RE: Xerces-J's experimental support for XML Schema 1.1

2024-03-18 Thread Michael Glavassevich 
Hi Smails,

I would consider the XML Schema 1.1 implementation in Xerces-J to be complete 
and stable now. The experimental phase was during the initial development and 
while the W3C specification was still evolving.

Thanks.

From: Smalis Sklavos 
Sent: Thursday, February 29, 2024 5:49 AM
To: j-users@xerces.apache.org
Subject: [EXTERNAL] Xerces-J's experimental support for XML Schema 1.1

Hello In https: //xerces. apache. org/xerces2-j/releases. html it is written 
that "This release expands on Xerces-J's experimental support for XML Schema 1. 
1 by providing a fully compliant XML Schema 1. 1 implementation. Could you 
please clarify
ZjQcmQRYFpfptBannerStart
This Message Is From an External Sender
This message came from outside your organization.
Report Suspicious  

   ‌
ZjQcmQRYFpfptBannerEnd

Hello
In 
https://xerces.apache.org/xerces2-j/releases.html
 it is written that "This release expands on Xerces-J's experimental support 
for XML Schema 1.1 by providing a fully compliant XML Schema 1.1 
implementation. Could you please clarify if Xerces-J is still in experimental 
phase?

Regards,
Smalis


--

Sklavos Smalis

===

Solution Architect

EUROPEAN DYNAMICS S.A

18 Fragoklissias Str. & 53 Samou Str.

15125 Maroussi, Athens, Greece

Tel.: +30 210 8094500

Skype: ssklavos

LinkedIn: 
https://www.linkedin.com/in/smalis-sklavos-96853659

RE: xerces2-j 2.12.2 release to maven central

2022-01-25 Thread Michael Glavassevich 
Right. That's generally been managed by the wider community throughout its 
history.

Michael Glavassevich
Software Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com
E-mail: mrgla...@apache.org

"Mukul Gandhi"  wrote on 2022-01-25 06:23:01 AM:

> Hi PJ,
>I think, XercesJ committers have never earlier, released the 
> build artifacts to maven central. We follow an ant based build 
> process, and produce standalone downloadable zip archives of our 
> releases (that're available on Xerces download site).
> 
> I guess, someone from community, who has earlier released XercesJ 2.
> 12.1 on maven central, can release the 2.12.2 version as well on 
> maven central.
> 
> On Mon, Jan 24, 2022 at 10:47 PM PJ Fanning 
>  wrote:
> Hi everyone,
> 
> Thanks for the 2.12.2 release. Is there an expected release date for
> the maven artifacts? 
> 
> https://repo1.maven.org/maven2/xerces/xercesImpl/
> 
> https://lists.apache.org/thread/cn7zb160h3p2s5k7dzp1mcr9yd6d5j6l
> 
> Regards,
> PJ
>  
> 
> -- 
> Regards,
> Mukul Gandhi

RE: [request to vote]: Xerces-J 2.12.2 release

2022-01-21 Thread Michael Glavassevich 
Thanks Mukul. Here's my +1.

Michael Glavassevich
Software Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com
E-mail: mrgla...@apache.org

"Mukul Gandhi"  wrote on 2022-01-20 07:54:06 PM:

> Hi Michael,
>I've updated the Xerces-J 2.12.2 release candidate at the same 
> location, with your comments.
> 
> The following are the Xerces-J 2.12.2, release candidate links as 
before,
> 
> [1] https://dist.apache.org/repos/dist/dev/xerces/j/2.12.2/
> [2] http://svn.apache.org/viewvc/xerces/java/tags/Xerces-J_2_12_2/
> [3] http://svn.apache.org/viewvc/xerces/java/tags/Xerces-J_2_12_2-
> xml-schema-1.1/
> [4] https://issues.apache.org/jira/secure/ReleaseNote.jspa?
> projectId=10520=Html=12351257
> [5] https://svn.apache.org/repos/asf/xerces/java/trunk/KEYS,
>  https://svn.apache.org/repos/asf/xerces/java/branches/xml-
> schema-1.1-dev/KEYS
> 
> @ Apache Xerces community : please review and possibly vote.
> 
> On Thu, Jan 20, 2022 at 9:00 PM Michael Glavassevich 
 > wrote:
> Hi Mukul,
> 
> I was just checking the packages.
> 
> I believe the copyright year in http://svn.apache.org/viewvc/xerces/
> java/trunk/NOTICEneeds to be updated for 2022.
> 
> Thanks.
> 
> Michael Glavassevich
> Software Development
> IBM Toronto Lab
> E-mail: mrgla...@ca.ibm.com
> E-mail: mrgla...@apache.org
> 
> "Mukul Gandhi"  wrote on 2022-01-20 02:33:53 AM:
> 
> > Hi all,
> >This is a request to vote, to the Apache Xerces community, to 
> > release Xerces-J 2.12.2 version.
> > 
> > I've uploaded the release candidate for the Xerces-J 2.12.2 version,
> > at [1] for review.
> > 
> > You could see that, there are two sets of packages, the main release
> > built from the trunk [2] and a release built from the XML Schema 1.1
> > development branch [3]. The change summary is available at [4], on 
> > JIRA. 7 issues were resolved.
> > 
> > The pgp public keys for the Xerces-J distribution's signature and 
> > hash files, are available at the locations [5].
> > 
> > The test results have been ok, so I'd like to call an official vote 
> > now on the release.
> > 
> > To start, here's my +1.
>  
> 
> -- 
> Regards,
> Mukul Gandhi

Re: [request to vote]: Xerces-J 2.12.2 release

2022-01-20 Thread Michael Glavassevich 
Hi Mukul,

I was just checking the packages.

I believe the copyright year in 
http://svn.apache.org/viewvc/xerces/java/trunk/NOTICE needs to be updated 
for 2022.

Thanks.

Michael Glavassevich
Software Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com
E-mail: mrgla...@apache.org

"Mukul Gandhi"  wrote on 2022-01-20 02:33:53 AM:

> Hi all,
>This is a request to vote, to the Apache Xerces community, to 
> release Xerces-J 2.12.2 version.
> 
> I've uploaded the release candidate for the Xerces-J 2.12.2 version,
> at [1] for review.
> 
> You could see that, there are two sets of packages, the main release
> built from the trunk [2] and a release built from the XML Schema 1.1
> development branch [3]. The change summary is available at [4], on 
> JIRA. 7 issues were resolved.
> 
> The pgp public keys for the Xerces-J distribution's signature and 
> hash files, are available at the locations [5].
> 
> The test results have been ok, so I'd like to call an official vote 
> now on the release.
> 
> To start, here's my +1.
> 
> [1] https://dist.apache.org/repos/dist/dev/xerces/j/2.12.2/
> [2] http://svn.apache.org/viewvc/xerces/java/tags/Xerces-J_2_12_2/
> [3] http://svn.apache.org/viewvc/xerces/java/tags/Xerces-J_2_12_2-
> xml-schema-1.1/
> [4] https://issues.apache.org/jira/secure/ReleaseNote.jspa?
> projectId=10520=Html=12351257
> [5] https://svn.apache.org/repos/asf/xerces/java/trunk/KEYS,
>  https://svn.apache.org/repos/asf/xerces/java/branches/xml-
> schema-1.1-dev/KEYS
> 
> -- 
> Regards,
> Mukul Gandhi

Re: [REVISED VOTE]: Xerces-J 2.12.1 release

2020-01-06 Thread Michael Glavassevich 
Here's my +1.

Thanks again Mukul.

Happy New Year!

Michael Glavassevich
XML Technologies and WAS Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com
E-mail: mrgla...@apache.org

Mukul Gandhi  wrote on 2020-01-01 04:50:28 AM:

> Hi all,
>This is a revised voting request to the Xerces XML community, to 
> release Xerces-J 2.12.1 version, since we could fix few more bugs 
> after the first release candidate was prepared.
> 
> I request Xerces XML community to vote, to release Xerces-J 2.12.1 
> version. This shall be a minor Xerces-J release, when compared to 
> Xerces-J 2.12.0 release.
> 
> I've uploaded the release candidate for the Xerces-J 2.12.1 version,
> to [1] for review.
> 
> You could see that, there are two sets of packages, the main release
> built from the trunk [2] and a release built from the XML Schema 1.1
> development branch [3]. The change summary is available here [4] in 
> JIRA. 10 issues were resolved.
> 
> My Xerces PGP key, is available at the locations [5]. Both the 
> locations mentioned at [5] contain identical keys.
> 
> Test results have been ok, so I'd like to call an official vote now 
> on the release.
> 
> To start, here's my +1.
> 
> Great work everyone.
> 
> [1] https://dist.apache.org/repos/dist/dev/xerces/j/2.12.1/
> [2] http://svn.apache.org/viewvc/xerces/java/tags/Xerces-J_2_12_1/
> [3] http://svn.apache.org/viewvc/xerces/java/tags/Xerces-J_2_12_1-
> xml-schema-1.1/
> [4] https://issues.apache.org/jira/secure/ReleaseNote.jspa?
> projectId=10520=Html=12346610
> [5] https://svn.apache.org/repos/asf/xerces/java/trunk/KEYS,
>  https://svn.apache.org/repos/asf/xerces/java/branches/xml-
> schema-1.1-dev/KEYS
> 
> On Mon, Dec 23, 2019 at 10:04 AM Mukul Gandhi  wrote:
> Hi all,
>I'm thinking to initiate a revised vote for 2.12.1 release, 
> during early January next year, due to an assumption that quite many
> people on Xerces lists might be on holiday during this time.
> 
> I hope this would be fine.
> 
>  
> 
> -- 
> Regards,
> Mukul Gandhi

RE: [EXTERNAL] [VOTE RESULTS]: Xerces-J 2.12.0 release

2018-05-22 Thread Michael Glavassevich 
CVE-2018-2799 was the only one we asked about, but it was security@'s 
opinion that we didn't need a new CVE for that one. Honestly, this isn't a 
subject I know much about. I think if this had been reported through the 
security team (under the assumption it was a newly discovered issue), 
following through the process [1] a new CVE would have been requested.

Thanks.

[1] https://www.apache.org/security/committers.html

Michael Glavassevich
XML Technologies and WAS Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com
E-mail: mrgla...@apache.org

David Dillard <david.dill...@veritas.com> wrote on 05/22/2018 11:20:08 AM:

> From: David Dillard <david.dill...@veritas.com>
> To: "j-...@xerces.apache.org" <j-...@xerces.apache.org>, "j-
> us...@xerces.apache.org" <j-users@xerces.apache.org>
> Cc: "muk...@apache.org" <muk...@apache.org>, 
> "priv...@xerces.apache.org" <priv...@xerces.apache.org>
> Date: 05/22/2018 11:30 AM
> Subject: RE: [EXTERNAL] [VOTE RESULTS]: Xerces-J 2.12.0 release
> 
> Hi Michael,
> 
> That’s ok for CVE-2012-0881, though the CPEs (affected software and 
> versions) should be updated to reflect that the issue was fixed in 
> 2.12.0.  I’m happy to send that request in if you like.
> 
> However, for CVE-2013-4002 and CVE-2018-2799 I’m going to disagree ,
> as neither of them even mentions Xerces.  As is, the only way anyway
> would know that those two vulnerabilities were fixed in Xerces is to
> read the Xerces release announcement.  So, if someone relies on 
> tools like Dependency Check, Black Duck or White Source (which can 
> scan jars for known vulnerabilities) there’d be no issue flagged for
> Xerces 2.11.0 or earlier.  That’s bad.  I don’t think updating the 
> CPEs for either of those vulnerabilities is really an option and IBM
> and Oracle issued them and the descriptions are specific to their 
> products.  I think new CVEs are needed for these issues.
> 
> Fixing vulnerabilities is obviously important, but making it easy 
> for people to know those vulnerabilities have been fixed is also 
important.
> 
> 
> Regards,
> 
> David
> 
> 
> From: Michael Glavassevich [mailto:mrgla...@ca.ibm.com] 
> Sent: Tuesday, May 22, 2018 9:52 AM
> To: j-users@xerces.apache.org
> Cc: j-...@xerces.apache.org; muk...@apache.org; 
priv...@xerces.apache.org
> Subject: RE: [EXTERNAL] [VOTE RESULTS]: Xerces-J 2.12.0 release
> 
> I thought the CVE was mentioned in the release announcement.
> 
> The security team did eventually respond to us and said we shouldn't
> need a new CVE since it's the same source code that's affected.
> 
> Thanks.
> 
> Michael Glavassevich
> XML Technologies and WAS Development
> IBM Toronto Lab
> E-mail: mrgla...@ca.ibm.com
> E-mail: mrgla...@apache.org

RE: [EXTERNAL] [VOTE RESULTS]: Xerces-J 2.12.0 release

2018-05-22 Thread Michael Glavassevich 
I thought the CVE was mentioned in the release announcement.

The security team did eventually respond to us and said we shouldn't need 
a new CVE since it's the same source code that's affected.

Thanks.

Michael Glavassevich
XML Technologies and WAS Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com
E-mail: mrgla...@apache.org

David Dillard <david.dill...@veritas.com> wrote on 05/21/2018 10:25:25 AM:

> From: David Dillard <david.dill...@veritas.com>
> To: "j-...@xerces.apache.org" <j-...@xerces.apache.org>
> Cc: "j-users@xerces.apache.org" <j-users@xerces.apache.org>, 
> "muk...@apache.org" <muk...@apache.org>, "priv...@xerces.apache.org"
> <priv...@xerces.apache.org>
> Date: 05/22/2018 09:45 AM
> Subject: RE: [EXTERNAL] [VOTE RESULTS]: Xerces-J 2.12.0 release
> 
> Any news on this?
> 
> 
> From: Michael Glavassevich [mailto:mrgla...@ca.ibm.com] 
> Sent: Monday, April 30, 2018 11:54 AM
> To: j-...@xerces.apache.org
> Cc: j-users@xerces.apache.org; muk...@apache.org; 
priv...@xerces.apache.org
> Subject: RE: [EXTERNAL] [VOTE RESULTS]: Xerces-J 2.12.0 release
> 
> I have asked security@ for guidance on what to do next.
> 
> Michael Glavassevich
> XML Technologies and WAS Development
> IBM Toronto Lab
> E-mail: mrgla...@ca.ibm.com
> E-mail: mrgla...@apache.org
> 
> David Dillard <david.dill...@veritas.com> wrote on 04/30/2018 11:02:28 
AM:
> 
> > From: David Dillard <david.dill...@veritas.com>
> > To: "j-...@xerces.apache.org" <j-...@xerces.apache.org>, 
> > "muk...@apache.org" <muk...@apache.org>, "priv...@xerces.apache.org"
> > <priv...@xerces.apache.org>, "j-users@xerces.apache.org"  > us...@xerces.apache.org>
> >
> > Date: 04/30/2018 11:32 AM
> > Subject: RE: [EXTERNAL] [VOTE RESULTS]: Xerces-J 2.12.0 release
> > 
> > I asked before about getting a CVE for the issue I raised that was 
> > fixed, and about a security advisory.  I don’t recall seeing a 
response.
> > 
> > Can that please be done as well?  I don’t know what the internal 
> > Apache process is for getting CVEs, but there’s got to be one.
> > 
> > 
> > From: Mukul Gandhi [mailto:muk...@apache.org] 
> > Sent: Sunday, April 29, 2018 11:45 PM
> > To: j-...@xerces.apache.org; priv...@xerces.apache.org; j-
> > us...@xerces.apache.org
> > Subject: [EXTERNAL] [VOTE RESULTS]: Xerces-J 2.12.0 release
> > 
> > Hi all,
> >The vote to release Xerces-J 2.12.0 resulted in 3 +1 votes (all 
> > from PMC members) and no other votes:
> > 
> > +1 by:
> > Gareth Reakes (PMC)
> > Michael Glavassevich (PMC)
> > Mukul Gandhi (PMC)
> > 
> > The release should be up on the mirror sites very soon.
> > 
> > 
> > On Mon, Apr 23, 2018 at 5:36 PM, Mukul Gandhi <muk...@apache.org> 
wrote:
> > Hi all,
> >The 1st voting for Xerces-J 2.12.0 release was stopped, due to 
> > certain issues that were in the release candidates (RC) that were 
> > found by the reviewers ([5]). Those have been fixed now, and I'm 
> > initiating this new mail for the Vote for new RC.
> > 
> > I've uploaded Xerces-J 2.12.0 release candidates (the revised one) 
> > to [1] for review. In this release candidate there are two sets of 
> > packages, the main release built from the trunk [2] and the XML 
> > Schema 1.1 release built from the XML Schema 1.1 development branch 
> > [3]. The change summary is available here [4] in JIRA. 81 issues 
> > (plus issues that were mentioned, during the review of 1st RC) 
> were resolved.
> > 
> > Test results have been looking good, so I'd like to call an official
> > vote now on the release.
> > 
> > To start, here's my +1.
> > 
> > Great work everyone.
> > 
> > [1] https://dist.apache.org/repos/dist/dev/xerces/j/2.12.0/
> > Revision 26468
> > 
> > [2] http://svn.apache.org/viewvc/xerces/java/tags/Xerces-J_2_12_0/
> > Directory revision: 1829687 (of 1829689)
> > 
> > [3] http://svn.apache.org/viewvc/xerces/java/tags/Xerces-J_2_12_0-
> > xml-schema-1.1/
> > Directory revision: 1829688 (of 1829689)
> > 
> > [4] https://issues.apache.org/jira/secure/ReleaseNote.jspa?
> > projectId=10520=12336542
> > 
> > [5] https://markmail.org/message/54obpdyqrn6nfzgi: discussion about
> > previous RC, suggesting a revote
> > 
> > [6] Deleting .md5 hash files from the RC distribution at, https://
> > dist.apache.org/repos/dist/dev/xerces/j/2.12.0/. Mentioned Revision 
> > number in point [1] above. (suggestions from sebb, seb...@gmail.com 
> > during this voting)
> > 
> > 
> 
> > 
> > -- 
> > Regards,
> > Mukul Gandhi

Re: [ANNOUNCEMENT]: Apache Xerces-J 2.12.0 now available

2018-05-11 Thread Michael Glavassevich 
For Apache Commons, how well did that work for improving activity?

