Re: Security and JAX-RPC

From: Anne Thomas Manes <anne_at_MANES.NET>
Date: Mon, 17 Jun 2002 09:04:50 -0400


Just to let you know -- the cost of performance of XML encryption will be at
least as expensive as SSL. Encryption is expensive.

The way to do it with JAX-RPC is to use a JAX-RPC handler. You intercept the
call after the message has been composed, encrypt it, then send it. The same
JAX-RPC handler is required on both client and service.


> -----Original Message-----
> From: Public discussion on JAX-RPC
> [mailto:JAXRPC-INTEREST_at_JAVA.SUN.COM]On Behalf Of
> yawningrascal_at_HOTMAIL.COM
> Sent: Monday, June 17, 2002 6:13 AM
> Subject: Security and JAX-RPC
> Hi,
> I want to secure my webservice but I don't want to use SSL
> because of it's cost of performance. So I decided to use XML
> encryption. I read that at JCP an API for that issue is in
> progress. Now I wonder how I could use such an API with JAX-RPC
> because in that case I do not work directly with the XML
> representation. Is there a way to plug in a encryption/decryption
> class into the runtime environment of JAX-RPC? What can I excpect
> from JAX-RPC regarding security today?
> Thanx for advice,
> Mischa