspost this the the XML-SEC mailing list, because this is
mainly a problem of security handling.

Regards,
Werner

Davanum Srinivas wrote:
> very interesting...what sort of hardware do you run this on currently?
> we haven't tested this large messages. internally yes we use DOM.
> Xerces does have some deferred load capabilities, depends on the jvm
> performance as well. would be worth our time to try this out and see
> if we can help you. let us know. If we see stuff that fails, am
> positive we can get it fixed one way or another (since all components
> in wss4j are open source as well)
> 
> thanks,
> dims
> 
> On 8/31/05, Idan Miller <id...@actcom.co.il> wrote:
> 
>> 
>>Hi everyone, 
>>  
>>Our project uses web services to transfer XML messages that can be of a very
>>large size (up to 100MB). 
>>  
>>Currently, we are using WSE over IIS for verifying the signing for incoming
>>messages. Due to a problem with WSE loading the XML using a DOM Document
>>(probably due to cannonization), combined with memory being held in the
>>large object heap in .NET, we are unable to transfer very large messages,
>>since we simply run out of memory that doesn't get released. 
>>  
>>Now that WSS4J is out, we would like to know if this problem will be solved
>>by changing our architecture to use apache axis and WSS4J: 
>>  
>>How does WSS4J handle large messages? 
>>Does it use DOM or does it use a reader (SAX) for cannonization? 
>>Also, if it does use DOM, has it been tested for out of memory errors? 
>>  
>>p.s. we are using X509 certificates for the signing. 
>>  
>>Thanks, 
>>Idan. 
> 
> 
>

Re: Using WSS4J for signing large XML messages - crosspost to XML-SEC

Posted by Werner Dittmann <We...@t-online.de>.

I would doubt if WSS4J works with this type of messages. We use
DOM, XML-SEC uses DOM, and Xalan uses DOM too. Also during the
processing of the message there is a need to perform cannonicalization.
IMHO, the current c14n implementation requires to have the
full document as DOM in memory.

I'm not a specialist in c14, but I can imagine that some c14n
algorithms are not possible without having the doc in memory. I'm sure
the c14n-insiders can answer this question.

I crosspost this the the XML-SEC mailing list, because this is
mainly a problem of security handling.

Regards,
Werner

Davanum Srinivas wrote:
> very interesting...what sort of hardware do you run this on currently?
> we haven't tested this large messages. internally yes we use DOM.
> Xerces does have some deferred load capabilities, depends on the jvm
> performance as well. would be worth our time to try this out and see
> if we can help you. let us know. If we see stuff that fails, am
> positive we can get it fixed one way or another (since all components
> in wss4j are open source as well)
> 
> thanks,
> dims
> 
> On 8/31/05, Idan Miller <id...@actcom.co.il> wrote:
> 
>> 
>>Hi everyone, 
>>  
>>Our project uses web services to transfer XML messages that can be of a very
>>large size (up to 100MB). 
>>  
>>Currently, we are using WSE over IIS for verifying the signing for incoming
>>messages. Due to a problem with WSE loading the XML using a DOM Document
>>(probably due to cannonization), combined with memory being held in the
>>large object heap in .NET, we are unable to transfer very large messages,
>>since we simply run out of memory that doesn't get released. 
>>  
>>Now that WSS4J is out, we would like to know if this problem will be solved
>>by changing our architecture to use apache axis and WSS4J: 
>>  
>>How does WSS4J handle large messages? 
>>Does it use DOM or does it use a reader (SAX) for cannonization? 
>>Also, if it does use DOM, has it been tested for out of memory errors? 
>>  
>>p.s. we are using X509 certificates for the signing. 
>>  
>>Thanks, 
>>Idan. 
> 
> 
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org

Re: Using WSS4J for signing large XML messages - crosspost to XML-SEC

Posted by Werner Dittmann <We...@t-online.de>.

I would doubt if WSS4J works with this type of messages. We use
DOM, XML-SEC uses DOM, and Xalan uses DOM too. Also during the
processing of the message there is a need to perform cannonicalization.
IMHO, the current c14n implementation requires to have the
full document as DOM in memory.

I'm not a specialist in c14, but I can imagine that some c14n
algorithms are not possible without having the doc in memory. I'm sure
the c14n-insiders can answer this question.

I crosspost this the the XML-SEC mailing list, because this is
mainly a problem of security handling.

Regards,
Werner

Davanum Srinivas wrote:
> very interesting...what sort of hardware do you run this on currently?
> we haven't tested this large messages. internally yes we use DOM.
> Xerces does have some deferred load capabilities, depends on the jvm
> performance as well. would be worth our time to try this out and see
> if we can help you. let us know. If we see stuff that fails, am
> positive we can get it fixed one way or another (since all components
> in wss4j are open source as well)
> 
> thanks,
> dims
> 
> On 8/31/05, Idan Miller <id...@actcom.co.il> wrote:
> 
>> 
>>Hi everyone, 
>>  
>>Our project uses web services to transfer XML messages that can be of a very
>>large size (up to 100MB). 
>>  
>>Currently, we are using WSE over IIS for verifying the signing for incoming
>>messages. Due to a problem with WSE loading the XML using a DOM Document
>>(probably due to cannonization), combined with memory being held in the
>>large object heap in .NET, we are unable to transfer very large messages,
>>since we simply run out of memory that doesn't get released. 
>>  
>>Now that WSS4J is out, we would like to know if this problem will be solved
>>by changing our architecture to use apache axis and WSS4J: 
>>  
>>How does WSS4J handle large messages? 
>>Does it use DOM or does it use a reader (SAX) for cannonization? 
>>Also, if it does use DOM, has it been tested for out of memory errors? 
>>  
>>p.s. we are using X509 certificates for the signing. 
>>  
>>Thanks, 
>>Idan. 
> 
> 
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org

Re: Using WSS4J for signing large XML messages

Posted by Idan Miller <id...@actcom.co.il>.