Michael Glavassevich
XML Technologies and WAS Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com
E-mail: mrgla...@apache.org

Dave Brosius <dbros...@mebigfatguy.com> wrote on 05/10/2018 05:15:22 PM:

> From: Dave Brosius <dbros...@mebigfatguy.com>
> To: j-users@xerces.apache.org
> Date: 05/10/2018 05:16 PM
> Subject: Re: [ANNOUNCEMENT]: Apache Xerces-J 2.12.0 now available
> 
> What Apache Commons did, in a similar circumstance was unilaterally 
> open up committership to all commons projects to a much wider 
> audience. Perhaps Xerces should consider doing that as well.
> 
> On 05/10/2018 01:48 PM, Michael Glavassevich wrote:
> Folks, it took us 7 years and 5 months to get a new release out. I 
> would hope that alone would make it evident that this project needs 
> more help from the community if it's going to keep moving forward.
> 
> I see at least a few people feel strongly about Maven and would 
> encourage them to contribute. The same goes for anything else you 
> feel passionate about seeing implemented of fixed in Xerces.
> 
> Thanks.
> 
> Michael Glavassevich
> XML Technologies and WAS Development
> IBM Toronto Lab
> E-mail: mrgla...@ca.ibm.com
> E-mail: mrgla...@apache.org
> 
> Mukul Gandhi <muk...@apache.org> wrote on 05/10/2018 02:39:32 AM:
> 
> > Hi Dave,
> > 
> > On Thu, May 10, 2018 at 11:23 AM, Dave Brosius 
<dbros...@mebigfatguy.com
> > > wrote:
> > Yes, but if i want to publish an artifact to maven, and my artifact 
> > depends on xerces, are you expecting all the users of my artifact to
> > do the same? And if someone else creates an artifact based on my 
> > artifact, etc, etc.?
> >  As far as I know, Maven provides following ways to fetch build 
> dependencies:
> > 
> > 1) Get dependencies from a global Maven repository. This requires a 
> > connection to internet. Some environments prohibit an internet 
> > connection. Also on slow internet connections, getting tons of 
> > artifacts from the global Maven repository during the build may 
bedifficult.
> > 2) Get dependencies from a Maven repository on an Intranet server.
> > 3) Get dependencies from a Maven repository on the local host.
> > 
> > You & people in favor of your point seems to say that 1) above is 
> > the best/only method. But clearly, 2) is also another method. Of 
> > course, 3) above is also yet another method for fetching Maven 
dependencies.
> > 
> > -- 
> > Regards,
> > Mukul Gandhi

Re: [ANNOUNCEMENT]: Apache Xerces-J 2.12.0 now available

2018-05-10 Thread Michael Glavassevich 
Oops, typo:

implemented of fixed in Xerces --> implemented or fixed in Xerces.

Michael Glavassevich
XML Technologies and WAS Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com
E-mail: mrgla...@apache.org

"Michael Glavassevich" <mrgla...@ca.ibm.com> wrote on 05/10/2018 01:48:52 
PM:

> From: "Michael Glavassevich" <mrgla...@ca.ibm.com>
> To: j-users@xerces.apache.org
> Cc: j-...@xerces.apache.org
> Date: 05/10/2018 01:49 PM
> Subject: Re: [ANNOUNCEMENT]: Apache Xerces-J 2.12.0 now available
> 
> Folks, it took us 7 years and 5 months to get a new release out. I 
> would hope that alone would make it evident that this project needs 
> more help from the community if it's going to keep moving forward.
> 
> I see at least a few people feel strongly about Maven and would 
> encourage them to contribute. The same goes for anything else you 
> feel passionate about seeing implemented of fixed in Xerces.
> 
> Thanks.
> 
> Michael Glavassevich
> XML Technologies and WAS Development
> IBM Toronto Lab
> E-mail: mrgla...@ca.ibm.com
> E-mail: mrgla...@apache.org
> 
> Mukul Gandhi <muk...@apache.org> wrote on 05/10/2018 02:39:32 AM:
> 
> > Hi Dave,
> > 
> > On Thu, May 10, 2018 at 11:23 AM, Dave Brosius 
<dbros...@mebigfatguy.com
> > > wrote:
> > Yes, but if i want to publish an artifact to maven, and my artifact 
> > depends on xerces, are you expecting all the users of my artifact to
> > do the same? And if someone else creates an artifact based on my 
> > artifact, etc, etc.?
> >  As far as I know, Maven provides following ways to fetch build 
> dependencies:
> > 
> > 1) Get dependencies from a global Maven repository. This requires a 
> > connection to internet. Some environments prohibit an internet 
> > connection. Also on slow internet connections, getting tons of 
> > artifacts from the global Maven repository during the build may 
bedifficult.
> > 2) Get dependencies from a Maven repository on an Intranet server.
> > 3) Get dependencies from a Maven repository on the local host.
> > 
> > You & people in favor of your point seems to say that 1) above is 
> > the best/only method. But clearly, 2) is also another method. Of 
> > course, 3) above is also yet another method for fetching Maven 
dependencies.
> > 
> > -- 
> > Regards,
> > Mukul Gandhi

Re: [ANNOUNCEMENT]: Apache Xerces-J 2.12.0 now available

2018-05-10 Thread Michael Glavassevich 
Folks, it took us 7 years and 5 months to get a new release out. I would 
hope that alone would make it evident that this project needs more help 
from the community if it's going to keep moving forward.

I see at least a few people feel strongly about Maven and would encourage 
them to contribute. The same goes for anything else you feel passionate 
about seeing implemented of fixed in Xerces.

Thanks.

Michael Glavassevich
XML Technologies and WAS Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com
E-mail: mrgla...@apache.org

Mukul Gandhi <muk...@apache.org> wrote on 05/10/2018 02:39:32 AM:

> Hi Dave,
> 
> On Thu, May 10, 2018 at 11:23 AM, Dave Brosius <dbros...@mebigfatguy.com
> > wrote:
> Yes, but if i want to publish an artifact to maven, and my artifact 
> depends on xerces, are you expecting all the users of my artifact to
> do the same? And if someone else creates an artifact based on my 
> artifact, etc, etc.?
>  As far as I know, Maven provides following ways to fetch build 
dependencies:
> 
> 1) Get dependencies from a global Maven repository. This requires a 
> connection to internet. Some environments prohibit an internet 
> connection. Also on slow internet connections, getting tons of 
> artifacts from the global Maven repository during the build may be 
difficult.
> 2) Get dependencies from a Maven repository on an Intranet server.
> 3) Get dependencies from a Maven repository on the local host.
> 
> You & people in favor of your point seems to say that 1) above is 
> the best/only method. But clearly, 2) is also another method. Of 
> course, 3) above is also yet another method for fetching Maven 
dependencies.
> 
> -- 
> Regards,
> Mukul Gandhi

Re: [ANNOUNCEMENT]: Apache Xerces-J 2.12.0 now available

2018-05-08 Thread Michael Glavassevich 
I believe they got uploaded by other ASF committers / members so they're 
official in that sense. It just wasn't done by Xerces developers.

There was no policy decision. It's more of a motivation issue. The 
developers (past and present) haven't shown much interest in Maven. Of 
course anyone interested is welcome to drive it. Just needs a volunteer to 
do the work.

Thanks.

Michael Glavassevich
XML Technologies and WAS Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com
E-mail: mrgla...@apache.org

"Mark H. Wood" <mw...@iupui.edu> wrote on 05/08/2018 09:22:07 AM:

> From: "Mark H. Wood" <mw...@iupui.edu>
> To: j-users@xerces.apache.org
> Date: 05/08/2018 09:22 AM
> Subject: Re: [ANNOUNCEMENT]: Apache Xerces-J 2.12.0 now available
> 
> On Tue, May 08, 2018 at 10:59:09AM +0530, Mukul Gandhi wrote:
> > On Tue, May 8, 2018 at 6:19 AM, Dave Brosius <dbros...@apache.org> 
wrote:
> > >
> > > xercesImpl.jar has still yet to show up on maven central, was this 
an
> > > oversight?
> > >
> > Michael Glavassevich, replied to a question on same topic on list
> > j-...@xerces.apache.org a while ago as follows,
> > 
> > "Maven has never been part of our release process. Other people from 
the
> > community would have uploaded those previous releases."
> > 
> > I hope that could answer the question.
> 
> Interesting that someone in the community has been sending up various
> artifacts under the groupId "xerces" since 2005.  It certainly
> *looked* official.  How disappointing.
> 
> Was there a policy decision not to release Maven artifacts, or does it
> just need someone to do the work?  I could do the work.  But I don't
> want to perpetrate yet-another-confusing-unofficial-release.
> 
> -- 
> Mark H. Wood
> Lead Technology Analyst
> 
> University Library
> Indiana University - Purdue University Indianapolis
> 755 W. Michigan Street
> Indianapolis, IN 46202
> 317-274-0749
> www.ulib.iupui.edu

RE: [EXTERNAL] [VOTE RESULTS]: Xerces-J 2.12.0 release

2018-04-30 Thread Michael Glavassevich 
I have asked security@ for guidance on what to do next.

Michael Glavassevich
XML Technologies and WAS Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com
E-mail: mrgla...@apache.org

David Dillard <david.dill...@veritas.com> wrote on 04/30/2018 11:02:28 AM:

> From: David Dillard <david.dill...@veritas.com>
> To: "j-...@xerces.apache.org" <j-...@xerces.apache.org>, 
> "muk...@apache.org" <muk...@apache.org>, "priv...@xerces.apache.org"
> <priv...@xerces.apache.org>, "j-users@xerces.apache.org"  us...@xerces.apache.org>
>
> Date: 04/30/2018 11:32 AM
> Subject: RE: [EXTERNAL] [VOTE RESULTS]: Xerces-J 2.12.0 release
> 
> I asked before about getting a CVE for the issue I raised that was 
> fixed, and about a security advisory.  I don’t recall seeing a response.
> 
> Can that please be done as well?  I don’t know what the internal 
> Apache process is for getting CVEs, but there’s got to be one.
> 
> 
> From: Mukul Gandhi [mailto:muk...@apache.org] 
> Sent: Sunday, April 29, 2018 11:45 PM
> To: j-...@xerces.apache.org; priv...@xerces.apache.org; j-
> us...@xerces.apache.org
> Subject: [EXTERNAL] [VOTE RESULTS]: Xerces-J 2.12.0 release
> 
> Hi all,
>    The vote to release Xerces-J 2.12.0 resulted in 3 +1 votes (all 
> from PMC members) and no other votes:
> 
> +1 by:
> Gareth Reakes (PMC)
> Michael Glavassevich (PMC)
> Mukul Gandhi (PMC)
> 
> The release should be up on the mirror sites very soon.
> 
> 
> On Mon, Apr 23, 2018 at 5:36 PM, Mukul Gandhi <muk...@apache.org> wrote:
> Hi all,
>The 1st voting for Xerces-J 2.12.0 release was stopped, due to 
> certain issues that were in the release candidates (RC) that were 
> found by the reviewers ([5]). Those have been fixed now, and I'm 
> initiating this new mail for the Vote for new RC.
> 
> I've uploaded Xerces-J 2.12.0 release candidates (the revised one) 
> to [1] for review. In this release candidate there are two sets of 
> packages, the main release built from the trunk [2] and the XML 
> Schema 1.1 release built from the XML Schema 1.1 development branch 
> [3]. The change summary is available here [4] in JIRA. 81 issues 
> (plus issues that were mentioned, during the review of 1st RC) were 
resolved.
> 
> Test results have been looking good, so I'd like to call an official
> vote now on the release.
> 
> To start, here's my +1.
> 
> Great work everyone.
> 
> [1] https://dist.apache.org/repos/dist/dev/xerces/j/2.12.0/
> Revision 26468
> 
> [2] http://svn.apache.org/viewvc/xerces/java/tags/Xerces-J_2_12_0/
> Directory revision: 1829687 (of 1829689)
> 
> [3] http://svn.apache.org/viewvc/xerces/java/tags/Xerces-J_2_12_0-
> xml-schema-1.1/
> Directory revision: 1829688 (of 1829689)
> 
> [4] https://issues.apache.org/jira/secure/ReleaseNote.jspa?
> projectId=10520=12336542
> 
> [5] https://markmail.org/message/54obpdyqrn6nfzgi : discussion about
> previous RC, suggesting a revote
> 
> [6] Deleting .md5 hash files from the RC distribution at, https://
> dist.apache.org/repos/dist/dev/xerces/j/2.12.0/. Mentioned Revision 
> number in point [1] above. (suggestions from sebb, seb...@gmail.com 
> during this voting)
> 
> 

> 
> -- 
> Regards,
> Mukul Gandhi

Re: [REVISED VOTE]: Xerces-J 2.12.0 release

2018-04-25 Thread Michael Glavassevich 
+1. Thanks Mukul.

Michael Glavassevich
XML Technologies and WAS Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com
E-mail: mrgla...@apache.org

Mukul Gandhi <muk...@apache.org> wrote on 04/23/2018 08:06:24 AM:

> From: Mukul Gandhi <muk...@apache.org>
> To: j-...@xerces.apache.org, priv...@xerces.apache.org, j-
> us...@xerces.apache.org
> Date: 04/23/2018 08:08 AM
> Subject: Re: [REVISED VOTE]: Xerces-J 2.12.0 release
> 
> Hi all,
>The 1st voting for Xerces-J 2.12.0 release was stopped, due to 
> certain issues that were in the release candidates (RC) that were 
> found by the reviewers ([5]). Those have been fixed now, and I'm 
> initiating this new mail for the Vote for new RC.
> 
> I've uploaded Xerces-J 2.12.0 release candidates (the revised one) 
> to [1] for review. In this release candidate there are two sets of 
> packages, the main release built from the trunk [2] and the XML 
> Schema 1.1 release built from the XML Schema 1.1 development branch 
> [3]. The change summary is available here [4] in JIRA. 81 issues 
> (plus issues that were mentioned, during the review of 1st RC) were 
resolved.
> 
> Test results have been looking good, so I'd like to call an official
> vote now on the release.
> 
> To start, here's my +1.
> 
> Great work everyone.
> 
> [1] https://dist.apache.org/repos/dist/dev/xerces/j/2.12.0/
> Revision 26468
> 
> [2] http://svn.apache.org/viewvc/xerces/java/tags/Xerces-J_2_12_0/
> Directory revision: 1829687 (of 1829689)
> 
> [3] http://svn.apache.org/viewvc/xerces/java/tags/Xerces-J_2_12_0-
> xml-schema-1.1/
> Directory revision: 1829688 (of 1829689)
> 
> [4] https://issues.apache.org/jira/secure/ReleaseNote.jspa?
> projectId=10520=12336542
> 
> [5] https://markmail.org/message/54obpdyqrn6nfzgi : discussion about
> previous RC, suggesting a revote
> 
> [6] Deleting .md5 hash files from the RC distribution at, https://
> dist.apache.org/repos/dist/dev/xerces/j/2.12.0/. Mentioned Revision 
> number in point [1] above. (suggestions from sebb, seb...@gmail.com 
> during this voting)
> 
>  
> 
> -- 
> Regards,
> Mukul Gandhi

Re: Any Xerces-J 2.12.0 release date to address CVE-2012-0881?

2018-01-11 Thread Michael Glavassevich 
Some of these steps are out-of-date but this [1] should give you a general 
idea of what's involved in preparing a release. I think some projects have 
had committers who just wrote documentation or contributed in other 
non-coding ways so that's certainly a possibility.

Thanks.

