[ http://issues.apache.org/jira/browse/WSS-28?page=comments#action_12360523 ]
Werner Dittmann commented on WSS-28: ------------------------------------ Usually this is not possible. Several reasons for this: WSS4J uses other libraries such as xml-sex and Xalan to perform its jobs such as Signature creation and verification. These libs are based on DOM. Also WSS4J often requires to create or delete elements, not only during encryption but also during STR transform. Thus it would be quite an effort to switch to StAX. The overall gain would also not be thus big because most of the time required to to security processing is consumed by the signature and encryption algorithms (PKI, etc). > WSS4J & StaX > ------------ > > Key: WSS-28 > URL: http://issues.apache.org/jira/browse/WSS-28 > Project: WSS4J > Type: Improvement > Environment: Any > Reporter: Kevin Fung > Assignee: Davanum Srinivas > > Currently WSSecurityEngine uses DOM API in the processSecurityHeader() > function. Can it also support StAX API? > There are many WS-Security scenarios (e.g. signature action only) that only > the SOAP header needs to be processed or minimal portion of the SOAP body > needs to be processed. In these scenarios, parsing the entire SOAP envelope > into a DOM before the WSSecurityEngine is used seems to incur unecessary > overhead, especially when the SOAP body is large. Since the SOAP header for > WS-Security is well defined, StAX API can be very efficiently used to process > only the WS-Security related elements. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
