Hi Franck, The JAXP Validation API [1] also supports in-memory DOM validation as well as the secure processing feature [2]. You could use this instead of normalizeDocument(). There are samples [3] included in the binary distribution which show how to use it. You could also try upgrading to the latest release (2.9.1) which made significant improvements to the way in which minOccurs/maxOccurs are processed (constant time and memory for many cases) and can probably handle your schema with large maxOccurs.
Thanks. [1] http://xerces.apache.org/xerces2-j/javadocs/api/javax/xml/validation/package-summary.html [2] http://xerces.apache.org/xerces2-j/javadocs/api/javax/xml/XMLConstants.html#FEATURE_SECURE_PROCESSING [3] http://xerces.apache.org/xerces2-j/samples-jaxp.html#SourceValidator Michael Glavassevich XML Parser Development IBM Toronto Lab E-mail: [EMAIL PROTECTED] E-mail: [EMAIL PROTECTED] "Schmidlin, Franck" <[EMAIL PROTECTED]> wrote on 05/28/2008 12:28:29 PM: > Hello everyone. > > I have just spent the day investigating an issue in my application, > without any success, and I'd appreciate any help you good people > could provide me. > > The core of this issue is an XSD schema I got from a third party > which define several elements with large values of maxOccurs (e.g. > 10000), instead of unbounded. > This causes an OutOfMemory exception when validating any documents > against this schema. > > A bit of googling has quickly located several mentions of the JAXP > secure processing feature [1] and SecurityManager class [2]. > > My problem is that I do not apply validation when loading the > document, but much later, using external schemas rather than the > ones listed in the schemaLocation attribute. > To do this, I use the DOM3 normalizeDocument() method [3]. > > Having looked at the code for xerces 2.7.1 (which is my current > version), I cannot find a way to leverage the SecurityManager when > using normalizeDocument(). > As far as I can see, I would either need access to the > ComponentManager, or be able to set or access the DomConfiguration > 'parentSettings'. > I have tried setting the secure processing features when parsing the > document, but by the time I apply normalizeDocument() I cannot see > any SecurityManager. > > Can you think of a way around this problem? Please spare me the > obvious 'change the maxOccurs value' :-) > On the other hand, I would consider any clean alternative to > normalizeDocument() to validate a fully formed DOMDocument. > If necessary I can upgrade my xerces libraries to a supported > version, but I do not want to build my own. > > All help and comments will be gratefully appreciated :-) > > > [1] http://xerces.apache.org/xerces2- > j/javadocs/api/javax/xml/XMLConstants.html#FEATURE_SECURE_PROCESSING > [2] http://xerces.apache.org/xerces2-j/properties.html#security-manager > and http://xerces.apache.org/xerces2- > j/javadocs/xerces2/org/apache/xerces/util/SecurityManager.html > [3] http://xerces.apache.org/xerces2- > j/javadocs/xerces2/org/apache/xerces/dom/CoreDocumentImpl. > html#normalizeDocument() > > Code sample: > > XsdValidator iXsdValidator = new XsdValidator(); > org.w3c.dom.Document document = ...; > org.w3c.dom.DOMConfiguration config = document.getDomConfig(); > config.setParameter("error-handler", iXsdValidator); > config.setParameter("validate", Boolean.TRUE); > config.setParameter("schema-type", http://www.w3.org/2001/XMLSchema); > config.setParameter("schema-location", iXsdValidator.getSchemas()); > document.normalizeDocument(); > with > public class XsdValidator extends org.xml.sax.helpers.DefaultHandler > implements org.w3c.dom.DOMErrorHandler.. > ______________________________ > Franck Schmidlin > Corporate Integration Consultant > Anite Connect Technical Architect > > Anite Public Sector > Transformation > ______________________________ > P Save Paper - Do you really need to print this e-mail?