[1] http://xerces.apache.org/xerces2-j/faq-contributing.html#faq-2

Michael Glavassevich
XML Technologies and WAS Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com
E-mail: mrgla...@apache.org

"Eric J. Schwarzenbach" <eric.schwarzenb...@wrycan.com> wrote on 
01/11/2018 02:05:12 PM:

> From: "Eric J. Schwarzenbach" <eric.schwarzenb...@wrycan.com>
> To: j-users@xerces.apache.org
> Date: 01/11/2018 02:05 PM
> Subject: Re: Any Xerces-J 2.12.0 release date to address CVE-2012-0881?
> 
> One might expect "commiter" to imply a coder, but could someone who 
> is not going to actually work on xerces code be made a committer? If
> so, what skills would such a person need in order to help get the 
release out?
> On 01/11/2018 01:42 PM, Michael Glavassevich wrote:
> A lot of what needs to get done requires write-access and that can 
> only be done by committers [1]. That's where this project has been 
> hurting for a long time and where we definitely need help. Of course
> there are activities such as testing or doing a build that anyone 
> could do, but someone with commit access is needed to pull a 
releasetogether.
> 
> Thanks.
> 
> [1] http://www.apache.org/foundation/getinvolved.html#become-a-committer
> 
> Michael Glavassevich
> XML Technologies and WAS Development
> IBM Toronto Lab
> E-mail: mrgla...@ca.ibm.com
> E-mail: mrgla...@apache.org
> 
> Will Herrmann <wjherrm...@gmail.com> wrote on 01/10/2018 11:34:39 PM:
> 
> > I too work with an organization that is a bit concerned about using 
> > a library with a 5-year old security issue. If the issue is a lack 
> > of volunteers, what can we do to help, especially given that the fix
> > is already done? Do you need testers? People to build from source? 
> > Something else?
> > 
> > -Will Herrmann
> > 
> > > As has been the case for a long time, Xerces-J 2.12.0 needs 
volunteers to 
> > > actually make this release happen.
> > > 
> > > Michael Glavassevich
> > > XML Technologies and WAS Development
> > > IBM Toronto Lab
> > > E-mail: mrgla...@ca.ibm.com
> > > E-mail: mrgla...@apache.org
> > > 
> > > Gary Gregory <garydgreg...@gmail.com> wrote on 12/22/2017 01:46:28 
PM:
> > >  
> > > > Good question. Xerces has been rather... inactive :-(
> > > > 
> > > > Gary
> > > > 
> > > > On Fri, Dec 22, 2017 at 7:15 AM, Yves Geissbühler <
> > > > yves.geissbueh...@incentage.com> wrote:
> > > > Hi all,
> > > > my problem is that Xerces-J 2.11.0 pops up on the OWASP Dependency 

> > > > Check [1] having the vulnerability CVE-2012-0881.
> > > > 
> > > > After some investigation I found that CVE-2012-0881 has been 
indeed 
> > > > fixed and is scheduled to be released for Xerces-J 2.12.0 [2].
> > > > 
> > > > However, no specific release date is given [3].
> > > > 
> > > > Could you point me to a release schedule or do you know the 
release 
> > > date?
> > > > 
> > > > Using libraries which contain vulnerabilities is not an option for 

> > > > my organisation. So, I'm hoping for a Xerces-J 2.11.0 release 
> > > > happening soonish.
> > > > 
> > > > Best regards,
> > > > Yves
> > > > 
> > > > [1] https://urldefense.proofpoint.com/v2/url?
> > 
> 
u=https-3A__www.owasp.org_index.php_OWASP-5FDependency-5FCheck=DwIFaQ=jf_iaSHvJObTbx-
> > siA1ZOg=KSsQtaTrbQnz98UqasbfUccVGXxb9hHxwso62zJ-
> > DKI=mhg1UoAqEyPAE-
> > 
> 
iRxRa_1F1tVGzXVcJXZNLn39oyBRM=8VFeoB1BkOSReGrRxENRnFx7vA5raEwKWVB8GdwRkf8=
> > > > [2] https://urldefense.proofpoint.com/v2/url?
> > 
> 
u=https-3A__issues.apache.org_jira_browse_XERCESJ-2D1685=DwIFaQ=jf_iaSHvJObTbx-
> > siA1ZOg=KSsQtaTrbQnz98UqasbfUccVGXxb9hHxwso62zJ-
> > DKI=mhg1UoAqEyPAE-
> > 
> 
iRxRa_1F1tVGzXVcJXZNLn39oyBRM=hCJU3BJU6XA9RAk8dWjptod9p0vLPln5AdUllsOIlus=
> > > > [3] https://urldefense.proofpoint.com/v2/url?
> > 
> 
u=https-3A__issues.apache.org_jira_projects_XERCESJ_versions_12336542=DwIFaQ=jf_iaSHvJObTbx-
> > siA1ZOg=KSsQtaTrbQnz98UqasbfUccVGXxb9hHxwso62zJ-
> > DKI=mhg1UoAqEyPAE-
> > 
> 
iRxRa_1F1tVGzXVcJXZNLn39oyBRM=InGKcCzaUSGYeBbHNA8i3dJtU2CQb40diziknWlHYJY=
> > 
> > -
> > To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org
> > For additional commands, e-mail: j-users-h...@xerces.apache.org

Re: Any Xerces-J 2.12.0 release date to address CVE-2012-0881?

2018-01-11 Thread Michael Glavassevich 
A lot of what needs to get done requires write-access and that can only be 
done by committers [1]. That's where this project has been hurting for a 
long time and where we definitely need help. Of course there are 
activities such as testing or doing a build that anyone could do, but 
someone with commit access is needed to pull a release together.

Thanks.

[1] http://www.apache.org/foundation/getinvolved.html#become-a-committer

Michael Glavassevich
XML Technologies and WAS Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com
E-mail: mrgla...@apache.org

Will Herrmann <wjherrm...@gmail.com> wrote on 01/10/2018 11:34:39 PM:

> I too work with an organization that is a bit concerned about using 
> a library with a 5-year old security issue. If the issue is a lack 
> of volunteers, what can we do to help, especially given that the fix
> is already done? Do you need testers? People to build from source? 
> Something else?
> 
> -Will Herrmann
> 
> > As has been the case for a long time, Xerces-J 2.12.0 needs volunteers 
to 
> > actually make this release happen.
> > 
> > Michael Glavassevich
> > XML Technologies and WAS Development
> > IBM Toronto Lab
> > E-mail: mrgla...@ca.ibm.com
> > E-mail: mrgla...@apache.org
> > 
> > Gary Gregory <garydgreg...@gmail.com> wrote on 12/22/2017 01:46:28 PM:
> > 
> > > Good question. Xerces has been rather... inactive :-(
> > > 
> > > Gary
> > > 
> > > On Fri, Dec 22, 2017 at 7:15 AM, Yves Geissbühler <
> > > yves.geissbueh...@incentage.com> wrote:
> > > Hi all,
> > > my problem is that Xerces-J 2.11.0 pops up on the OWASP Dependency 
> > > Check [1] having the vulnerability CVE-2012-0881.
> > > 
> > > After some investigation I found that CVE-2012-0881 has been indeed 
> > > fixed and is scheduled to be released for Xerces-J 2.12.0 [2].
> > > 
> > > However, no specific release date is given [3].
> > > 
> > > Could you point me to a release schedule or do you know the release 
> > date?
> > > 
> > > Using libraries which contain vulnerabilities is not an option for 
> > > my organisation. So, I'm hoping for a Xerces-J 2.11.0 release 
> > > happening soonish.
> > > 
> > > Best regards,
> > > Yves
> > > 
> > > [1] https://urldefense.proofpoint.com/v2/url?
> 
u=https-3A__www.owasp.org_index.php_OWASP-5FDependency-5FCheck=DwIFaQ=jf_iaSHvJObTbx-
> siA1ZOg=KSsQtaTrbQnz98UqasbfUccVGXxb9hHxwso62zJ-
> DKI=mhg1UoAqEyPAE-
> 
iRxRa_1F1tVGzXVcJXZNLn39oyBRM=8VFeoB1BkOSReGrRxENRnFx7vA5raEwKWVB8GdwRkf8=
> > > [2] https://urldefense.proofpoint.com/v2/url?
> 
u=https-3A__issues.apache.org_jira_browse_XERCESJ-2D1685=DwIFaQ=jf_iaSHvJObTbx-
> siA1ZOg=KSsQtaTrbQnz98UqasbfUccVGXxb9hHxwso62zJ-
> DKI=mhg1UoAqEyPAE-
> 
iRxRa_1F1tVGzXVcJXZNLn39oyBRM=hCJU3BJU6XA9RAk8dWjptod9p0vLPln5AdUllsOIlus=
> > > [3] https://urldefense.proofpoint.com/v2/url?
> 
u=https-3A__issues.apache.org_jira_projects_XERCESJ_versions_12336542=DwIFaQ=jf_iaSHvJObTbx-
> siA1ZOg=KSsQtaTrbQnz98UqasbfUccVGXxb9hHxwso62zJ-
> DKI=mhg1UoAqEyPAE-
> 
iRxRa_1F1tVGzXVcJXZNLn39oyBRM=InGKcCzaUSGYeBbHNA8i3dJtU2CQb40diziknWlHYJY=
> 
> -
> To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org
> For additional commands, e-mail: j-users-h...@xerces.apache.org

Re: Xerces-J 2.* On JDK 9

2018-01-02 Thread Michael Glavassevich 
I can imagine there would be an issue with xml-apis.jar (and Java 9 
modularization), but nothing in xercesImpl.jar should conflict with 
classes in JDK 9. You should be able to include the implementation jar on 
the regular classpath.

Thanks.

Michael Glavassevich
XML Technologies and WAS Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com
E-mail: mrgla...@apache.org

Mark Raynsford <list+org.apache.xer...@io7m.com> wrote on 12/06/2017 
11:40:13 AM:

> On 2017-12-05T16:28:41 -0800
> Jeff Greif <jgr...@alumni.princeton.edu> wrote:
> 
> > You put the xerces jars in the "endorsed overrides" directory.
> > 
> > https://docs.oracle.com/javase/8/docs/technotes/guides/standards/
> 
> "This feature is deprecated and will be removed in a future release."
> 
> It has actually been removed entirely in JDK 9.
> 
> A possible workaround for this would be to run the Xerces jar through
> something like Maven Shade to bulk relocate all of the classes into
> another package.
> 
>   https://maven.apache.org/plugins/maven-shade-plugin/
> 
> I may end up having to do this if Xerces isn't going to change in this
> regard any time soon.
> 
> -- 
> Mark Raynsford | http://www.io7m.com

Re: Any Xerces-J 2.12.0 release date to address CVE-2012-0881?

2018-01-02 Thread Michael Glavassevich 
As has been the case for a long time, Xerces-J 2.12.0 needs volunteers to 
actually make this release happen.

Michael Glavassevich
XML Technologies and WAS Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com
E-mail: mrgla...@apache.org

Gary Gregory <garydgreg...@gmail.com> wrote on 12/22/2017 01:46:28 PM:
 
> Good question. Xerces has been rather... inactive :-(
> 
> Gary
> 
> On Fri, Dec 22, 2017 at 7:15 AM, Yves Geissbühler <
> yves.geissbueh...@incentage.com> wrote:
> Hi all,
> my problem is that Xerces-J 2.11.0 pops up on the OWASP Dependency 
> Check [1] having the vulnerability CVE-2012-0881.
> 
> After some investigation I found that CVE-2012-0881 has been indeed 
> fixed and is scheduled to be released for Xerces-J 2.12.0 [2].
> 
> However, no specific release date is given [3].
> 
> Could you point me to a release schedule or do you know the release 
date?
> 
> Using libraries which contain vulnerabilities is not an option for 
> my organisation. So, I'm hoping for a Xerces-J 2.11.0 release 
> happening soonish.
> 
> Best regards,
> Yves
> 
> [1] https://www.owasp.org/index.php/OWASP_Dependency_Check
> [2] https://issues.apache.org/jira/browse/XERCESJ-1685
> [3] https://issues.apache.org/jira/projects/XERCESJ/versions/12336542

Re: How to programmatically disable the TOTAL_ENTITY_SIZE_LIMIT limit?

2018-01-02 Thread Michael Glavassevich 
Xerces does not have an implementation of 
javax.xml.stream.XMLStreamReader. It seems that you are using Oracle's 
JAXP implementation. You're more likely to get a helpful answer on one of 
their forums.

Thanks.

Michael Glavassevich
XML Technologies and WAS Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com
E-mail: mrgla...@apache.org

Behrang Saeedzadeh <behran...@gmail.com> wrote on 12/23/2017 06:20:09 PM:

> Apparently it can be disabled globally using the 
> "jdk.xml.totalEntitySizeLimit":
> System.setProperty("jdk.xml.totalEntitySizeLimit", "0");
> But I was wondering if it can be disabled on a given XMLEventReader 
> or javax.xml.stream.XMLStreamReader?
> 
> Best regards,
> Behrang Saeedzadeh
> 
> On 24 December 2017 at 10:02, Behrang Saeedzadeh <behran...@gmail.com> 
wrote:
> Hi
> 
> JDK is using Xerces by default for StAX and some other XML related APIs.
> 
> This implementation 
> uses com.sun.org.apache.xerces.internal.utils.XMLSecurityManager as 
> the XML security manager and has a limit 
> 
of 
com.sun.org.apache.xerces.internal.utils.XMLSecurityManager.Limit#TOTAL_ENTITY_SIZE_LIMIT
> (5,000,000) enabled by default.
> 
> Is there a way to programmatically disable this limit when using StAX?
> 
> For example, when creating an XMLInputFactory and XMLEventReader:
> 
> final XMLInputFactory inputFactory = XMLInputFactory.newInstance();

> final XMLEventReader eventReader = inputFactory.createXMLEventReader
> (inputStream);
> 
> Best regards,
> Behrang Saeedzadeh

Re: Grammar caching with multiple schemas for the same target namespace

2017-01-23 Thread Michael Glavassevich 
Hi,

I thought we (at least partially) addressed this issue in the JAXP 1.3 
implementation. I'd suggest having a look at how the 
SoftReferenceGrammarPool [1] works, as its purpose is to cache grammars 
based on both their schema location and target namespace.

Thanks.

[1] 
http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/xerces/jaxp/validation/SoftReferenceGrammarPool.java

Michael Glavassevich
XML Technologies and WAS Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com
E-mail: mrgla...@apache.org

Patrik Stellmann <pat...@volleynet.de> wrote on 01/22/2017 02:04:11 AM:

> Hi,
> 
> I'm recursively processing DITA maps using the SAXParser with 
> XMLGrammarPool. All files are in the default namespace but have 
> different XML schemas associated (set my 
@xsi:noNamespaceSchemaLocation).
> 
> The problem is that the XMLGrammarPool as well as the SAXParser assumes 
> that the schema only depends on the targetNamespace. Thus, they will use 

> the same schema for a topic file as it used for a map file.
> 
> I already implemented my own XMLGrammarPool class that checks if two 
> schema descriptions are equal based on their system id. But it seems 
> that the parser stores a mapping between namespace and systemId. Thus, 
> it asks the grammar pool for a schema with the map system id when 
> processing a topic.
> 
> My current workaround is to create a new instance of the SAXParser for 
> each file I'm processing. This works fine, but I'm wondering if I could 
> improve the performance by reusing the same instance for all files. But 
> I couldn't find out how to change the behavior for getting the grammar!?
> 
> Thanks for any hints.
> 
> Regards,
> Patrik
> 
> -
> To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org
> For additional commands, e-mail: j-users-h...@xerces.apache.org

Re: Missing namespace for attribute defaults from SAXParser

2016-12-09 Thread Michael Glavassevich 
Not user friendly, but working as designed. No prefix is defined for 
attribute default values (see schema spec here [1]).

Some of the more recent XML serialization APIs (LSSerializer / 
XMLStreamWriter) are more namespace-aware and have the ability to fix up 
namespaces during serialization.

Thanks.

[1] https://www.w3.org/TR/xmlschema-1/#sic-attrDefault

Michael Glavassevich
XML Technologies and WAS Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com
E-mail: mrgla...@apache.org

Patrik Stellmann <pat...@volleynet.de> wrote on 12/09/2016 04:09:46 AM:
 
> Hi,
> 
> I'm using org.apache.xerces.parsers.SAXParser and when parsing a file 
> with assigned XSD the added default attributes are missing the namespace 

> prefix.
> 
> The attribute that I have set explicitly is serialized correctly. Ths, 
> I'm pretty sure it is a parser issue.
> 
> I've added a minimal sample below.
> 
> Is this a bug or is there any additional feature I have to activate?
> 
> Thanks and regards,
> Patrik
> 
> 
> java-code:
> 
> import java.io.File;
> import java.io.FileOutputStream;
> 
> import javax.xml.transform.Result;
> import javax.xml.transform.TransformerFactory;
> import javax.xml.transform.sax.SAXTransformerFactory;
> import javax.xml.transform.sax.TransformerHandler;
> import javax.xml.transform.stream.StreamResult;
> 
> import org.apache.xerces.parsers.SAXParser;
> import org.xml.sax.InputSource;
> import org.xml.sax.XMLReader;
> 
> public class ParserTest {
> 
> public static void main (String[] args) {
> try {
> final File inputFile = new File("input.xml");
> final File outputFile = new File("output.xml");
> 
> final TransformerFactory tf = 
> TransformerFactory.newInstance();
> final SAXTransformerFactory stf = (SAXTransformerFactory) 
tf;
> 
> final TransformerHandler serializer = 
> stf.newTransformerHandler();
> 
> XMLReader xmlSource = new SAXParser();
> 
> xmlSource.setFeature("http://apache.org/xml/features/validation/schema;, 

> true);
> 
> Result out = new StreamResult(new 
> FileOutputStream(outputFile));
> serializer.setResult(out);
> xmlSource.setContentHandler(serializer);
> xmlSource.parse(new 
> InputSource(inputFile.toURI().toString()));
> System.out.println("Done!");
> } catch (Exception e) {
> System.err.println(e.getMessage());
> }
> }
> }
> 
> 
> input.xml:
> http://www.w3.org/2001/XMLSchema-instance; 
> xsi:noNamespaceSchemaLocation="schema.xsd" 
> xmlns:ns="http://www.example.org/namespace; ns:attr1="test1"/>
> 
> 
> schema.xsd:
> http://www.w3.org/2001/XMLSchema; 
> xmlns:ns="http://www.example.org/namespace; 
> elementFormDefault="qualified">
>  http://www.example.org/namespace; 
> schemaLocation="namespace.xsd"/>
>  
>  
>  
>  
>  
>  
> 
> 
> 
> namespace.xsd:
> http://www.example.org/namespace; 
> xmlns:xs="http://www.w3.org/2001/XMLSchema;>
>  
>  
> 
> 
> 
> generated output.xml:
>  attr2="default2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance; 
> xmlns:ns="http://www.example.org/namespace"/>
> 
> (note the missing "ns:" before attr2)
> 
> 
> -
> To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org
> For additional commands, e-mail: j-users-h...@xerces.apache.org

Re: Interaction between redefine+include breaks augmenting a base schema's element with new attributes

2016-06-17 Thread Michael Glavassevich 
Thanks David.

