You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-dev@axis.apache.org by Dittmann Werner <we...@siemens.com> on 2004/03/01 09:34:16 UTC
AW: [jira] Created: (AXIS-1243) Usage of XML security (org.apache
.xml.security.Init.init()) slows down the performance of Axis Call.invoke
Hi,
IMO this is not an Axis related problem.
During the work for the WS-FX WSS4J project
we did some timings and performance
testing. The performance problem is not related to
Axis or the Axis handler but is inherent in the
xml-security library. There is also an ongoing
discussion on the xml-sec mailing list how to get
better performance.
Regards,
Werner
> -----Ursprüngliche Nachricht-----
> Von: jira@apache.org [mailto:jira@apache.org]
> Gesendet: Montag, 1. März 2004 08:29
> An: axis-dev@ws.apache.org
> Betreff: [jira] Created: (AXIS-1243) Usage of XML security
> (org.apache.xml.security.Init.init()) slows down the
> performance of Axis Call.invoke
>
>
> Message:
>
> A new issue has been created in JIRA.
>
> ---------------------------------------------------------------------
> View the issue:
> http://nagoya.apache.org/jira/secure/ViewIssue.jspa?key=AXIS-1243
>
> Here is an overview of the issue:
> ---------------------------------------------------------------------
> Key: AXIS-1243
> Summary: Usage of XML security
> (org.apache.xml.security.Init.init()) slows down the
> performance of Axis Call.invoke
> Type: Bug
>
> Status: Unassigned
> Priority: Major
>
> Project: Axis
> Versions:
> 1.1
>
> Assignee:
> Reporter: Ayyappan Gandhirajan
>
> Created: Sun, 29 Feb 2004 11:27 PM
> Updated: Sun, 29 Feb 2004 11:27 PM
> Environment: Windows 2000, Java 1.4, Weblogic 8.1, Axis 1.1,
> XML security 1.0.5
>
> Description:
> Basically, I am trying to use Axis and XML security for
> securing my webservices. XML security is being used to verify
> the certificate, which was sent by the client. After
> succesfull verification, AXIS will be used to invoke a
> particular webservice. I have no problem in getting the above
> things working. My concern is the PERFORMANCE for multiple
> clients. After authentication is done, Call.invoke of Axis
> takes more time than it actually takes. The difference is
> around 5 times. This seems to be a very critical bug. This
> happend while running multiple clients.
>
> The code snippet for certificate verification is given below:
>
> The handler side
> ----------------
> static boolean securityInitialized = false;
> public boolean authenticate(String userId, Document
> requestXMLDoc, X509Certificate userCertFromDB) throws Exception{
> //Init
> if(!securityInitialized){
> Init.init();
> securityInitialized = true;
> }
>
> //Extract XML signature
>
> System.out.println("[AuthenticationHandler::authenticate]
> Finding XML Signature element in the SOAP XML...");
> Element nsctx =
> requestXMLDoc.createElementNS(null, "nsctx");
> nsctx.setAttributeNS(Constants.NamespaceSpecNS,
> "xmlns:ds", Constants.SignatureSpecNS);
>
> CachedXPathAPI xpath = new CachedXPathAPI();
> Element xmlSigElm = null;
>
> try{
> xmlSigElm = (Element)
> xpath.selectSingleNode(requestXMLDoc, "//ds:Signature", nsctx);
> }catch(Exception ex){
>
> System.out.println("[AuthenticationHandler::authenticate]
> Error while retrieving Dsig. Reason - "+ex.getMessage());
> throw ex;
> }
>
> if(xmlSigElm == null){
> throw new Exception("The input XML is
> not signed");
> }
>
> XMLSignature xmlSig = new
> XMLSignature(xmlSigElm, "http://tempuri.org");
>
> System.out.println("[AuthenticationHandler::authenticate] XML
> Signature's Base URI - "+xmlSig.getBaseURI());
>
> //Get certificate
>
> System.out.println("[AuthenticationHandler::authenticate]
> Retrieving certificate from XML signature...");
> KeyInfo keyInfo = xmlSig.getKeyInfo();
> X509Certificate userCertFromRequest =
> (X509Certificate)keyInfo.getX509Certificate();
>
> boolean isAuthenticated = false;
>
> System.out.println("[AuthenticationHandler::authenticate]
> Starting certificate verification...");
> if(userCertFromRequest.equals(userCertFromDB)){
>
> System.out.println("[AuthenticationHandler::authenticate]
> Checking singature value...");
> isAuthenticated =
> xmlSig.checkSignatureValue(userCertFromRequest.getPublicKey());
> }else{
> throw new Exception("Invalid user
> accessing service");
> }
>
> return isAuthenticated;
> }
>
>
> The back end component side
> -----------------------------
> Call call = new
> Call("http://localhost:7001/axis/services/YellowPage");
> Object[] values = new Object[]{new Integer(number)};
>
> System.out.println("[AuthenticationHandler::invoke] Invoking...");
> Object result = call.invoke("", "getName", values);
>
> System.out.println("[AuthenticationHandler::invoke] Result is
> - "+result);
>
>
>
> ---------------------------------------------------------------------
> JIRA INFORMATION:
> This message is automatically generated by JIRA.
>
> If you think it was sent incorrectly contact one of the
> administrators:
> http://nagoya.apache.org/jira/secure/Administrators.jspa
>
> If you want more information on JIRA, or have a bug to report see:
> http://www.atlassian.com/software/jira
>