The hardware is a server with 4GB of memory and 2 processors. We would love
for you to test and see if WSS4J handles large messages. We are most
interested in seeing if the memory gets released once the message has done
processing...

Thanks,
Idan.
----- Original Message ----- 
From: "Davanum Srinivas" <da...@gmail.com>
To: "Idan Miller" <id...@actcom.co.il>
Cc: <ws...@ws.apache.org>
Sent: Thursday, September 01, 2005 3:20 AM
Subject: Re: Using WSS4J for signing large XML messages

very interesting...what sort of hardware do you run this on currently?
we haven't tested this large messages. internally yes we use DOM.
Xerces does have some deferred load capabilities, depends on the jvm
performance as well. would be worth our time to try this out and see
if we can help you. let us know. If we see stuff that fails, am
positive we can get it fixed one way or another (since all components
in wss4j are open source as well)

thanks,
dims

On 8/31/05, Idan Miller <id...@actcom.co.il> wrote:
>
> Hi everyone,
>
> Our project uses web services to transfer XML messages that can be of a
very
> large size (up to 100MB).
>
> Currently, we are using WSE over IIS for verifying the signing for
incoming
> messages. Due to a problem with WSE loading the XML using a DOM Document
> (probably due to cannonization), combined with memory being held in the
> large object heap in .NET, we are unable to transfer very large messages,
> since we simply run out of memory that doesn't get released.
>
> Now that WSS4J is out, we would like to know if this problem will be
solved
> by changing our architecture to use apache axis and WSS4J:
>
> How does WSS4J handle large messages?
> Does it use DOM or does it use a reader (SAX) for cannonization?
> Also, if it does use DOM, has it been tested for out of memory errors?
>
> p.s. we are using X509 certificates for the signing.
>
> Thanks,
> Idan.

-- 
Davanum Srinivas : http://wso2.com/ - Oxygenating The Web Service Platform

---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org

Re: Using WSS4J for signing large XML messages

Posted by Davanum Srinivas <da...@gmail.com>.

very interesting...what sort of hardware do you run this on currently?
we haven't tested this large messages. internally yes we use DOM.
Xerces does have some deferred load capabilities, depends on the jvm
performance as well. would be worth our time to try this out and see
if we can help you. let us know. If we see stuff that fails, am
positive we can get it fixed one way or another (since all components
in wss4j are open source as well)

thanks,
dims

On 8/31/05, Idan Miller <id...@actcom.co.il> wrote:
>  
> Hi everyone, 
>   
> Our project uses web services to transfer XML messages that can be of a very
> large size (up to 100MB). 
>   
> Currently, we are using WSE over IIS for verifying the signing for incoming
> messages. Due to a problem with WSE loading the XML using a DOM Document
> (probably due to cannonization), combined with memory being held in the
> large object heap in .NET, we are unable to transfer very large messages,
> since we simply run out of memory that doesn't get released. 
>   
> Now that WSS4J is out, we would like to know if this problem will be solved
> by changing our architecture to use apache axis and WSS4J: 
>   
> How does WSS4J handle large messages? 
> Does it use DOM or does it use a reader (SAX) for cannonization? 
> Also, if it does use DOM, has it been tested for out of memory errors? 
>   
> p.s. we are using X509 certificates for the signing. 
>   
> Thanks, 
> Idan. 


-- 
Davanum Srinivas : http://wso2.com/ - Oxygenating The Web Service Platform

---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org

Re: Using WSS4J for signing large XML messages

Posted by Davanum Srinivas <da...@gmail.com>.

very interesting...what sort of hardware do you run this on currently?
we haven't tested this large messages. internally yes we use DOM.
Xerces does have some deferred load capabilities, depends on the jvm
performance as well. would be worth our time to try this out and see
if we can help you. let us know. If we see stuff that fails, am
positive we can get it fixed one way or another (since all components
in wss4j are open source as well)

thanks,
dims

On 8/31/05, Idan Miller <id...@actcom.co.il> wrote:
>  
> Hi everyone, 
>   
> Our project uses web services to transfer XML messages that can be of a very
> large size (up to 100MB). 
>   
> Currently, we are using WSE over IIS for verifying the signing for incoming
> messages. Due to a problem with WSE loading the XML using a DOM Document
> (probably due to cannonization), combined with memory being held in the
> large object heap in .NET, we are unable to transfer very large messages,
> since we simply run out of memory that doesn't get released. 
>   
> Now that WSS4J is out, we would like to know if this problem will be solved
> by changing our architecture to use apache axis and WSS4J: 
>   
> How does WSS4J handle large messages? 
> Does it use DOM or does it use a reader (SAX) for cannonization? 
> Also, if it does use DOM, has it been tested for out of memory errors? 
>   
> p.s. we are using X509 certificates for the signing. 
>   
> Thanks, 
> Idan. 


-- 
Davanum Srinivas : http://wso2.com/ - Oxygenating The Web Service Platform

---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org