Michael Glavassevich
XML Technologies and WAS Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com
E-mail: mrgla...@apache.org

David Costanzo <david_costa...@yahoo.com> wrote on 06/17/2016 09:37:56 AM:
 
> From: David Costanzo
> > > I started with the JIRA release notes [1] and it doesn't look like I
> > > have permissions to help with this. [snip]
> 
> From: Michael Glavassevich
> > I just add you to the list of contributors in JIRA. Hopefully that 
also
> > granted you permission to update that field.
> 
> Yes, that works.  I should be able to build up the release notes, 
> now.  I'll start a new thread in the "xerces-devs" list for any 
> conversation specific to the 2.12.0 release, instead of rambling 
> off-topic on this thread.
> 
> 
> 
> From: David Costanzo
> 
> > > As mentioned previously, the fix that my organization wants > > 
> (XERCESJ-1591, r1396551) was made in the "xml-schema-1.1-dev" 
> > > branch, not trunk, so that branch would have to be merged back to 
> > > trunk (or the fix duplicated in trunk) in order for a 2.12.0 release
> > > to benefit my organization.
> 
> 
> From: Michael Glavassevich
> > I'll take a look at the original fix. Assuming it applies to XML 
Schema 
> > 1.0, it should have been committed at the same time to the trunk.
> 
> 
> That would be appreciated, Michael.  Thanks.
> 
> -
> To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org
> For additional commands, e-mail: j-users-h...@xerces.apache.org



-
To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org
For additional commands, e-mail: j-users-h...@xerces.apache.org

Re: Interaction between redefine+include breaks augmenting a base schema's element with new attributes

2016-06-16 Thread Michael Glavassevich 
Hi David,

David Costanzo <david_costa...@yahoo.com> wrote on 06/15/2016 10:11:18 AM:

> From: David Costanzo <david_costa...@yahoo.com>
> To: "j-users@xerces.apache.org" <j-users@xerces.apache.org>, 
> Date: 06/15/2016 10:12 AM
> Subject: Re: Interaction between redefine+include breaks augmenting 
> a base schema's element with new attributes
> 
> From: Michael Glavassevich <mrgla...@ca.ibm.com>
> > The release notes in JIRA (e.g. 2.11.0 notes [1]) and updates to the 
> > Xerces documentation [2] are something anyone could help us out with. 
We 
> 
> > likely have a bunch of broken links that should be fixed up.
> 
> I started with the JIRA release notes [1] and it doesn't look like I
> have permissions to help with this.  It looks to be generated 
> automatically from the "Fix Version" of tickets, which I don't have 
> permission to change.

I just add you to the list of contributors in JIRA. Hopefully that also 
granted you permission to update that field.

> I think I can grovel through JIRA to identify which fixes will be 
> included in 2.12.0.  From what I can tell, the candidates are 
> everything in JIRA that is "Fixed" with no "Fix Version" set[2] (which 
has 
> 1168 tickets).  Then some manual verification is needed for each 
> ticket to confirm that comment indicates a subversion revision whose
> changes was made in "trunk" and whose revision is after r1039547 
> (when the branch for 2.11.0 was made).  Does this sound correct?

XML Schema 1.1 specific fixes and improvements will only be on the 
"xml-schema-1.1-dev" branch. If we missed something more generic (i.e. 
also applies to XML Schema 1.0) then we should get that merged back on to 
the trunk.

I think in general, any JIRA resolved with a fix after November 30th, 2010 
(release date of Xerces-J 2.11.0) should be marked as being fixed in 
2.12.0.

> As mentioned previously, the fix that my organization wants 
> (XERCESJ-1591, r1396551) was made in the "xml-schema-1.1-dev" 
> branch, not trunk, so that branch would have to be merged back to 
> trunk (or the fix duplicated in trunk) in order for a 2.12.0 release
> to benefit my organization.

I'll take a look at the original fix. Assuming it applies to XML Schema 
1.0, it should have been committed at the same time to the trunk.
 
> [1] https://issues.apache.org/jira/browse/XERCESJ/fixforversion/12336542
> [2] 
> https://issues.apache.org/jira/issues/?jql=project%20%3D%20XERCESJ%
> 20AND%20status%20in%20%28Resolved%2C%20Closed%29%20AND%20fixVersion%
> 20%3D%20EMPTY
> 
> -
> To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org
> For additional commands, e-mail: j-users-h...@xerces.apache.org

Michael Glavassevich
XML Technologies and WAS Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com
E-mail: mrgla...@apache.org



-
To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org
For additional commands, e-mail: j-users-h...@xerces.apache.org

Re: Interaction between redefine+include breaks augmenting a base schema's element with new attributes

2016-06-13 Thread Michael Glavassevich 
Regarding a new Xerces release, I think we'd certainly like to see one 
happen, but it needs volunteers to help drive it.

Thanks.

Michael Glavassevich
XML Technologies and WAS Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com
E-mail: mrgla...@apache.org

David Costanzo <david_costa...@yahoo.com> wrote on 06/10/2016 04:07:52 PM:

> > Thanks Mukul, I'll open a JIRA ticket as you suggest.
> 
> As I went to open the ticket in JIRA, I found that Mukul Gandhi 
> already fixed it.
> 
> https://issues.apache.org/jira/browse/XERCESJ-1591
> 
> Thank you, Mukul!
> 
> The fix was made in the xml-schema-1.1-dev branch that has not been 
> merged into trunk, which is why I could still reproduce the problem 
> on the latest code and in the latest release.  In looking at the 
> release velocity, I see that the fix was made four years ago, Oct 
> 2012 (just hours after it was reported!), the last Xerces release 
> was made in Nov 2010, and the version which a recent HotSpot JVM (1.
> 8.0_71) uses is Xerces 2.7.1, released in July 2005.
> 
> So if I want the fix for my program, is my best bet to use a private
> build from a development branch?  Are there any plans for another 
> Xerces release?
> 
> By the way, once a minimal repro scenario is constructed, this looks
> like an esoteric problem on the fringes of the XML standards, but 
> this bug does have a practical, real-world impact.  In the world of 
> clinical research which includes testing new medicines, there's a 
> standards body called CDISC.  CDISC defines an XML standard for 
> interchange of clinical data called ODM and states that a computing 
> system that processes ODM can only claim conformance if it obeys 
> several rules, one of which is "ODM files must validate against the 
> ODM schema for the ODM version indicated in the ODM root element". 
> My project manager has interpreted this as a requirement to validate
> all ODM documents.
> 
> The ODM standard allows for "vendor extensions" and requires that 
> they be implemented in a separate namespace.  The extensions are 
> added by redefining special "extension groups" which the ODM base 
> standard defines for exactly this purpose.
> 
> So to qualify as a "conforming system", my code must validate 
> documents according to a schema that a vendor provides me.  The ODM 
> base standard has a top-level .XSD file that uses an xs:include and 
> the vendor extensions are expected to use a xs:redefine of that. 
> Because of this bug, Xerces 2.11.0 cannot validate ODM against a 
> vendor's extension.  I can make some simple changes to the vendor 
> schema so that Xerces can validate with it, but then that casts 
> doubt on whether it's really validating with the vendor extensions.
> 
> -
> To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org
> For additional commands, e-mail: j-users-h...@xerces.apache.org



-
To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org
For additional commands, e-mail: j-users-h...@xerces.apache.org

Re: Interaction between redefine+include breaks augmenting a base schema's element with new attributes

2016-06-10 Thread Michael Glavassevich 
Would also need to review what the standard actually says to determine 
whether there's a bug. Xerces generally tries its best to strictly follow 
the rules from the XML Schema specification and sometimes those rules 
(e.g. type restriction) defy what many users would expect.

Michael Glavassevich
XML Technologies and WAS Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com
E-mail: mrgla...@apache.org

Mukul Gandhi <muk...@apache.org> wrote on 06/09/2016 11:59:31 PM:
 
> Hi David,
> Thanks for writing about this issue. I am sure, that Xerces 
> developers are always keen to know from users if there is a genuine 
> bug in Xerces's implementation and they would like to fix the bugs.
> 
> Your problem description looks like a fairly advanced use case of 
> XML Schema (XSD), and it seems difficult to know the actual problem 
> in Xerces's implementation that is causing this (likely) bug, 
> without having an easier presentation of the bug report that is 
> usually expected to write fixes.
> 
> I would suggest, to open a bug report in Xerce's JIRA with following
> qualifications
> 
> Issue Type : Bug
> Priority : Minor or Trivial
> 
> Please also attach XML and XSD files that illustrate the bug, and 
> the actual and expected outputs according to you. If you're keen in 
> helping us further, and are able to follow Xerce's source code, you 
> can try fixing the code and also attach a patch.
> 
> But the least I think we would require are all the steps mentioned 
> here, without a patch.
> 
> On 9 June 2016 at 19:04, David Costanzo 
<david_costa...@yahoo.com.invalid
> > wrote:
> There seems to be an interaction between xs:redefine referring to a 
> schema which then does an xs:include that prevents Xerces from 
> recognizing that an attributeGroup defined in the xs:include'd 
> schema has been extended to include new attributes from a second 
> namespace.  I think this is a bug in xerces2, but I'm not an XML 
> expert, so I have some doubt.  Per the instructions on http://
> xerces.apache.org/xerces2-j/jira.html, I am emailing this list for 
> clarification.
> 
> The basic setup:
> base.xsd  - Defines an element named "element" with an 
attributeGroup
> base-wrapper.xsd  - Merely does an "xs:include" of base.xsd
> second-ns.xsd - Defines an attribute named "happy" in a distinct
> namespace from one in base.xsd
> 
> augmented.xsd - Does "xs:redefine" of base-wrapper.xsd to add 
> the attribute from second-ns.xsd to the attributeGroup in 
> base.xsd.document.xml  - Uses an element from base.xsd with the 
> attribute from second-ns.xsd.
> 
> 
> My expectation is that document.xml is valid with respect to 
> augmented.xsd.  However, Xerces2 reports a validation error.
> 
> # java jaxp.SourceValidator -a augmented.xsd -i document.xml
> [Error] document.xml:7:3: cvc-complex-type.3.2.2: Attribute 
> 'second:happy' is not allowed to appear in element 'element'.
> 
> 
> If, instead of redefining base-wrapper.xsd, which does nothing but 
> xs:include base.xsd, augmented.xsd redefine's base.xsd directly, 
> then Xerces reports document.xml as valid.
> 
> I have confirmed that "xmllint" (version 20706) reports document.xml
> as valid.  My JVM uses Xerces-J 2.7.1, but I have also reproduced 
> this on xerces-2.11.0 and on trunk using "java jaxp.SourceValidator".
> 
> Is this a bug that I should open in JIRA?  Or am I misunderstanding 
> something about XML?
> 
> -
> To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org
> For additional commands, e-mail: j-users-h...@xerces.apache.org
> 
> -- 
> Regards,
> Mukul Gandhi


-
To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org
For additional commands, e-mail: j-users-h...@xerces.apache.org

Re: org.apache.xerces.impl.xs.XMLSchemaValidator$ValueStoreBase.contains() takes way too much time

2016-04-26 Thread Michael Glavassevich 
Hi,

This is a known issue [1]. Was going to resolve this by adding some kind 
of hash table. As preparation for that, I recall adding equals() and 
hashCode() methods to several of the value classes, but I don't think we 
covered all of them.

Thanks.

[1] https://issues.apache.org/jira/browse/XERCESJ-1276

Michael Glavassevich
XML Technologies and WAS Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com
E-mail: mrgla...@apache.org

"Seibert, Olaf" <olaf.seib...@mpi.nl> wrote on 04/26/2016 11:23:26 AM:

> Hi,
> 
> I¹m including some screenshots from jvisualvm showing the time spent in
> parsing a rather large (19 MB) xml file in our program.
> (See https://tla.mpi.nl/tools/tla-tools/elan/)
> 
> We use a Xerces SAX parser, and the overwhelming majority of the parsing
> time, around 140 seconds (the total time is somewhere around 145-150
> seconds) is spent in the above mentioned function
> org.apache.xerces.impl.xs.XMLSchemaValidator$ValueStoreBase.contains().
> 
> Suggested in the second screenshot is that the ValueStoreBase uses a
> Vector to check uniqueness of id values. Given that this will cause
> quadratic time behaviour, it is no wonder that so much time is wasted!
> 
> Is there a way to replace this with a more time-efficient 
implementation,
> short of disabling validation completely? I tried doing the latter, and
> then the entire file is parsed and processed in just a few seconds.
> 
> (can you Cc any copies to me please, since I did not subscribe to this
> list; the instructions at http://xerces.apache.org/xerces2-j/jira.html
> don¹t say that this is required)
> 
> Thanks,
> -Olaf.
> 
> -
> To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org
> For additional commands, e-mail: j-users-h...@xerces.apache.org


-
To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org
For additional commands, e-mail: j-users-h...@xerces.apache.org

Re: Xerces2.4-source code

2016-02-26 Thread Michael Glavassevich 
Hi,

The source for old Xerces 2.x releases (including 2.4.0) is available here 
[1].

Thanks.

[1] http://archive.apache.org/dist/xml/xerces-j/old_xerces2/

Michael Glavassevich
XML Technologies and WAS Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com
E-mail: mrgla...@apache.org

Pyakurel Uddab <upyaku...@plan-sys.com> wrote on 02/26/2016 11:51:01 AM:

> From: Pyakurel Uddab <upyaku...@plan-sys.com>
> To: "j-...@xerces.apache.org" <j-...@xerces.apache.org>, 
> Date: 02/26/2016 01:27 PM
> Subject: Xerces2.4-source code
> 
> Dear Sir/Madam,
> In our application we have used Xerces2.4. jar. Is it possible to 
> get the source code of Xerces2.4 to download? I have found the 
> source code for the  latest version Xerces2.11.0 but not the Xerces2.4.
> Your help will be greatly appreciated.
> 
> Thank you,
> Uddab Pyakurel
> 
> -
> To unsubscribe, e-mail: j-dev-unsubscr...@xerces.apache.org
> For additional commands, e-mail: j-dev-h...@xerces.apache.org


-
To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org
For additional commands, e-mail: j-users-h...@xerces.apache.org

Re: Xerces and security vulnerabilities

2015-11-05 Thread Michael Glavassevich 
Peter Major <peter.ma...@forgerock.com> wrote on 11/05/2015 02:24:58 AM:

> How about these then?
> https://bugzilla.redhat.com/show_bug.cgi?id=1273638

Xerces doesn't support that property.

> https://bugzilla.redhat.com/show_bug.cgi?id=1273645

Xerces doesn't have a StAX XML parser.

> https://bugzilla.redhat.com/show_bug.cgi?id=1273637

The portion of the hashing collision issue that applies to Xerces is fixed 
on the trunk (in other words, after Xerces 2.11.0). See: 
http://svn.apache.org/viewvc?view=revision=1357381.

The rest of the hashing issue is in the Java platform itself. See 
http://openjdk.java.net/jeps/180.

> 2015. 11. 04. 16:38 keltezéssel, Michael Glavassevich írta:
> > As they did not disclose any details in these reports, only Oracle 
would
> > know.
> >
> > Thanks.
> >
> > Michael Glavassevich
> > XML Technologies and WAS Development
> > IBM Toronto Lab
> > E-mail: mrgla...@ca.ibm.com
> > E-mail: mrgla...@apache.org
> >
> > Peter Major <peter.ma...@forgerock.com> wrote on 11/04/2015 03:36:26 
AM:
> >
> >> Hi,
> >>
> >> it appears that Oracle has fixed some XML parsing related security
> >> vulnerabilities:
> >> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4803
> >> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4893
> >> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4911
> >>
> >> Is it possible that these also affect Xerces 2.11.0?
> >>
> >> Regards,
> >> Peter
> 
> -----
> To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org
> For additional commands, e-mail: j-users-h...@xerces.apache.org

Michael Glavassevich
XML Technologies and WAS Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com
E-mail: mrgla...@apache.org



-
To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org
For additional commands, e-mail: j-users-h...@xerces.apache.org

Re: Xerces and security vulnerabilities

2015-11-05 Thread Michael Glavassevich 
Yes, but need help from volunteers with more time to prepare a Xerces 
release.

And should probably also have an xml-commons release (to include in 
Xerces) that contains this:
http://svn.apache.org/viewvc?view=revision=1357443

Similar hash collision fix as the ones implemented in Xerces.

Thanks.

Michael Glavassevich
XML Technologies and WAS Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com
E-mail: mrgla...@apache.org

Gary Gregory <ggreg...@rocketsoftware.com> wrote on 11/05/2015 12:43:23 
PM:

> Any thoughts on pushing out a release to pick up the one fix? (And 
> whatever else is in trunk since 2.11)
> Gary
> 
> 

> On Thu, Nov 5, 2015 at 9:14 AM -0800, "Michael Glavassevich" <
> mrgla...@ca.ibm.com> wrote:

> Peter Major <peter.ma...@forgerock.com> wrote on 11/05/2015 02:24:58 AM:
> 
> > How about these then?
> > https://bugzilla.redhat.com/show_bug.cgi?id=1273638
> 
> Xerces doesn't support that property.
> 
> > https://bugzilla.redhat.com/show_bug.cgi?id=1273645
> 
> Xerces doesn't have a StAX XML parser.
> 
> > https://bugzilla.redhat.com/show_bug.cgi?id=1273637
> 
> The portion of the hashing collision issue that applies to Xerces is 
fixed 
> on the trunk (in other words, after Xerces 2.11.0). See: 
> http://svn.apache.org/viewvc?view=revision=1357381.
> 
> The rest of the hashing issue is in the Java platform itself. See 
> http://openjdk.java.net/jeps/180.
> 
> > 2015. 11. 04. 16:38 keltezéssel, Michael Glavassevich írta:
> > > As they did not disclose any details in these reports, only Oracle 
> would
> > > know.
> > >
> > > Thanks.
> > >
> > > Michael Glavassevich
> > > XML Technologies and WAS Development
> > > IBM Toronto Lab
> > > E-mail: mrgla...@ca.ibm.com
> > > E-mail: mrgla...@apache.org
> > >
> > > Peter Major <peter.ma...@forgerock.com> wrote on 11/04/2015 03:36:26 

> AM:
> > >
> > >> Hi,
> > >>
> > >> it appears that Oracle has fixed some XML parsing related security
> > >> vulnerabilities:
> > >> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4803
> > >> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4893
> > >> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4911
> > >>
> > >> Is it possible that these also affect Xerces 2.11.0?
> > >>
> > >> Regards,
> > >> Peter
> > 
> > -
> > To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org
> > For additional commands, e-mail: j-users-h...@xerces.apache.org
> 
> Michael Glavassevich
> XML Technologies and WAS Development
> IBM Toronto Lab
> E-mail: mrgla...@ca.ibm.com
> E-mail: mrgla...@apache.org
> 
> 
> 
> -
> To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org
> For additional commands, e-mail: j-users-h...@xerces.apache.org

> 
> Rocket Software, Inc. and subsidiaries ■ 77 Fourth Avenue, Waltham 
> MA 02451 ■ +1 800.966.3270 ■ +1 781.577.4321
> Unsubscribe From Commercial Email �C unsubscr...@rocketsoftware.com
> Manage Your Subscription Preferences - http://
> info.rocketsoftware.com/
> GlobalSubscriptionManagementEmailFooter_SubscriptionCenter.html
> Privacy Policy - 
http://www.rocketsoftware.com/company/legal/privacy-policy
>  
> 
> This communication and any attachments may contain confidential 
> information of Rocket Software, Inc. All unauthorized use, 
> disclosure or distribution is prohibited. If you are not the 
> intended recipient, please notify Rocket Software immediately and 
> destroy all copies of this communication. Thank you.

