XML Validation in configuration parsing code with XMLSchema: Best Practices? (Java)

views:

147

answers:

XML Validation in configuration parsing code with XMLSchema: Best Practices? (Java)

Hi everyone!

I have to parse a XML configuration file. I decided to do the basic validation with XMLSchema to avoid massive amounts of boilerplate code for validation. Since the parsing class should work for itself i was wondering: "How can i validate the incoming XML file with XMLSchema without having the XMLSchema stored on disc where it can be modified by third parties?" I know i can load the XMLSchema from an arbitrary InputStream, but the Schema itself must be stored somewhere. (And putting the Schema in a huge String object sounds like a very very bad idea) Has someone already did this? What are the best solution for such cases?

Have a nice start of the week!

+1 A:

Put it on a public website.

Kees de Kooter 2009-06-08 10:47:56

If you take this approach, you should also consider retrieving the remote schema content over an HTTPS connection to preclude further tampering or trickery. The same applies for any schemas that your schema imports.

DavidValeri 2009-06-08 12:02:40

Could stick it in a DB. I know Oracle has some sort of support for XMLSchemas.

Karl

Karl 2009-06-08 11:02:20

+2 A:

I would place it in your deployment alongside the appropriate classes. Load it using

ClassLoader.getResourceAsStream()

If you're really worried about someone modifying this schema, why not deploy in a .jar file and then sign the .jar file ? That way you can ensure nobody will tamper with it, and you don't have to rely on third-party infrastructures, storing it remotely etc.

Brian Agnew 2009-06-08 11:13:39

ansaurus

tags:

views:

answers:

XML Validation in configuration parsing code with XMLSchema: Best Practices? (Java)

related questions