karaf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Kulp <dk...@apache.org>
Subject Re: Karaf runs slower in Intel Socx 1000 board.
Date Thu, 18 Dec 2014 14:59:04 GMT

Two things:

1) Cache the JAXBContext.   Creating a JAXBContext is very expensive and slow as it involves
scanning packages, annotations, etc….   Create that once.

2) unmarshalling from an InputStream is also very expensive as it needs to create a SAX Parser
which involves the SPI lookup mechanism as well as several System.getProperties calls which
can kill scalability.   Also note that this opens up the door to various attacks as that SAX
parser is not configured to block various things.


If you can, do something like:

XMLInputFactory factory  =  XMLInputFactory.newInstance(); 
factory.setProperty(XMLInputFactory.IS_NAMESPACE_AWARE, Boolean.TRUE);
factory.setProperty(XMLInputFactory.SUPPORT_DTD, Boolean.FALSE);
factory.setProperty(XMLInputFactory.IS_REPLACING_ENTITY_REFERENCES, Boolean.FALSE);
factory.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, Boolean.FALSE);
factory.setXMLResolver(new XMLResolver() {
            public Object resolveEntity(String publicID, String systemID,
                                        String baseURI, String namespace)
                throws XMLStreamException {
                throw new XMLStreamException("Reading external entities is disabled");
            }
        });
then cache that factory along with your JAXBContext.   Then do:

unmarshaller.unmarshall(factory.createXMLStreamReader(inputStream));


That will perform a ton better and be significantly more secure.    If the factory is the
woodstox factory (which you REALLY should use as it’s much faster than the one built into
the JDK), then also add:

factory.setProperty("com.ctc.wstx.maxAttributesPerElement", maxAttributeCount)
factory.setProperty("com.ctc.wstx.maxAttributeSize", maxAttributeSize)
factory.setProperty("com.ctc.wstx.maxChildrenPerElement", innerElementCountThreshold)
factory.setProperty("com.ctc.wstx.maxElementCount", maxElementCount)
factory.setProperty("com.ctc.wstx.maxElementDepth", innerElementLevelThreshold)
factory.setProperty("com.ctc.wstx.maxCharacters", maxXMLCharacters)
factory.setProperty("com.ctc.wstx.maxTextLength", maxTextLength))

with reasonable values for those settings.   That would prevent a slew of various DOS attacks
as well as can help reduce some of the memory usage.

Dan



> On Dec 18, 2014, at 9:28 AM, R V Ramakrishna <ramakrishna.rv@gmail.com> wrote:
> 
> JB,
> 
> The way we do unmarshalling is 
> 
> JAXBContext jc;
>            jc = JAXBContext.newInstance(Class.forName(resObject
>                    .getClass().getName()));
>            Unmarshaller unmarshaller;
>            unmarshaller = jc.createUnmarshaller();
> 
>            unmarshaller.setSchema(schema);
>            resObject = (Resource) unmarshaller.unmarshal(inputStream);
> 
> We use Java JAXB..not servicemix implementation. Actually the code is not
> written by me, done by some other team and its a huge code. Looking at
> higher level of source i can say this Jaxb unmarshaller has been called in
> many bundles explicitly. Any way that we can get rid of this through some
> configurations. I have sent one more set of test results that I did today
> morning to you, around an hour back.
> 
> Thanks,
> RK
> 
> 
> 
> 
> --
> View this message in context: http://karaf.922171.n3.nabble.com/Karaf-runs-slower-in-Intel-Socx-1000-board-tp4037286p4037303.html
> Sent from the Karaf - Dev mailing list archive at Nabble.com.

-- 
Daniel Kulp
dkulp@apache.org - http://dankulp.com/blog
Talend Community Coder - http://coders.talend.com


Mime
View raw message