Workaround for XMLSchema not supporting maxOccurs larger than 5000

C

4

9

My problem is with parsing an XSD Schema that has elements with maxOccurs larger than 5000 (but not unbounded).

This is actually a know issue in either Xerces (which I'm using, version 2.9.1) or JAXP, as described here: https://bugs.java.com/bugdatabase/view_bug;jsessionid=85335466c2c1fc52f0245d20b2e?bug_id=4990915

I already know that if I changed the maxOccurs numbers in my XSD from numbers larger than 5000 to unbounded all works well. Sadly, this is not an option in my case (I cannot meddle with the XSD file).

My question is:

Does someone know some other workaround in Xerces for this issue? Or
Can someone recommend another XML parser that does not have this limitation?

Thanks!

Culinarian answered 20/5, 2013 at 13:49 Comment(4)

That bug report says that the actual limit is 2147483647. – Obeah 20/5, 2013 at 13:54

The exception thrown from parsing method upon loading schema in Xerces clearly states:

FATAL : org.xml.sax.SAXParseException: Current configuration of the parser doesn't allow a maxOccurs attribute value to be set greater than the value 5,000.

– Culinarian 22/5, 2013 at 12:27

Note the words "current configuration" and don't confuse "configuration" with "implementation". – Obeah 22/5, 2013 at 12:35

You're right, it turned out to me a matter of configuration. – Culinarian 22/5, 2013 at 12:38

C

11

I have found a solution that doesn't require changing the parser.

There is a FEATURE_SECURE_PROCESSING feature which puts that 5000 limitation on maxOccurs (along with several others).

And here is the document describing the limitations: http://docs.oracle.com/javase/7/docs/technotes/guides/xml/jaxp/JAXP-Compatibility_160.html#JAXP_security

Culinarian answered 22/5, 2013 at 12:37 Comment(2)

You're right, I updated them. The new version of the second linked article doesn't mention the limit of 5000 anymore (only a limit of 64000 and of something different, I think), but it's been four years, maybe things have changed. – Culinarian 25/5, 2017 at 18:52

Sample code:

SchemaFactory schemaFactory = SchemaFactory.newInstance(XMLConstants.W3C_XML_SCHEMA_NS_URI); schemaFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.FALSE);

– Leenaleeper 5/6, 2020 at 7:59

L

18

I had the same problem. I used this:

System.setProperty("jdk.xml.maxOccurLimit", "XXXXX");

Letter answered 29/10, 2014 at 10:32 Comment(1)

According to docs.oracle.com/javase/tutorial/jaxp/limits/limits.html the property should be jdk.xml.maxOccurLimit, I guess that's why the answer was downvoted. – Remanent 8/10, 2015 at 15:14

C

11

I have found a solution that doesn't require changing the parser.

There is a FEATURE_SECURE_PROCESSING feature which puts that 5000 limitation on maxOccurs (along with several others).

And here is the document describing the limitations: http://docs.oracle.com/javase/7/docs/technotes/guides/xml/jaxp/JAXP-Compatibility_160.html#JAXP_security

Culinarian answered 22/5, 2013 at 12:37 Comment(2)

You're right, I updated them. The new version of the second linked article doesn't mention the limit of 5000 anymore (only a limit of 64000 and of something different, I think), but it's been four years, maybe things have changed. – Culinarian 25/5, 2017 at 18:52

Sample code:

SchemaFactory schemaFactory = SchemaFactory.newInstance(XMLConstants.W3C_XML_SCHEMA_NS_URI); schemaFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.FALSE);

– Leenaleeper 5/6, 2020 at 7:59

K

7

I came across this thread when looking for solutions for this problem when using xjc command in console.

For anyone who is using xjc command to parse xsd, this works for me:

$ xjc -nv foo.xsd

Be aware though:

By default, the XJC binding compiler performs strict validation of the source schema before processing it. Use this option to disable strict schema validation. This does not mean that the binding compiler will not perform any validation, but means that it will perform a less-strict validation.

So if you think your xsd is from a good source, using less strict validation should not be a problem.

Kingsbury answered 24/5, 2017 at 17:37 Comment(1)

I get an error if I use the following code. What could I do? <annotation> <appinfo> <jaxb:globalBindings generateIsSetMethod="true"> <xjc:serializable uid="1"/> </jaxb:globalBindings> </appinfo> </annotation> jaxb:extensionBindingPrefixes) it's not allowed in restricted mode. – Shipboard 7/10, 2020 at 19:15

K

1

If you use Eclipse IDE with the Dali plugin for JAXB you may obtain the aforementioned error in the console.

Such error can be avoided if you uncheck 'Use strict validation' on panel 'Classes Generator Options' when establishing the options for JAXB generation from a XSD file. Such panel is the third one after 'Java Project' and 'Generate classes from Schema'.

Adding the additional argument -nv suggested by @minjun-yu also works. Instead of applying my first suggestion, you can set such argument in the fourth panel labeled 'Classes Generator Extension Configurations'

On parsing data to load the JAXB generated classes, if you are validating against a schema, you still may obtain the SAXException. As pointed by @mzywiol and @marioosh, the exception is avoided setting a special feature on creating the SchemaFactory

    SchemaFactory sf = SchemaFactory.newInstance(XMLConstants.W3C_XML_SCHEMA_NS_URI);
    // Avoid SAXParseException on maxOccurs > 5000 
    sf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, false); 
    
    URL xsdURL = TestParse.class.getResource(xsdLocation);
    Schema schema = sf.newSchema(xsdURL);

    JAXBContext ctx = JAXBContext.newInstance(MyJAXBClass.class.getPackage().getName());

    Unmarshaller unmarshaller = ctx.createUnmarshaller(); 
    unmarshaller.setSchema(schema);

Kermes answered 7/4, 2021 at 14:34 Comment(0)

Recommended topics

Hot tags