You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-dev@axis.apache.org by Dittmann Werner <we...@siemens.com> on 2004/03/01 09:34:16 UTC

AW: [jira] Created: (AXIS-1243) Usage of XML security (org.apache .xml.security.Init.init()) slows down the performance of Axis Call.invoke

Hi,

IMO this is not an Axis related problem.

During the work for the WS-FX WSS4J project 
we did some timings and performance 
testing. The performance problem is not related to 
Axis or the Axis handler but is inherent in the
xml-security library. There is also an ongoing
discussion on the xml-sec mailing list how to get
better performance.

Regards,
Werner

> -----Ursprüngliche Nachricht-----
> Von: jira@apache.org [mailto:jira@apache.org] 
> Gesendet: Montag, 1. März 2004 08:29
> An: axis-dev@ws.apache.org
> Betreff: [jira] Created: (AXIS-1243) Usage of XML security 
> (org.apache.xml.security.Init.init()) slows down the 
> performance of Axis Call.invoke
> 
> 
> Message:
> 
>   A new issue has been created in JIRA.
> 
> ---------------------------------------------------------------------
> View the issue:
>   http://nagoya.apache.org/jira/secure/ViewIssue.jspa?key=AXIS-1243
> 
> Here is an overview of the issue:
> ---------------------------------------------------------------------
>         Key: AXIS-1243
>     Summary: Usage of XML security 
> (org.apache.xml.security.Init.init()) slows down the 
> performance of Axis Call.invoke
>        Type: Bug
> 
>      Status: Unassigned
>    Priority: Major
> 
>     Project: Axis
>    Versions:
>              1.1
> 
>    Assignee: 
>    Reporter: Ayyappan Gandhirajan
> 
>     Created: Sun, 29 Feb 2004 11:27 PM
>     Updated: Sun, 29 Feb 2004 11:27 PM
> Environment: Windows 2000, Java 1.4, Weblogic 8.1, Axis 1.1, 
> XML security 1.0.5
> 
> Description:
> Basically, I am trying to use Axis and XML security for 
> securing my webservices. XML security is being used to verify 
> the certificate, which was sent by the client. After 
> succesfull verification, AXIS will be used to invoke a 
> particular webservice. I have no problem in getting the above 
> things working. My concern is the PERFORMANCE for multiple 
> clients. After authentication is done, Call.invoke of Axis 
> takes more time than it actually takes. The difference is 
> around 5 times. This seems to be a very critical bug. This 
> happend while running multiple clients.
> 
> The code snippet for certificate verification is given below:
> 
> The handler side
> ----------------
> 	static boolean securityInitialized = false;
> 	public boolean authenticate(String userId, Document 
> requestXMLDoc, X509Certificate userCertFromDB) throws Exception{
> 		//Init
> 		if(!securityInitialized){
> 			Init.init();
> 			securityInitialized = true;
> 		}
> 
> 		//Extract XML signature
> 		
> System.out.println("[AuthenticationHandler::authenticate] 
> Finding XML Signature element in the SOAP XML...");
> 		Element nsctx = 
> requestXMLDoc.createElementNS(null, "nsctx");
> 		nsctx.setAttributeNS(Constants.NamespaceSpecNS, 
> "xmlns:ds", Constants.SignatureSpecNS);
> 
> 		CachedXPathAPI xpath = new CachedXPathAPI();
> 		Element xmlSigElm = null;
> 
> 		try{
> 			xmlSigElm = (Element) 
> xpath.selectSingleNode(requestXMLDoc, "//ds:Signature", nsctx);
> 		}catch(Exception ex){
> 			
> System.out.println("[AuthenticationHandler::authenticate] 
> Error while retrieving Dsig. Reason - "+ex.getMessage());
> 			throw ex;
> 		}
> 
> 		if(xmlSigElm == null){
> 			throw new Exception("The input XML is 
> not signed");
> 		}
> 
> 		XMLSignature xmlSig = new 
> XMLSignature(xmlSigElm, "http://tempuri.org");
> 		
> System.out.println("[AuthenticationHandler::authenticate] XML 
> Signature's Base URI - "+xmlSig.getBaseURI());
> 
> 		//Get certificate
> 		
> System.out.println("[AuthenticationHandler::authenticate] 
> Retrieving certificate from XML signature...");
> 		KeyInfo keyInfo = xmlSig.getKeyInfo();
> 		X509Certificate userCertFromRequest = 
> (X509Certificate)keyInfo.getX509Certificate();
> 
> 		boolean isAuthenticated = false;
> 		
> System.out.println("[AuthenticationHandler::authenticate] 
> Starting certificate verification...");
> 		if(userCertFromRequest.equals(userCertFromDB)){
> 			
> System.out.println("[AuthenticationHandler::authenticate] 
> Checking singature value...");
> 			isAuthenticated = 
> xmlSig.checkSignatureValue(userCertFromRequest.getPublicKey());
> 		}else{
> 			throw new Exception("Invalid user 
> accessing service");
> 		}
> 
> 		return isAuthenticated;
> 	}
> 
> 
> The back end component side
> -----------------------------
> 		Call call = new 
> Call("http://localhost:7001/axis/services/YellowPage");
> 		Object[] values = new Object[]{new Integer(number)};
> 		
> System.out.println("[AuthenticationHandler::invoke] Invoking...");
> 		Object result = call.invoke("", "getName",  values);
> 		
> System.out.println("[AuthenticationHandler::invoke] Result is 
> - "+result);
> 
> 
> 
> ---------------------------------------------------------------------
> JIRA INFORMATION:
> This message is automatically generated by JIRA.
> 
> If you think it was sent incorrectly contact one of the 
> administrators:
>    http://nagoya.apache.org/jira/secure/Administrators.jspa
> 
> If you want more information on JIRA, or have a bug to report see:
>    http://www.atlassian.com/software/jira
>