Apache CXF is a mature and heavily used web services stack that supports a wide range of protocols, transports and bindings. Naturally, securing web services is an important topic, and CXF implements a large number of security protocols. However, applying security is notorious for exacting a performance penalty, both in terms of CPU and memory requirements.

This talk will focus on new features of Apache CXF 3.0 to improve performance for various security protocols. CXF 3.0 ships with a new streaming (as opposed to in-memory) WS-Security implementation for securing JAX-WS web services, that delivers dramatic memory improvements for large requests. Improving security performance for signed attachments, as well as for XML-based RESTful services will also be covered. Finally, empirical data will be provided to demonstrate performance improvements.