我有以下课程:
package com.somedir.someotherdir;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.xml.XMLConstants;
import javax.xml.transform.stream.StreamSource;
import javax.xml.validation.Schema;
import javax.xml.validation.SchemaFactory;
import javax.xml.validation.Validator;
public class SchemaValidator
{
private static Logger _logger = Logger.getLogger(SchemaValidator.class.getName());
/**
* @param file - the relative path to and the name of the XML file to be validated
* @return true if validation succeeded, false otherwise
*/
public final static boolean validateXML(String file)
{
try
{
SchemaFactory factory = SchemaFactory.newInstance(XMLConstants.W3C_XML_SCHEMA_NS_URI);
Schema schema = factory.newSchema();
Validator validator = schema.newValidator();
validator.validate(new StreamSource(file));
return true;
}
catch (Exception e)
{
_logger.log(Level.WARNING, "SchemaValidator: failed validating " + file + ". Reason: " + e.getMessage(), e);
return false;
}
}
}
我想知道我到底应该使用schema.newValidator("dir/to/schema.xsd")
还是当前版本可以?我读到有一些 DoS 漏洞,也许有人可以提供更多信息?另外,路径必须是绝对的还是相对的?
大多数要验证的 XML 都有自己的 XSD,所以我想阅读 XML 本身中提到的模式 ( xs:noNamespaceSchemaLocation="schemaname.xsd"
)。
仅在启动或手动重新加载(服务器软件)期间进行验证。