Re: Xerces and security vulnerabilities

2015-11-05 Thread Michael Glavassevich 
Updating JIRA (e.g. marking issues resolved in 2.12?), writing the release 
notes and website updates for starters... Just never find the time to 
start pushing those forward.

Michael Glavassevich
XML Technologies and WAS Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com
E-mail: mrgla...@apache.org

Gary Gregory <garydgreg...@gmail.com> wrote on 11/05/2015 03:43:33 PM:
 
> What kind of help do you need?
> Gary
> On Nov 5, 2015 12:20 PM, "Michael Glavassevich" <mrgla...@ca.ibm.com> 
wrote:
> Yes, but need help from volunteers with more time to prepare a Xerces
> release.
> 
> And should probably also have an xml-commons release (to include in
> Xerces) that contains this:
> http://svn.apache.org/viewvc?view=revision=1357443
> 
> Similar hash collision fix as the ones implemented in Xerces.
> 
> Thanks.
> 
> Michael Glavassevich
> XML Technologies and WAS Development
> IBM Toronto Lab
> E-mail: mrgla...@ca.ibm.com
> E-mail: mrgla...@apache.org
> 
> Gary Gregory <ggreg...@rocketsoftware.com> wrote on 11/05/2015 12:43:23
> PM:
> 
> > Any thoughts on pushing out a release to pick up the one fix? (And
> > whatever else is in trunk since 2.11)
> > Gary
> >
> >
> 
> > On Thu, Nov 5, 2015 at 9:14 AM -0800, "Michael Glavassevich" <
> > mrgla...@ca.ibm.com> wrote:
> 
> > Peter Major <peter.ma...@forgerock.com> wrote on 11/05/2015 02:24:58 
AM:
> >
> > > How about these then?
> > > https://bugzilla.redhat.com/show_bug.cgi?id=1273638
> >
> > Xerces doesn't support that property.
> >
> > > https://bugzilla.redhat.com/show_bug.cgi?id=1273645
> >
> > Xerces doesn't have a StAX XML parser.
> >
> > > https://bugzilla.redhat.com/show_bug.cgi?id=1273637
> >
> > The portion of the hashing collision issue that applies to Xerces is
> fixed
> > on the trunk (in other words, after Xerces 2.11.0). See:
> > http://svn.apache.org/viewvc?view=revision=1357381.
> >
> > The rest of the hashing issue is in the Java platform itself. See
> > http://openjdk.java.net/jeps/180.
> >
> > > 2015. 11. 04. 16:38 keltezéssel, Michael Glavassevich írta:
> > > > As they did not disclose any details in these reports, only Oracle
> > would
> > > > know.
> > > >
> > > > Thanks.
> > > >
> > > > Michael Glavassevich
> > > > XML Technologies and WAS Development
> > > > IBM Toronto Lab
> > > > E-mail: mrgla...@ca.ibm.com
> > > > E-mail: mrgla...@apache.org
> > > >
> > > > Peter Major <peter.ma...@forgerock.com> wrote on 11/04/2015 
03:36:26
> 
> > AM:
> > > >
> > > >> Hi,
> > > >>
> > > >> it appears that Oracle has fixed some XML parsing related 
security
> > > >> vulnerabilities:
> > > >> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4803
> > > >> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4893
> > > >> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4911
> > > >>
> > > >> Is it possible that these also affect Xerces 2.11.0?
> > > >>
> > > >> Regards,
> > > >> Peter
> > >
> > > 
-
> > > To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org
> > > For additional commands, e-mail: j-users-h...@xerces.apache.org
> >
> > Michael Glavassevich
> > XML Technologies and WAS Development
> > IBM Toronto Lab
> > E-mail: mrgla...@ca.ibm.com
> > E-mail: mrgla...@apache.org
> >
> >
> >
> > -
> > To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org
> > For additional commands, e-mail: j-users-h...@xerces.apache.org
> 
> > 
> > Rocket Software, Inc. and subsidiaries ■ 77 Fourth Avenue, Waltham
> > MA 02451 ■ +1 800.966.3270 ■ +1 781.577.4321
> > Unsubscribe From Commercial Email �C unsubscr...@rocketsoftware.com
> > Manage Your Subscription Preferences - http://
> > info.rocketsoftware.com/
> > GlobalSubscriptionManagementEmailFooter_SubscriptionCenter.html
> > Privacy Policy -
> http://www.rocketsoftware.com/company/legal/privacy-policy
> > 
> >
> > This communication and any attachments may contain confidential
> > information of Rocket Software, Inc. All unauthorized use,
> > disclosure or distribution is prohibited. If you are not the
> > intended recipient, please notify Rocket Software immediately and
> > destroy all copies of this communication. Thank you.

Re: Xerces and security vulnerabilities

2015-11-04 Thread Michael Glavassevich 
As they did not disclose any details in these reports, only Oracle would 
know.

Thanks.

Michael Glavassevich
XML Technologies and WAS Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com
E-mail: mrgla...@apache.org

Peter Major <peter.ma...@forgerock.com> wrote on 11/04/2015 03:36:26 AM:

> Hi,
> 
> it appears that Oracle has fixed some XML parsing related security 
> vulnerabilities:
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4803
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4893
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4911
> 
> Is it possible that these also affect Xerces 2.11.0?
> 
> Regards,
> Peter
> 
> -
> To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org
> For additional commands, e-mail: j-users-h...@xerces.apache.org



-
To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org
For additional commands, e-mail: j-users-h...@xerces.apache.org

Re: xercesImpl-xsd11-2.12-beta-r1667115 compatible with IBM WAS 8.0.0.9

2015-11-03 Thread Michael Glavassevich 
Hello,

I'm not sure where you got that jar from but it was probably built with 
Java 7+ and isn't compatible with earlier versions of Java.

If you want to use the XML Schema 1.1 support with Java 6, I'd suggest 
that you use an official Xerces-J release (2.11) or build a jar from the 
latest XML Schema 1.1 branch in SVN.

Thanks.

Michael Glavassevich
XML Technologies and WAS Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com
E-mail: mrgla...@apache.org

Viswanath <viswa...@gmail.com> wrote on 11/03/2015 02:00:52 PM:

> Hello,
> I've used xercesImpl-xsd11-2.12-beta-r1667115.jar and wrote a standalone
> parser for XSD1.1,which was working fine with JRE7. my intension is to 
parse
> xsd1.1 and get all restrictions and assert values for each simple and
> complex type elements.
> 
> when i tried to integrate with IBM WAS 8.0.0.9 which have java6, i.e
> xercesImpl-xsd11-2.12-beta-r1667115.jar been added as external library 
in my
> application. 
> when trying to start the application in WAS throws the following error.
> Exception in thread "main" java.lang.UnsupportedClassVersionError:
> JVMCFRE003 bad major version;
> class=org/apache/xerces/jaxp/validation/XMLSchema11Factory, offset=6
>at java.lang.ClassLoader.defineClassImpl(Native Method)
>at java.lang.ClassLoader.defineClass(ClassLoader.java:275)
>at 
java.security.SecureClassLoader.defineClass(SecureClassLoader.java:74)
>at java.net.URLClassLoader.defineClass(URLClassLoader.java:540)
>at java.net.URLClassLoader.defineClass(URLClassLoader.java:451)
>at java.net.URLClassLoader.access$300(URLClassLoader.java:79)
>at java.net.URLClassLoader$ClassFinder.run(URLClassLoader.java:1038)
>at 
java.security.AccessController.doPrivileged(AccessController.java:362)
>at java.net.URLClassLoader.findClass(URLClassLoader.java:429)
>at java.lang.ClassLoader.loadClassHelper(ClassLoader.java:703)
>at java.lang.ClassLoader.loadClass(ClassLoader.java:682)
>at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:358)
>at java.lang.ClassLoader.loadClass(ClassLoader.java:665)
>at javax.xml.validation.SchemaFactoryFinder.newInstance(Unknown 
Source)
>at 
javax.xml.validation.SchemaFactoryFinder.findJarServiceProvider(Unknown
> Source)
>at javax.xml.validation.SchemaFactoryFinder.find(Unknown Source)
>at javax.xml.validation.SchemaFactory.newInstance(Unknown Source)
>at JaxpParserXSD.loadSchema(JaxpParserXSD.java:469)
>at JaxpParserXSD.getXSDElements(JaxpParserXSD.java:227)
>at JaxpParserXSD.main(JaxpParserXSD.java:60)
> 
> Following options been tried, which doesnt help resolving the issue
> 1. included these four jar under
> C:\opt\IBM\WebSphere\AppServer\java\jre\lib\endorsed\
> org.eclipse.wst.xml.xpath2.processor-2.1.100.jar;xercesImpl-xsd11-2.
> 12-betar1667115.jar;
> xml-apis-1.4.01.jar;xml-resolver-1.2.jar and tried to set java 
-Xbootpath
> 2.Tried Parent_LAST options in WAS ie. in server, applicaiton and 
module.
> 3. Tried setting the system property like below.
> System.setProperty("javax.xml.validation.SchemaFactory:http://
> www.w3.org/XML/XMLSchema/v1.1",
> "org.apache.xerces.jaxp.validation.XMLSchema11Factory");
> 
> Parser.java
> 
> String language = "http://www.w3.org/XML/XMLSchema/v1.0;;
> SchemaFactory factory = SchemaFactory.newInstance(language);
> schema = factory.newSchema("XSD File");
> 
> Any help/suggestions would help me to solve this issue.
> 
> Thanks
> Viswanth
> 
> 
> 
> --
> 
> -
> To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org
> For additional commands, e-mail: j-users-h...@xerces.apache.org



-
To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org
For additional commands, e-mail: j-users-h...@xerces.apache.org

Re: Cannot create a Schema object for an XSD file with the targetNamespace attribute set on an element

2015-08-07 Thread Michael Glavassevich 
There was an enhancement in XML Schema 1.1 which allows targetNamespace on 
xs:element but I recall that it only applies to (and is only allowed on) 
local element declarations [1].

[1] http://www.w3.org/TR/xmlschema11-1/#dcl.elt.local

Michael Glavassevich
XML Technologies and WAS Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com
E-mail: mrgla...@apache.org

jeff.gr...@gmail.com wrote on 08/06/2015 06:09:23 PM:

 I am mainly familiar with XML Schema 1.0, so it's possible my 
 assertions below have been supplanted in 1.1.
 
 The purpose of a schema is to declare the contents of a single 
 namespace, the target namespace, which is declared on the 'schema' 
element.
 
 Constructs of another namespace cannot be declared in this schema; 
 they can only be referenced, using qualified names.  
 
 So  element name=xyz ... declares an element in the target 
namespace.
 element ref=other:abc ... refers to a global element in the 
 namespace declared to correspond to the prefix other.
 
 Jeff
 
 On Thu, Aug 6, 2015 at 2:59 PM, Julian Cromarty 
julian.croma...@gmail.com
  wrote:
 Hi,
 
 Unfortunately I can't just use the targetNamespace in the schema 
 element. There are top-level elements of the global targetNamespace 
 and also top level elements from another namespace. Both of these 
 can contain elements from both namespaces, thus the need to refer to
 another namespace at the element level. It's a strange requirement, 
 I admit. That said, if element-level targetNamespaces aren't for 
 referring to namespaces other than the targetNamespace specified in 
 the schema element, what are they for?
 
 As for the top-level elements requiring a name, I spotted that 
 mistake after sending the email. It's just a typo from reducing the 
 xsd to a minimal test case. That said, it still reproduces the 
 problem even when the top-level element is correctly given a name.

 Cheers,

 Julian
 
 On Thu, Aug 6, 2015 at 7:41 PM, Bernd Eckenfels e...@zusammenkunft.net
  wrote:
 Hello,
 
 that is interesting, I see targetNamespace in the XML-Schema 1.1 spec
 for top level elements and attributes.
 
 http://www.w3.org/TR/xmlschema11-1/
 
 But it is not in the XML Schema.xsd. (only one occurence of
 'name=targetNamespace') on the schema element.
 
 http://www.w3.org/2001/XMLSchema.xsd
 
 BTW: top level elements do require a name= attribute. You have
 specified it on the simpleType I think thats not correct.
 
 In your case, can you just use the targetNamespace on the schema
 element? This is the most common usage as it cannot be mixed anyway.
 
 Gruss
 Bernd
 
 
  Am Thu, 6 Aug 2015 18:58:22 +0100
 schrieb Julian Cromarty julian.croma...@gmail.com:
 
  Hi,
 
  I'm trying to write a schema using the 1.1 schema language and I need
  to be able to set the targetNamespace attribute on some of the
  elements. When I try and create a Validator to validate XML against
  the schema however, I get an instance of XMLSchema11Factory but when I
  pass the XSD file to the factory's newSchema() method I always get the
  following exception:
 
  s4s-att-not-allowed: Attribute 'targetNamespace cannot appear in
  element 'element'.
 
  I've trimmed the XSD down to a minimal test case that reproduces the
  problem:
 
  ?xml version=1.0 encoding=UTF-8?
 
  xs:schema targetNamespace=http://www.foo.com;
  xmlns=http://www.foo.com; xmlns:other=http://www.bar.com;
  xmlns:xs=http://www.w3.org/2001/XMLSchema;
xs:element targetNamespace=http://www.bar.com;
  xs:simpleType name=ans
xs:restriction base=xs:string/
  /xs:simpleType
/xs:element
  /xs:schema
 
  And here is the code I'm using to try and create the validator
 
  System.setProperty(javax.xml.validation.SchemaFactory:http://
 www.w3.org/XML/XMLSchema/v1.1,
  org.apache.xerces.jaxp.validation.XMLSchema11Factory);
SchemaFactory factory =
SchemaFactory.newInstance(
http://www.w3.org/XML/XMLSchema/v1.1;);
Schema schema =
factory.newSchema(new
  StreamSource(ClassLoader.getSystemResourceAsStream(test.xsd)));
xmlValidator = schema.newValidator();
 
  Does anyone have any idea why this isn't working?
 
  Kind regards,
 
  Julian
 
  -
  To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org
  For additional commands, e-mail: j-users-h...@xerces.apache.org


-
To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org
For additional commands, e-mail: j-users-h...@xerces.apache.org

Re: Xerces constantly causing class loading at run time

2015-07-20 Thread Michael Glavassevich 
com/sun/org/apache/xpath/internal/* is the Oracle/Sun JAXP implementation. 
That is not an Apache release. Xerces doesn't even implement 
javax.xml.xpath.*.

That aside, the component you're using seems to be loading an XPathFactory 
over and over again which is expensive and can result lots of ClassLoader 
activity.

Thanks.

Michael Glavassevich
XML Technologies and WAS Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com
E-mail: mrgla...@apache.org

Eric Urban er...@spiceworks.com wrote on 07/17/2015 08:34:17 AM:

 Hello,
 
 I work on a Rails application that uses Nokogiri to parse HTML. We run 
 on JRuby 1.7.19, so Nokogiri takes advantage of the xerces XML parser to 

 do its parsing. I noticed that using Nokogiri (and thus Xerces) triggers 

 tons of class loading. Through some research I found setting some Java 
 system properties to sane defaults reduced the amount of class loading 
 that goes on. Here is what I set
 
 java.lang.System.setProperty('javax.xml.xpath.XPathFactory:http://
 java.sun.com/jaxp/xpath/
 dom','com.sun.org.apache.xpath.internal.jaxp.XPathFactoryImpl')
 
 java.lang.System.setProperty
 
('org.apache.xerces.xni.parser.XMLParserConfiguration','org.apache.xerces.parsers.XIncludeAwareParserConfiguration')
 
 java.lang.System.setProperty
 
('com.sun.org.apache.xml.internal.dtm.DTMManager','com.sun.org.apache.xml.internal.dtm.ref.DTMManagerDefault')
 
 
 This is actually set from Ruby code, but it interacts with the JVM just 
 like native Java code. I figured all this out from documentation on the 
 web. This reduced the amount of Jar file's that are opened dramatically 
 at runtime.
 
