-
Dear @phax When we receiving an XML with a large attached file, it takes time to process.
On the other hand, when we receiving an large XML without any attached file, there are no issues.
It seems that the process of signing verification and decryption is taking time... Also, are there any ways to mitigate this issue? We are not actually receiving data as described above. As additional info, Best Regards |
Beta Was this translation helpful? Give feedback.
Replies: 3 comments 12 replies
-
The order of application of the different transformations is:
So it seems like the test file you used was very good compressible (e.g. by repeating a single character a lot of times), which shrunk down the whole transmission size. I have made similar tests locally, with up to 200MB and the WS Security stuff is not the problem. The main issue I faced was the network traffic. Because each message typically passes through load balancers, firewalls, reverse proxies, WAFs and the application server until it reaches your application. Usually this is what takes up the time. The differences between messages with and without attachment is simple. If there is no attachment, the main XML is included into the SOAP Body of the payload, and an "embedded signature" must be calculated. To really test the decryption/encryption time I suggest you build a scenario that is sending from localhost to localhost, so that network traffic can be excluded. Then you can also easily play around with compression on/off etc. hth, Philip |
Beta Was this translation helpful? Give feedback.
-
Hi @phax, We encountered something related to this discussion recently. In our production endpoint, we noticed the So we did an investigation and found out there is a correlation between the attachment size and this issue. To irradicate the network factor we tested sending AS4 messages with various attachment sizes in a locally hosted client and server setup. It took just 3 seconds for an as4 message with a single XML attachment to deliver, while for an as4 message with 30MB pdf attachments, it took 2 min 30 seconds causing the client to timeout. We tried to figure out from where the extra time consumption happened when debugging and it was the following method trace.
we tried using a local machine with lesser RAM and it took more than 2 min and 30 seconds for the same document to resolve. Can the Signature verification process be the culprit as the trace shows? if so are there any suggestions you could give us to mitigate this issue? |
Beta Was this translation helpful? Give feedback.
-
Hi, We managed to resolve this issue by upgrading the JRE in our deployed instances to |
Beta Was this translation helpful? Give feedback.
Hi,
We managed to resolve this issue by upgrading the JRE in our deployed instances to
JAVA21
. With that change, all the previous signature verifications that took 2-15 minutes are done in a matter of a few seconds. Apparently, the underlying relevant Java security library implementations for signature verification have been optimized with this upgrade. We'll post here if we manage to find anything related to this issue and the solution.