 Using intrace to trace JarFile activity, I still get this happening 
 constantly however:
 
 [07:16:31.004]:[36]:java.util.jar.JarFile:getJarEntry: {
 [07:16:31.004]:[36]:java.util.jar.JarFile:getJarEntry: Arg: 
 com/sun/org/apache/xpath/internal/jaxp/XPathFactoryImpl.class
 [07:16:31.004]:[36]:java.util.jar.JarFile:getEntry: {
 [07:16:31.004]:[36]:java.util.jar.JarFile:getEntry: Arg: 
 com/sun/org/apache/xpath/internal/jaxp/XPathFactoryImpl.class
 [07:16:31.004]:[36]:java.util.jar.JarFile:getEntry: Return: null
 [07:16:31.004]:[36]:java.util.jar.JarFile:getEntry: }
 [07:16:31.004]:[36]:java.util.jar.JarFile:getJarEntry: Return: null
 [07:16:31.004]:[36]:java.util.jar.JarFile:getJarEntry: }
 [07:16:31.004]:[36]:java.util.jar.JarFile:getJarEntry: {
 [07:16:31.004]:[36]:java.util.jar.JarFile:getJarEntry: Arg: 
 com/sun/org/apache/xpath/internal/jaxp/XPathFactoryImpl.class
 [07:16:31.004]:[36]:java.util.jar.JarFile:getEntry: {
 [07:16:31.004]:[36]:java.util.jar.JarFile:getEntry: Arg: 
 com/sun/org/apache/xpath/internal/jaxp/XPathFactoryImpl.class
 [07:16:31.004]:[36]:java.util.jar.JarFile$JarFileEntry:init: {
 [07:16:31.004]:[36]:java.util.jar.JarFile$JarFileEntry:init: Arg: 
 java.util.jar.JarFile@61175d12
 [07:16:31.004]:[36]:java.util.jar.JarFile$JarFileEntry:init: Arg: 
 com/sun/org/apache/xpath/internal/jaxp/XPathFactoryImpl.class
 [07:16:31.004]:[36]:java.util.jar.JarFile$JarFileEntry:init: }
 [07:16:31.004]:[36]:java.util.jar.JarFile:getEntry: Return: 
 com/sun/org/apache/xpath/internal/jaxp/XPathFactoryImpl.class
 [07:16:31.004]:[36]:java.util.jar.JarFile:getEntry: }
 [07:16:31.004]:[36]:java.util.jar.JarFile:getJarEntry: Return: 
 com/sun/org/apache/xpath/internal/jaxp/XPathFactoryImpl.class
 [07:16:31.004]:[36]:java.util.jar.JarFile:getJarEntry: }
 [07:16:31.005]:[36]:java.util.jar.JarFile:getJarEntry: {
 [07:16:31.005]:[36]:java.util.jar.JarFile:getJarEntry: Arg: 
 com/sun/org/apache/xpath/internal/jaxp/XPathFactoryImpl.class
 [07:16:31.005]:[36]:java.util.jar.JarFile:getEntry: {
 [07:16:31.005]:[36]:java.util.jar.JarFile:getEntry: Arg: 
 com/sun/org/apache/xpath/internal/jaxp/XPathFactoryImpl.class
 [07:16:31.005]:[36]:java.util.jar.JarFile:getEntry: Return: null
 [07:16:31.005]:[36]:java.util.jar.JarFile:getEntry: }
 [07:16:31.005]:[36]:java.util.jar.JarFile:getJarEntry: Return: null
 [07:16:31.005]:[36]:java.util.jar.JarFile:getJarEntry: }
 [07:16:31.005]:[36]:java.util.jar.JarFile:getJarEntry: {
 [07:16:31.005]:[36]:java.util.jar.JarFile:getJarEntry: Arg: 
 com/sun/org/apache/xpath/internal/jaxp/XPathFactoryImpl.class
 [07:16:31.005]:[36]:java.util.jar.JarFile:getEntry: {
 [07:16:31.005]:[36]:java.util.jar.JarFile:getEntry: Arg: 
 com/sun/org/apache/xpath/internal/jaxp/XPathFactoryImpl.class
 [07:16:31.005]:[36]:java.util.jar.JarFile$JarFileEntry:init: {
 [07:16:31.005]:[36]:java.util.jar.JarFile$JarFileEntry:init: Arg: 
 java.util.jar.JarFile@61175d12
 [07:16:31.005]:[36]:java.util.jar.JarFile$JarFileEntry:init: Arg: 
 com/sun/org/apache/xpath/internal/jaxp/XPathFactoryImpl.class
 [07:16:31.005]:[36]:java.util.jar.JarFile$JarFileEntry:init: }
 [07:16:31.005]:[36]:java.util.jar.JarFile:getEntry: Return: 
 com/sun/org/apache/xpath/internal/jaxp/XPathFactoryImpl.class
 [07:16:31.005]:[36]:java.util.jar.JarFile:getEntry: }
 [07:16:31.005]:[36]:java.util.jar.JarFile:getJarEntry: Return

Re: Entity expansion limits

2015-04-15 Thread Michael Glavassevich 
Hi Peter,

I think the SecureProcessingConfiguration [1] (not released yet) is 
probably what you're looking for. With this XMLParserConfiguration you can 
configure the limits using system properties and then override them 
programmatically if some of your applications need a different 
configuration than the global settings.

DocumentBuilderFactory.setExpandEntityReferences() does not do what you 
assumed. It only affects DOM construction, controlling whether 
EntityReference [2] nodes are included in the DOM tree or not. So the 
sub-tree underneath that entity reference has an EntityReference as its 
parent or has the ancestor of the EntityReference (if entity references 
are expanded) as its parent. It just flattens the structure of the DOM 
tree a bit but that doesn't affect entity expansion done by the parser.

Thanks.

[1] 
http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/xerces/parsers/SecureProcessingConfiguration.java
[2] 
http://xerces.apache.org/xerces2-j/javadocs/api/org/w3c/dom/EntityReference.html

Michael Glavassevich
XML Technologies and WAS Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com
E-mail: mrgla...@apache.org

Peter Major peter.ma...@forgerock.com wrote on 04/01/2015 10:29:03 AM:

 Hi,
 
 are there any plans to make the entity expansion limit setting a bit 
 more friendlier? Currently the default limits in Xerces are a bit too 
 permissive (100k entity expansion limit vs JDK's 64k), and they are also 

 a bit difficult to enforce:
 SecurityManager securityManager = new SecurityManager();
 securityManager.setEntityExpansionLimit(5000);
 dbf.setAttribute(http://apache.org/xml/properties/security-manager;, 
 securityManager);
 sp.setProperty(http://apache.org/xml/properties/security-manager;, 
 securityManager);
 
 Which means that my utility library for XML parsing needs to explicitly 
 depend on XercesImpl, or I need to trick around with reflection.
 I think the most unfortunate is that SecurityManager does not appear to 
 be part of the JAXP API, and hence I'm not able to use Xerces' 
 SecurityManager with JDK or the other way around. Would it be possible 
 to implement the limits as attributes/properties/or even JVM properties 
 as well (I suppose for a while that could still result in failures until 

 both parsers support the same set of attributes/properties/features)?
 
 On a different note, I think I probably misunderstood the purpose of 
 setExpandEntityRefs(false) method on DocumentBuilderFactories. Whilst 
 testing against the billion laughs attack, it looked like that 
 setExpandEntityRefs didn't have any affect, and the entities were 
 expanded in my XML document since I saw the error message about hitting 
 the 100k entity expansion limit. Is this expected behavior?
 Also I couldn't really find a similar option for SAX parsers, am I meant 

 to use a lexical-handler there to prevent entity expansion?
 
 Thanks in advance,
 Peter
 
 -
 To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org
 For additional commands, e-mail: j-users-h...@xerces.apache.org


-
To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org
For additional commands, e-mail: j-users-h...@xerces.apache.org

Re: StAX Events - registered by default?

2015-03-04 Thread Michael Glavassevich 
Hi,

Bernd Eckenfels e...@zusammenkunft.net wrote on 03/03/2015 10:27:55 PM:

 Hello,
 
 I noticed that since 2.10 Xerces-J will ship and register
 implementations for StAX Event classes. I can see that this is a first
 step to provide a full StAX Parser/Serializer. But until then I wonder
 what can be done with those events?

The same things you can do with any other object/abstract representations 
of XML.

 It currently creates the situation that the default
 XMLInput/OutputFactories are configured to use the Oracle defaults and
 the Event Factory uses the Xerces brand. Is this really the best idea
 to register one without the other?

I don't see your point. Each factory is independent of the others. You 
could have a hybrid environment where every JAXP factory is provided by a 
different vendor/implementation. Certainly many applications use Xerces 
without Xalan today so it's already the case that they're getting parts of 
JAXP from one place (Apache) and others from somewhere else (e.g. whatever 
is in their JDK, or from other XML libraries like Woodstox).
 
  %JAVA_1_8_HOME%\bin\java -cp target\java-xml-test-0.0.1-
 SNAPSHOT.jar;.m2\repository\xerces\xercesImpl\2.11.0\xercesImpl-2.
 11.0.jar net.eckenfels.test.xml.XMLInfoMain
 
 XMLInputFactory   = com.sun.xml.internal.stream.XMLInputFactoryImpl
Java Runtime Environment/1.8.0_31 @ 1.8.0_31
 javax.xml.stream.allocator   = null
 javax.xml.stream.isCoalescing= false
 javax.xml.stream.isNamespaceAware= true
 javax.xml.stream.isReplacingEntityReferences = true
 javax.xml.stream.isSupportingExternalEntities = true
 javax.xml.stream.isValidating= false
 javax.xml.stream.reporter= null
 javax.xml.stream.resolver= null
 javax.xml.stream.supportDTD  = true
 
 XMLEventFactory = org.apache.xerces.stax.XMLEventFactoryImpl
 null/null @ null
 
 SAXParserFactory  = org.apache.xerces.jaxp.SAXParserFactoryImpl
 null/null @ null
 isNamespaceAware = false
 isValidating = false
 isXIncludeAware  = false
 http://javax.xml.XMLConstants/feature/secure-processing = false
 
 DocumentBuilderF  = org.apache.xerces.jaxp.DocumentBuilderFactoryImpl
 null/null @ null
 
 Xerces: Xerces-J 2.11.0 org.apache.xerces.impl.Version
  null/null @ null
 
 -
 To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org
 For additional commands, e-mail: j-users-h...@xerces.apache.org

Michael Glavassevich
XML Technologies and WAS Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com
E-mail: mrgla...@apache.org


-
To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org
For additional commands, e-mail: j-users-h...@xerces.apache.org

Re: Hello and XXE

2015-03-04 Thread Michael Glavassevich 
Cantor, Scott canto...@osu.edu wrote on 03/04/2015 12:15:02 PM:
 
 On 3/4/15, 4:56 PM, Michael Glavassevich mrgla...@ca.ibm.com wrote:

 
 There has been some work done on the trunk [1] to make it easier for 
 users 
 to protect themselves but it isn't likely to change any defaults. Users 

 need to configure XML parsers appropriately for their scenario and 
there 
 are plenty of ways they can do that if they're concerned about XXE.
 
 Maybe we were mistaken, but my team's analysis of CVE-2013-4002 that 
 addressed an issue in the JDK, and the fix here that was applied to 
trunk 
 but never released, suggested to me that there's no way to configure any 

 released version of Xerces safely unless the input document size is 
 limited.
 
 This isn't an XXE issue per se, but it seemed relevant to ask since this 

 response seems to reinforce the position that no release can be 
expected.

The defect you're referring to had nothing to do with DTDs or entities.
 
 -- Scott
 
 
 -
 To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org
 For additional commands, e-mail: j-users-h...@xerces.apache.org

Michael Glavassevich
XML Technologies and WAS Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com
E-mail: mrgla...@apache.org


-
To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org
For additional commands, e-mail: j-users-h...@xerces.apache.org

Re: Hello and XXE

2015-03-04 Thread Michael Glavassevich 
Cantor, Scott canto...@osu.edu wrote on 03/04/2015 12:16:03 PM:

 From: Cantor, Scott canto...@osu.edu
 To: j-users@xerces.apache.org j-users@xerces.apache.org, 
 Date: 03/04/2015 12:18 PM
 Subject: Re: Hello and XXE
 
 On 3/4/15, 5:08 PM, Jim Manico j...@manico.net wrote:
 
 
 
 With respect, XXE is a massive vulnerability that is turned off by 
 default in Java 8 as well as IBM parsers. Is there any proof or risk 
 model I could provide to convince Xerces to turn this off by default?
 
 +1
 
 And it's not the only unfixed vulnerability in play (per the note I just 

 sent).

-1. XXE is not a vulnerability in the parser. It may be a vulnerability 
for an application/product, but that is the developer's responsibility to 
apply proper configuration to protect themselves in the right context.

 -- Scott

Michael Glavassevich
XML Technologies and WAS Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com
E-mail: mrgla...@apache.org



-
To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org
For additional commands, e-mail: j-users-h...@xerces.apache.org

Re: Hello and XXE

2015-03-04 Thread Michael Glavassevich 
Cantor, Scott canto...@osu.edu wrote on 03/04/2015 01:16:30 PM:

 From: Cantor, Scott canto...@osu.edu
 To: j-users@xerces.apache.org j-users@xerces.apache.org, 
 Date: 03/04/2015 01:19 PM
 Subject: Re: Hello and XXE
 
 On 3/4/15, 6:10 PM, Michael Glavassevich mrgla...@ca.ibm.com wrote:
 
 
 
 The defect you're referring to had nothing to do with DTDs or entities.
 
 Which I acknowledged. You still have an unreleased security fix that is 
 *not* a function of applications configuring the parser correctly.

And I was pointing out that it's irrelevant to Jim's concern.

If you're interested in seeing a release which rolls up this and other 
fixes from the trunk, that's another discussion. The long period of time 
between Xerces releases boils down to a lack of time from developers and 
low interest from the community to motivate a new release.

 -- Scott

Michael Glavassevich
XML Technologies and WAS Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com
E-mail: mrgla...@apache.org


-
To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org
For additional commands, e-mail: j-users-h...@xerces.apache.org

Re: Safe usage of SchemaDVFactory ?

2015-02-13 Thread Michael Glavassevich 
Hi Stian,

The 'internal' notice is meant to warn users that the class/interface is 
part of the implementation and that they are taking a risk if they use it. 
We've changed other 'stable' looking implementation classes in the past to 
support new function, for performance reasons, to address security issues, 
etc... and need flexibility in order to do so. So while 
org.apache.xerces.impl.dv.SchemaDVFactory and its friends have generally 
been stable we're not guaranteeing that they always will be.

To answer your other question, no there isn't an API in Xerces for 
datatype validation outside of the standard XML schema validation.

Thanks.

Michael Glavassevich
XML Technologies and WAS Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com
E-mail: mrgla...@apache.org

Stian Soiland-Reyes st...@apache.org wrote on 02/12/2015 06:08:08 PM:

 Hi,
 
 Apache Jena uses a feature of Xerces 2 for validating strings that
 claim to be of XSD schema types, by using the
 org.apache.xerces.impl.dv.SchemaDVFactory and friends.
 
 See for example:
 
 https://github.com/stain/jena/blob/JENA-878-explicit-impl-imports/
 
jena-core/src/main/java/com/hp/hpl/jena/datatypes/xsd/XSDDatatype.java#L286
 
 
 I believe this is very useful outside XML validation, as XSD datatypes
 are also used in non-XML formats for RDF, like Turtle and JSON-LD.
 
 
 The Xerces2-j javadocs however, warn:
 
 https://xerces.apache.org/xerces2-j/javadocs/xerces2/org/apache/
 xerces/impl/dv/SchemaDVFactory.html
 
  INTERNAL:
  Usage of this class is not supported. It may be altered or removed
 at any time.
 
 
 and of course it is under the .impl package, which made OSGi throw
 warnings (and me raising the bug
 https://issues.apache.org/jira/browse/JENA-878 )
 
 Is there a non-impl way in Xerces2-j to do this datatype validation
 without having to construct a temporary XML document and temporary
 schema?
 
 
 Should we really be worried about the org.apache.xerces.impl.dv
 package changing? It seems quite stable and good.. :)
 
 
 Would it be possible to suggest it being upgraded to non-impl (which
 ironically WOULD break existing calls :-/ ) or at least not to have
 that warning in the doc..?
 
 
 
 -- 
 Stian Soiland-Reyes
 Apache Taverna (incubating)
 http://orcid.org/-0001-9842-9718
 
 -
 To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org
 For additional commands, e-mail: j-users-h...@xerces.apache.org


-
To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org
For additional commands, e-mail: j-users-h...@xerces.apache.org

Re: Is a 2.12 in the future?

2014-10-16 Thread Michael Glavassevich 
Cantor, Scott canto...@osu.edu wrote on 10/03/2014 04:19:46 PM:
 
 My project's older branch has a dependency on Xerces for historical
 reasons, and we were made aware of an old CVE from 2013 [1] that
 apparently has been corrected in trunk as of 16 months ago [2], but 
we're
 trying to assess our options here (the most unpleasant being to fork if
 that's the only way we can get a fix out).
 
 Is there any likelihood of a 2.12 with this fix within the imminent 
future?

Long overdue to have a new release but not likely in the imminent future. 
Would be great if we had more volunteers who could dedicate time to that.

 -- Scott
 
 [1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4002
 [2] https://svn.apache.org/viewvc?view=revisionrevision=1499506
 
 
 -
 To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org
 For additional commands, e-mail: j-users-h...@xerces.apache.org

Thanks.

Michael Glavassevich
XML Technologies and WAS Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com
E-mail: mrgla...@apache.org


-
To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org
For additional commands, e-mail: j-users-h...@xerces.apache.org

Re: Problem writing UTF-8 XML with an Umlaut

2014-10-02 Thread Michael Glavassevich 
In the code snippet you've shown you're writing to a StringWriter. That is 
a character stream which collects its output into a StringBuffer so you're 
not actually writing UTF-8 byte sequences anywhere here. Perhaps there's 
some conversion code (which you've haven't shown) which takes that String 
and encodes it into the bytes of some other encoding that isn't UTF-8. 
It's an error if your document declares that it has a certain encoding 
(e.g. UTF-8) but is encoded as something else (e.g. Windows-1252).

Unless you have a good reason to be using the StringWriter I'd recommend 
using an OutputStream instead. That would give the Transformer the 
responsibility of getting the encoding right.

Thanks.

Michael Glavassevich
XML Technologies and WAS Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com
E-mail: mrgla...@apache.org

Johnson, Wayne wayne_john...@bmc.com wrote on 10/02/2014 11:26:21 AM:
 
 I have a Java program that is writing information from a database to
 an XML file.  I create a DOM document, add an element, and set the value 
with:
 
 Element id=parent.createElement(EventRuleInputDefinition);
 ...
 id.setAttribute(Value, getVal());
 
 Later, I then go to write the Document with:
 
 StringWriter sw = new StringWriter();
 ...
 TransformerFactory transformerFactory =
 TransformerFactory.newInstance();
 ...
 Transformer transformer = 
transformerFactory.newTransformer();
 transformer.setOutputProperty (OutputKeys.ENCODING, 
UTF-8);
 // Puts each stanza on a new line
 transformer.setOutputProperty(OutputKeys.INDENT, yes);
 DOMSource source = new DOMSource(node); // node is 
 the document root.
 StreamResult result = new StreamResult(sw);
 transformer.transform(source, result);
 
 The XML file is properly generated with the header:
 ?xml version=1.0 encoding=UTF-8?
 But the element is written with an actual umlaut character which 
 when read back in generates the error:
 
 [Fatal Error] :564:103: Invalid byte 1 of 1-byte UTF-8 sequence.
 org.xml.sax.SAXParseException: Invalid byte 1 of 1-byte UTF-8 sequence.
 
 We're using Xerces 2.8.1 (don't laugh, I know it's a bit old). 
 Could this be an issue in Xerces, or am I doing something wrong?
 
 Thanks.
 
 -
 To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org
 For additional commands, e-mail: j-users-h...@xerces.apache.org


-
To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org
For additional commands, e-mail: j-users-h...@xerces.apache.org

RE: EXTERNAL: Re: SAX Parser includes ignorable whitespaces in the character() method

2014-09-15 Thread Michael Glavassevich 
ignorableWhitespace() was only defined for use with DTDs. Sun's 
implementation may be doing something for XSD but there's nothing in the 
specification which requires that. Xerces is behaving correctly.

Michael Glavassevich
XML Technologies and WAS Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com
E-mail: mrgla...@apache.org

Zhu, Joe joe@lmco.com wrote on 09/15/2014 09:41:33 AM:

 Michael,
 Thanks for your reply. The XSD does not allow mixed content. 
 Attached is my test Java code, test xml and test xsd for your reference. 

 
 Also included below is the run log for Xerces parser and for a Sun 
parser. 
 When it runs with the Xerces parser, the whitespaces are reported in
 the characters() method and nothing is reported in 
ignorablewhitespaces(). 
 But when it runs with the Sun parser, the text content is reported 
 in characters() and the whitespaces are reported in 
 ignorablewhitesapces() method, as expected.
 
 Joe
 
  Log for Xerces parser 
---
 factory = org.apache.xerces.jaxp.SAXParserFactoryImpl@110c424
 parser = org.apache.xerces.jaxp.SAXParserImpl@1bd2664
 startElement howto
 characters = 
   
 startElement topic
 characters = 
   
 startElement title
 characters = Java
 endElement title
 characters = 
   
 ...
 
 -- Log for Sun parser 
-
 factory = 
com.sun.org.apache.xerces.internal.jaxp.SAXParserFactoryImpl@1e8a1f6
 parser = com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl@1e152c5
 startElement howto
 ignorableWhitespace = 
   
 startElement topic
 ignorableWhitespace = 
   
 startElement title
 characters = Java
 endElement title
 ignorableWhitespace = 
   
 ...
 
 
 -Original Message-
 From: Michael Glavassevich [mailto:mrgla...@ca.ibm.com] 
 Sent: Friday, September 12, 2014 9:54 AM
 To: j-users@xerces.apache.org
 Subject: EXTERNAL: Re: SAX Parser includes ignorable whitespaces in 
 the character() method
 
 Your XML document requires a DTD with element declarations which 
 specify that they contain element-only content. Without that a SAX 
 parser cannot determine which whitespaces are 'ignorable'.
 
 Thanks.
 
 Michael Glavassevich
 XML Technologies and WAS Development
 IBM Toronto Lab
 E-mail: mrgla...@ca.ibm.com
 E-mail: mrgla...@apache.org
 
 Zhu, Joe joe@lmco.com wrote on 09/11/2014 07:00:11 PM:
 
  I am writing an app which need to access all text content in XML. 
  According to the ContentHandler API, this could be accomplished by 
  using a validating parser and the characters() method.
  
  But with the Xerces parser, the characters() method could contain 
  ignorable whitespaces (XML formatting whitespaces). I have no way to 
  tell if the whitespace is ignorable whitespace or is part of the XML
 content.
  
  Has anybody else run into the problem? I tested with both Xerces 2.
  9.1 and Xerces 2.11. They behave the same way.
  
  Joe Zhu
 
 
 -
 To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org
 For additional commands, e-mail: j-users-h...@xerces.apache.org


-
To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org
For additional commands, e-mail: j-users-h...@xerces.apache.org

RE: EXTERNAL: Re: SAX Parser includes ignorable whitespaces in the character() method

2014-09-15 Thread Michael Glavassevich 
The specification you are quoting from is only concerned with DTDs. See 
the definition of validating XML processors here [1].

If XSD wanted something similar it would need to set the [element content 
whitespace] boolean property [2] to true on character information items, 
but there's nothing in the XSD specification which suggests that XML 
schema processors are supposed to mutate the XML Infoset in this way.

Thanks.

[1] http://www.w3.org/TR/REC-xml/#proc-types
[2] http://www.w3.org/TR/xml-infoset/#infoitem.character

Michael Glavassevich
XML Technologies and WAS Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com
E-mail: mrgla...@apache.org

Zhu, Joe joe@lmco.com wrote on 09/15/2014 11:37:13 AM:

 Hmm. Why does it distinguish between DTD and XSD? They are all 
 schema definitions!
 
 It is useful to be able to distinguish between ignorable whitespaces
 and allowable whitespaces. Xerces can't, which makes it less useful 
 . It also violates the W3C XML Recommendation, as shown below.
 
 Everywhere I read, it implies that ignorable whitespaces shall be 
 reported in ignorableWhitespace():
 
  org.sax.xml.ContentHandler API (http://
 docs.oracle.com/javase/6/docs/api/index.html?javax/xml/stream/
 package-summary.html) 
 
 ignorableWhitespace
 ---
 Validating Parsers must use this method to report each chunk of 
 whitespace in element content (see the W3C XML 1.0 recommendation, 
 section 2.10): non-validating parsers may also use this method if 
 they are capable of parsing and using content models.
 
 - W3C XML Recommendation  (http://www.w3.org/TR/
 REC-xml/#sec-white-space) 
 ---
 2.10 White Space Handling
 ...
 An XML processor MUST always pass all characters in a document that 
 are not markup through to the application. A validating XML 
 processor MUST also inform the application which of these characters
 constitute white space appearing in element content
 
---
 
 Joe 
 
 -Original Message-
 From: Michael Glavassevich [mailto:mrgla...@ca.ibm.com] 
 Sent: Monday, September 15, 2014 9:40 AM
 To: j-users@xerces.apache.org
 Subject: RE: EXTERNAL: Re: SAX Parser includes ignorable whitespaces
 in the character() method
 
 ignorableWhitespace() was only defined for use with DTDs. Sun's 
 implementation may be doing something for XSD but there's nothing in
 the specification which requires that. Xerces is behaving correctly.
 
 Michael Glavassevich
 XML Technologies and WAS Development
 IBM Toronto Lab
 E-mail: mrgla...@ca.ibm.com
 E-mail: mrgla...@apache.org
 
 Zhu, Joe joe@lmco.com wrote on 09/15/2014 09:41:33 AM:
 
  Michael,
  Thanks for your reply. The XSD does not allow mixed content. 
  Attached is my test Java code, test xml and test xsd for your 
reference. 
 
  
  Also included below is the run log for Xerces parser and for a Sun
 parser. 
  When it runs with the Xerces parser, the whitespaces are reported in 
  the characters() method and nothing is reported in
 ignorablewhitespaces(). 
  But when it runs with the Sun parser, the text content is reported in 
  characters() and the whitespaces are reported in
  ignorablewhitesapces() method, as expected.
  
  Joe
  
   Log for Xerces parser
 ---
  factory = org.apache.xerces.jaxp.SAXParserFactoryImpl@110c424
  parser = org.apache.xerces.jaxp.SAXParserImpl@1bd2664
  startElement howto
  characters = 

  startElement topic
  characters = 

  startElement title
  characters = Java
  endElement title
  characters = 

  ...
  
  -- Log for Sun parser
 -
  factory =
 com.sun.org.apache.xerces.internal.jaxp.SAXParserFactoryImpl@1e8a1f6
  parser = com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl@1e152c5
  startElement howto
  ignorableWhitespace = 

  startElement topic
  ignorableWhitespace = 

  startElement title
  characters = Java
  endElement title
  ignorableWhitespace = 

  ...
  
  
  -Original Message-
  From: Michael Glavassevich [mailto:mrgla...@ca.ibm.com]
  Sent: Friday, September 12, 2014 9:54 AM
  To: j-users@xerces.apache.org
  Subject: EXTERNAL: Re: SAX Parser includes ignorable whitespaces in 
  the character() method
  
  Your XML document requires a DTD with element declarations which 
  specify that they contain element-only content. Without that a SAX 
  parser cannot determine which whitespaces are 'ignorable'.
  
  Thanks.
  
  Michael Glavassevich
  XML Technologies and WAS Development
  IBM Toronto Lab
  E-mail: mrgla...@ca.ibm.com
  E-mail: mrgla...@apache.org
  
  Zhu, Joe joe@lmco.com wrote on 09/11/2014 07:00:11 PM:
  
   I am writing an app which need to access all text content in XML. 
   According

Re: SAX Parser includes ignorable whitespaces in the character() method

2014-09-12 Thread Michael Glavassevich 
Your XML document requires a DTD with element declarations which specify 
that they contain element-only content. Without that a SAX parser cannot 
determine which whitespaces are 'ignorable'.

Thanks.

Michael Glavassevich
XML Technologies and WAS Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com
E-mail: mrgla...@apache.org

Zhu, Joe joe@lmco.com wrote on 09/11/2014 07:00:11 PM:

 I am writing an app which need to access all text content in XML. 
 According to the ContentHandler API, this could be accomplished by 
 using a validating parser and the characters() method.
 
 But with the Xerces parser, the characters() method could contain 
 ignorable whitespaces (XML formatting whitespaces). I have no way to
 tell if the whitespace is ignorable whitespace or is part of the XML 
content.
 
 Has anybody else run into the problem? I tested with both Xerces 2.
 9.1 and Xerces 2.11. They behave the same way.
 
 Joe Zhu 


-
To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org
For additional commands, e-mail: j-users-h...@xerces.apache.org

Re: Problem with surrogate characters

2014-08-26 Thread Michael Glavassevich 
Hi,

References to surrogates are not allowed in XML documents.

Here's the range of allowed characters in the XML 1.0 specification [1]:

Char ::= #x9 | #xA | #xD | [#x20-#xD7FF] | [#xE000-#xFFFD] | 
[#x1-#x10] /* any Unicode character, excluding the surrogate 
blocks, FFFE, and . */

Surrogate pairs are used to represent characters in the [#x1-#x10] 
range: code points in the supplementary planes. You need a reference to 
one of these instead. You can use java.lang.Character.toCodePoint(char 
high, char low) to compute the code point value.

Thanks.

[1] http://www.w3.org/TR/2008/REC-xml-20081126/#charsets

Michael Glavassevich
XML Technologies and WAS Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com
E-mail: mrgla...@apache.org

Ilya Sokolov ilya_soko...@symantec.com wrote on 08/22/2014 03:23:57 PM:

 Hi!
 
 I have an issue parsing XML containing Unicode strings with 
 surrogate characters (Xerces 2.11.0). The following exception is thrown:
 
 org.xml.sax.SAXParseException; lineNumber: 1; columnNumber: 
 18; Character reference #55360 is an invalid XML character.
 at org.apache.xerces.parsers.DOMParser.parse(Unknown Source)
 at org.apache.xerces.jaxp.DocumentBuilderImpl.parse(Unknown 
Source)
 
 Simple code to reproduce the issue:
 
  byte[] enc1 = new byte[] {(byte)0xd8, 0x40, (byte)0xdc, 0x2a};
  String result = new String(enc1, UTF-16);
  System.out.println(result); // Outputs * correctly
 
  String saml=namelz1#55360;#56362;.cct.cm/name;
  DocumentBuilderFactory factory = 
DocumentBuilderFactory.newInstance
 ();
  DocumentBuilder builder = factory.newDocumentBuilder();
  Document document= builder.parse(new InputSource(new 
StringReader(
 saml))); // Throws exception
 
 
 Do I parse the XML correctly?
 
 The XML I parse contains the following string:
 lz1*.cct.cm

Fw: Travel assistance for ApacheCon EU, Budapest November 17-21 2014

2014-06-19 Thread Michael Glavassevich 
Forwarding on behalf of the ASF's Travel Assistance Committee.

Michael Glavassevich
XML Technologies and WAS Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com
E-mail: mrgla...@apache.org

jan i j...@apache.org wrote on 06/05/2014 07:41:57 AM:
 
 The Travel Assistance Committee (TAC) is happy to announce that we 
 now accept applications for ApacheCon Europe 2014, 17-21 November in
 Budapest, Hungary
 
 Applications are welcome from individuals within the Apache 
 community at-large, users, developers, educators, students, 
 Committers, and Members, who need financial support to attend ApacheCon.
 
 Please be aware the seats are very limited, and all applicants will 
 be scored on their individual merit.
 
 More information can be found at http://www.apache.org/travel 
 including a link to the online application and detailed instructions
 for submitting.
 
 Applications will close on 25 July 2014 at 23:00 UTC/GMT.
 
 Please help spread the word among your community.

 On behalf of TAC
 jan I.


-
To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org
For additional commands, e-mail: j-users-h...@xerces.apache.org

ApacheCon CFP closes June 25

2014-06-19 Thread Michael Glavassevich 
Dear Xerces enthusiast,

As you may be aware, ApacheCon will be held this year in Budapest, on
November 17-23. (See http://apachecon.eu for more info.)

The Call For Papers for that conference is still open, but will be
closing soon. We need you talk proposals, to represent Xerces at
ApacheCon. We need all kinds of talks - deep technical talks, hands-on
tutorials, introductions for beginners, or case studies about the
awesome stuff you're doing with Xerces.

Please consider submitting a proposal, at
http://events.linuxfoundation.org//events/apachecon-europe/program/cfp

Thanks!

Michael Glavassevich
XML Technologies and WAS Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com
E-mail: mrgla...@apache.org


-
To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org
For additional commands, e-mail: j-users-h...@xerces.apache.org

Re: Support of schema 1.1

2014-01-23 Thread Michael Glavassevich 
Support for XML Schema 1.1 only exists in the beta. Think of it as 
Xerces-J 2.11.0 + beta support for XML Schema 1.1 rather than a beta 
version of Xerces-J 2.11.0.

Michael Glavassevich
XML Technologies and WAS Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com
E-mail: mrgla...@apache.org

Vinícius Lopes vinicius.lopes.silv...@gmail.com wrote on 01/23/2014 
05:50:35 AM:

 From: Vinícius Lopes vinicius.lopes.silv...@gmail.com
 To: j-users@xerces.apache.org, 
 Date: 01/23/2014 11:19 AM
 Subject: Support of schema 1.1
 
 Hello, I'm trying to compile the stable version of Xerces 2.11.0 
  with schema 1.1 support, but it doesn't work. I compiled the beta 
 version of Xerces 2.11.0 with schema 1.1 support and it works. Did I
 do anything wrong when compiling the stable version ? I used the 
 command build all and then I tried build jars-schema11, but none
 generated jars with support to schema 1.1, only in the beta version it 
worked.
 
 Thanks,
 Vinícius


-
To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org
For additional commands, e-mail: j-users-h...@xerces.apache.org

Re: Class XMLSchema11Factory not found

2014-01-06 Thread Michael Glavassevich 
Hello Xavi,

We do not upload our jars to Maven Central. Other members of the community 
have been doing that on the project's behalf. We cannot tell you whether 
your Maven dependency is correct since we did not set that up.

If you would like to use the XML Schema 1.1 support available in Xerces I 
would suggest that you download the official binaries (Apache Xerces-J 
2.11.0, XML Schema 1.1 - Beta) from here [1].

Thanks.

[1] http://xerces.apache.org/mirrors.cgi#binary

Michael Glavassevich
XML Technologies and WAS Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com
E-mail: mrgla...@apache.org

Xavi Arias Seguí xavi.arias.se...@gmail.com wrote on 12/23/2013 11:31:28 
AM:

 From: Xavi Arias Seguí xavi.arias.se...@gmail.com
 To: j-users@xerces.apache.org, 
 Date: 12/23/2013 02:32 PM
 Subject: Re: Class XMLSchema11Factory not found
 
 Sorry the last email was not finished.

 Te correct Maven dependency is:
 
   dependency
 groupIdxerces/groupId
 artifactIdxercesImpl/artifactId
 version2.11.0/version
 scoperuntime/scope
   /dependency

 And the code I use to obtain the Schema Factory is:
 
 System.setProperty(javax.xml.validation.SchemaFactory:http://
 www.w3.org/XML/XMLSchema/v1.1, 
 org.apache.xerces.jaxp.validation.XMLSchema11Factory);
 
 SchemaFactory sf = SchemaFactory.newInstance(http://www.w3.org/XML/
 XMLSchema/v1.1);

 Any ideaus on how to make this work? The class 
 org.apache.xerces.jaxp.validation.XMLSchema11Factory should not be 
 in the Maven JAR ?

 Thanks,
 Xavier
 
 

 2013/12/23 Xavi Arias Seguí xavi.arias.se...@gmail.com
 Hello,

 The class org.apache.xerces.jaxp.validation.XMLSchema11Factory is 
 not in the Maven JAR after adding the dependency:
 
   dependency
 groupIdxerces/groupId
 artifactIdxercesImpl/artifactId
 version2.11.0-SNAPSHOT/version
 scoperuntime/scope
   /dependency

 Normally it should be somewhere in order to obtain a XML Schema 1.1.


-
To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org
For additional commands, e-mail: j-users-h...@xerces.apache.org

Re: contention during XMLReaderFactory.createXMLReader

2013-11-13 Thread Michael Glavassevich 
Hi Andrew,

System properties are global settings. It's not always a good idea to set 
them. If you were to set the system property in an application server 
where other applications have a preference to use alternate JAXP 
implementations you may break them.

Frameworks such as OSGi allow bundles to be loaded/unloaded dynamically 
meaning that the classpath which the ClassLoader searches over can 
change over time. It may return a different implementation or another 
version of the same implementation depending on when you invoke 
XMLReaderFactory.createXMLReader().

Thanks.

Michael Glavassevich
XML Technologies and WAS Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com
E-mail: mrgla...@apache.org

Andrew Welch andrew.j.we...@gmail.com wrote on 11/13/2013 06:10:12 AM:

 Hi again,
 
 Out of interest - what's the reason for not setting the system
 property after doing the META-INF search?  At the moment every jar
 file gets examined every time an XMLReader is created - is there a
 situation where users want different results from subsequent calls to
 createXMLReader(...)  controlled purely by the classpath?
 
 With that system property set, it's really fast to create XMLReaders...
 
 
 On 12 November 2013 19:18, Michael Glavassevich mrgla...@ca.ibm.com 
wrote:
  Hi Andrew,
 
  Creating a new XML parser can be very expensive. The ClassLoader used 
to
  create the parser and its internal components might block or spend a 
long
  time searching its classpath for META-INF/services files. This is 
why
  it's generally a good idea to cache and reuse [1] XML parser 
instances.
 
  Thanks.
 
  [1]
  
http://www.ibm.com/developerworks/xml/library/x-perfap2/index.html#reuse
 
  Michael Glavassevich
  XML Technologies and WAS Development
  IBM Toronto Lab
  E-mail: mrgla...@ca.ibm.com
  E-mail: mrgla...@apache.org
 
  Andrew Welch andrew.j.we...@gmail.com wrote on 11/12/2013 07:48:47 
AM:
 
  Hi,
 
  A colleague was doing some performance testing and discovered some
  contention at this line of my code:
 
  
XMLReaderFactory.createXMLReader(org.apache.xerces.parsers.SAXParser);
 
  ...which was surprising : ) He informed me it was doing a blocking
  operation every time.
 
  Anyway, he went away and went through the Xerces source and found 
that
  if the org.apache.xerces.xni.parser.XMLParserConfiguration system
  property is not set it does indeed do a blocking operation (in
  parsers.ObjectFactory)
 
  To demonstrate this, run the below code with and without the system
  property set:
 
  public static void main(String... args) throws Exception {
 
  //System.setProperty
  (org.apache.xerces.xni.parser.XMLParserConfiguration,
  // org.apache.xerces.parsers.XIncludeParserConfiguration);
 
  long start = System.nanoTime();
 
  for (int i = 0; i = 1; i++) {
  XMLReaderFactory.createXMLReader
  (org.apache.xerces.parsers.SAXParser);
  }
 
  long end = System.nanoTime();
  double millis = (end - start) * 1e-6;
 
  System.out.println(millis);
 
  }
 
  On my machine it consistently takes around ~2000ms without the system
  property, and ~1300ms with.
 
  This is present in both 2.9 and 2.11 as far as I can see.
 
 
 
 
  --
  Andrew Welch
  http://andrewjwelch.com
 
  -
  To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org
  For additional commands, e-mail: j-users-h...@xerces.apache.org
 
 
  -
  To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org
  For additional commands, e-mail: j-users-h...@xerces.apache.org
 
 
 
 
 -- 
 Andrew Welch
 http://andrewjwelch.com
 
 -
 To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org
 For additional commands, e-mail: j-users-h...@xerces.apache.org


-
To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org
For additional commands, e-mail: j-users-h...@xerces.apache.org

Re: contention during XMLReaderFactory.createXMLReader

2013-11-12 Thread Michael Glavassevich 
Hi Andrew,

Creating a new XML parser can be very expensive. The ClassLoader used to 
create the parser and its internal components might block or spend a long 
time searching its classpath for META-INF/services files. This is why 
it's generally a good idea to cache and reuse [1] XML parser instances.

Thanks.

[1] 
http://www.ibm.com/developerworks/xml/library/x-perfap2/index.html#reuse

Michael Glavassevich
XML Technologies and WAS Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com
E-mail: mrgla...@apache.org

Andrew Welch andrew.j.we...@gmail.com wrote on 11/12/2013 07:48:47 AM:

 Hi,
 
 A colleague was doing some performance testing and discovered some
 contention at this line of my code:
 
 XMLReaderFactory.createXMLReader(org.apache.xerces.parsers.SAXParser);
 
 ...which was surprising : ) He informed me it was doing a blocking
 operation every time.
 
 Anyway, he went away and went through the Xerces source and found that
 if the org.apache.xerces.xni.parser.XMLParserConfiguration system
 property is not set it does indeed do a blocking operation (in
 parsers.ObjectFactory)
 
 To demonstrate this, run the below code with and without the system
 property set:
 
 public static void main(String... args) throws Exception {
 
 //System.setProperty
 (org.apache.xerces.xni.parser.XMLParserConfiguration,
 //org.apache.xerces.parsers.XIncludeParserConfiguration);
 
 long start = System.nanoTime();
 
 for (int i = 0; i = 1; i++) {
 XMLReaderFactory.createXMLReader
 (org.apache.xerces.parsers.SAXParser);
 }
 
 long end = System.nanoTime();
 double millis = (end - start) * 1e-6;
 
 System.out.println(millis);
 
 }
 
 On my machine it consistently takes around ~2000ms without the system
 property, and ~1300ms with.
 
 This is present in both 2.9 and 2.11 as far as I can see.
 
 
 
 
 -- 
 Andrew Welch
 http://andrewjwelch.com
 
 -
 To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org
 For additional commands, e-mail: j-users-h...@xerces.apache.org


-
To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org
For additional commands, e-mail: j-users-h...@xerces.apache.org

Re: xml specification implementation

2013-10-10 Thread Michael Glavassevich 
Hello,

You are looking at XML 1.0 fifth edition which changed some of the rules 
for allowable characters in XML names.

The current version of Xerces-J supports XML 1.0 fourth edition and 
behaves correctly with respect to the rules for XML names in that edition. 
Older versions of Xerces-J support earlier editions of XML 1.0.

Thanks.

Michael Glavassevich
XML Technologies and WAS Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com
E-mail: mrgla...@apache.org

Manuel Jimenez mjime...@motionpoint.com wrote on 10/07/2013 04:51:04 
PM:

 According to the  spec (http://www.w3.org/TR/2008/REC-xml-20081126/
 #sec-common-syn), xml names could start with the following:
 
 
 NameStartChar
 
::= 
 
 : | [A-Z] | _ | [a-z] | [#xC0-#xD6] | [#xD8-#xF6] | [#xF8-#x2FF]
 | [#x370-#x37D] | [#x37F-#x1FFF] | [#x200C-#x200D] | [#x2070-#x218F]
 | [#x2C00-#x2FEF] | [#x3001-#xD7FF] | [#xF900-#xFDCF] | [#xFDF0-
 #xFFFD] | [#x1-#xE]
 
 
 The org.apache.xerces.util.XMLChar.isValidName() method for v2.0.2 
 returns false for the following characters:
 
 #x132, #x133, #x13f, #x140, #x149, #x17f, #x1c4, #x1c5, #x1c6, 
 #x1c7, #x1c8, #x1c9, #x1ca, #x1cb, #x1cc, #x1f1, #x1f2, #x1f3, 
 #x1f6, #x1f7, #x1f8, #x1f9, #x218, #x219, #x21a, #x21b, #x21c, 
 #x21d, #x21e, #x21f, #x220, #x221, #x222, #x223, #x224, #x225, 
 #x226, #x227, #x228, #x229, #x22a, #x22b, #x22c, #x22d, #x22e, 
 #x22f, #x230, #x231, #x232, #x233, #x234, #x235, #x236, #x237, 
 #x238, #x239, #x23a, #x23b, #x23c, #x23d, #x23e, #x23f, #x240, 
 #x241, #x242, #x243, #x244, #x245, #x246, #x247, #x248, #x249, 
 #x24a, #x24b, #x24c, #x24d, #x24e, #x24f, #x2a9, #x2aa, #x2ab, 
 #x2ac, #x2ad, #x2ae, #x2af, #x2b0, #x2b1, #x2b2, #x2b3, #x2b4, 
 #x2b5, #x2b6, #x2b7, #x2b8, #x2b9, #x2ba, #x2c2, #x2c3, #x2c4, 
 #x2c5, #x2c6, #x2c7, #x2c8, #x2c9, #x2ca, #x2cb, #x2cc, #x2cd, 
 #x2ce, #x2cf, #x2d0, #x2d1, #x2d2, #x2d3, #x2d4, #x2d5, #x2d6, 
 #x2d7, #x2d8, #x2d9, #x2da, #x2db, #x2dc, #x2dd, #x2de, #x2df, 
 #x2e0, #x2e1, #x2e2, #x2e3, #x2e4, #x2e5, #x2e6, #x2e7, #x2e8, 
 #x2e9, #x2ea, #x2eb, #x2ec, #x2ed, #x2ee, #x2ef, #x2f0, #x2f1, 
 #x2f2, #x2f3, #x2f4, #x2f5, #x2f6, #x2f7, #x2f8, #x2f9, #x2fa, 
 #x2fb, #x2fc, #x2fd, #x2fe, #x2ff
 
 
 #x370, #x371, #x372, #x373, #x374, #x375, #x376, #x377, #x378, 
 #x379, #x37a, #x37b, #x37c, #x37d
 
 
 
 
 
 
 I haven’t checked [#x37F-#x1FFF] | [#x200C-#x200D] | [#x2070-#x218F]
 | [#x2C00-#x2FEF] | [#x3001-#xD7FF] | [#xF900-#xFDCF] | [#xFDF0-
 #xFFFD] | [#x1-#xE] yet…
 
 Was this intentional, was it fixed in newer versions?  Please advise.

-
To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org
For additional commands, e-mail: j-users-h...@xerces.apache.org

Re: xml specification implementation

2013-10-10 Thread Michael Glavassevich 
Hi Gary,

The short answer is no.

This blog [1] entry touches on concerns that the XML community has had 
about the 5th edition. I've yet to see a request from someone that 
actually needs / wants this.

I'm not even sure you can do a release which conforms to JAXP since the 
other standards it pulls in are still at levels which expect pre-XML 1.0 
5th edition rules.

Thanks.

[1] 
http://broadcast.oreilly.com/2008/12/why-i-think-xml-10-fifth-editi.html

Michael Glavassevich
XML Technologies and WAS Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com
E-mail: mrgla...@apache.org

Gary Gregory garydgreg...@gmail.com wrote on 10/10/2013 11:35:34 AM:
 
 Michael,
 
 Do you have any plans to release a 2.12 to support the fifth edition 
then?
 
 Curious,
 Thank you,
 Gary
 
 
 On Thu, Oct 10, 2013 at 11:33 AM, Michael Glavassevich
 mrgla...@ca.ibm.com wrote:
  Hello,
 
  You are looking at XML 1.0 fifth edition which changed some of the 
rules
  for allowable characters in XML names.
 
  The current version of Xerces-J supports XML 1.0 fourth edition and
  behaves correctly with respect to the rules for XML names in that 
edition.
  Older versions of Xerces-J support earlier editions of XML 1.0.
 
  Thanks.
 
  Michael Glavassevich
  XML Technologies and WAS Development
  IBM Toronto Lab
  E-mail: mrgla...@ca.ibm.com
  E-mail: mrgla...@apache.org
 
  Manuel Jimenez mjime...@motionpoint.com wrote on 10/07/2013 
04:51:04
  PM:
 
  According to the  spec (http://www.w3.org/TR/2008/REC-xml-20081126/
  #sec-common-syn), xml names could start with the following:
 
 
  NameStartChar
 
 ::=
 
  : | [A-Z] | _ | [a-z] | [#xC0-#xD6] | [#xD8-#xF6] | [#xF8-#x2FF]
  | [#x370-#x37D] | [#x37F-#x1FFF] | [#x200C-#x200D] | [#x2070-#x218F]
  | [#x2C00-#x2FEF] | [#x3001-#xD7FF] | [#xF900-#xFDCF] | [#xFDF0-
  #xFFFD] | [#x1-#xE]
 
 
  The org.apache.xerces.util.XMLChar.isValidName() method for v2.0.2
  returns false for the following characters:
 
  #x132, #x133, #x13f, #x140, #x149, #x17f, #x1c4, #x1c5, #x1c6,
  #x1c7, #x1c8, #x1c9, #x1ca, #x1cb, #x1cc, #x1f1, #x1f2, #x1f3,
  #x1f6, #x1f7, #x1f8, #x1f9, #x218, #x219, #x21a, #x21b, #x21c,
  #x21d, #x21e, #x21f, #x220, #x221, #x222, #x223, #x224, #x225,
  #x226, #x227, #x228, #x229, #x22a, #x22b, #x22c, #x22d, #x22e,
  #x22f, #x230, #x231, #x232, #x233, #x234, #x235, #x236, #x237,
  #x238, #x239, #x23a, #x23b, #x23c, #x23d, #x23e, #x23f, #x240,
  #x241, #x242, #x243, #x244, #x245, #x246, #x247, #x248, #x249,
  #x24a, #x24b, #x24c, #x24d, #x24e, #x24f, #x2a9, #x2aa, #x2ab,
  #x2ac, #x2ad, #x2ae, #x2af, #x2b0, #x2b1, #x2b2, #x2b3, #x2b4,
  #x2b5, #x2b6, #x2b7, #x2b8, #x2b9, #x2ba, #x2c2, #x2c3, #x2c4,
  #x2c5, #x2c6, #x2c7, #x2c8, #x2c9, #x2ca, #x2cb, #x2cc, #x2cd,
  #x2ce, #x2cf, #x2d0, #x2d1, #x2d2, #x2d3, #x2d4, #x2d5, #x2d6,
  #x2d7, #x2d8, #x2d9, #x2da, #x2db, #x2dc, #x2dd, #x2de, #x2df,
  #x2e0, #x2e1, #x2e2, #x2e3, #x2e4, #x2e5, #x2e6, #x2e7, #x2e8,
  #x2e9, #x2ea, #x2eb, #x2ec, #x2ed, #x2ee, #x2ef, #x2f0, #x2f1,
  #x2f2, #x2f3, #x2f4, #x2f5, #x2f6, #x2f7, #x2f8, #x2f9, #x2fa,
  #x2fb, #x2fc, #x2fd, #x2fe, #x2ff
 
 
  #x370, #x371, #x372, #x373, #x374, #x375, #x376, #x377, #x378,
  #x379, #x37a, #x37b, #x37c, #x37d
 
 
 
 
 
 
  I haven’t checked [#x37F-#x1FFF] | [#x200C-#x200D] | [#x2070-#x218F]
  | [#x2C00-#x2FEF] | [#x3001-#xD7FF] | [#xF900-#xFDCF] | [#xFDF0-
  #xFFFD] | [#x1-#xE] yet…
 
  Was this intentional, was it fixed in newer versions?  Please advise.
 
  -
  To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org
  For additional commands, e-mail: j-users-h...@xerces.apache.org
 
 
 
 -- 
 E-Mail: garydgreg...@gmail.com | ggreg...@apache.org
 Java Persistence with Hibernate, Second Edition
 JUnit in Action, Second Edition
 Spring Batch in Action
 Blog: http://garygregory.wordpress.com
 Home: http://garygregory.com/
 Tweet! http://twitter.com/GaryGregory
 
 -
 To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org
 For additional commands, e-mail: j-users-h...@xerces.apache.org

Re: Differences between Xerces and xmllint when resolving nested XIncludes

2013-09-30 Thread Michael Glavassevich 
Hi Jan,

Looks like you've hit XERCESJ-1102 [1]. This is a long standing defect in 
the XInclude support. There's a patch attached to the JIRA issue that you 
might want to try though it hasn't been evaluated yet.

Thanks.

[1] https://issues.apache.org/jira/browse/XERCESJ-1102

Michael Glavassevich
XML Technologies and WAS Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com
E-mail: mrgla...@apache.org

Jan Tosovsky jan.tosovsky...@gmail.com wrote on 09/26/2013 12:24:24 
PM:

 Dear All,
 
 I have modular document with nested XIncludes and relative URIs to 
images
 stored in different folders.
 
 When it is parsed and stored into a single file using Xerces-J 2.11, 
these
 URIs in nested files are processed incorrectly and point to the wrong
 location.
 
 Parsing it with the xmllint tool produces all the outputs correctly.
 
 Both source files and final results are available at
 http://drifted.in/other/xincludes.zip
 
 The difference is an invalid xml:base in that nested case:
 
 Xerces : xml:base=Common/Examples/XInclude/Image.xml
 xmllint: xml:base=XInclude/Image.xml
 
 For parsing I use something like this:
 
 DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
 factory.setNamespaceAware(true);
 factory.setXIncludeAware(true);
 DocumentBuilder parser = factory.newDocumentBuilder();
 parser.setEntityResolver(new CatalogResolver());
 Document document = parser.parse(xmlFile);
 
 Is there available any feature which I should switch on? 
 Is there any workaround?
 
 Using xmllint in the Java ecosystem is problematic.
 
 Thanks, Jan
 
 
 -
 To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org
 For additional commands, e-mail: j-users-h...@xerces.apache.org


-
To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org
For additional commands, e-mail: j-users-h...@xerces.apache.org

Re: RegularExpression 'X' option oddity

2013-08-14 Thread Michael Glavassevich 
Hi Jernej,

Jernej Tuljak jernej.tul...@gmail.com wrote on 08/14/2013 03:41:17 AM:

 Hi,
 
 we're abusing org.apache.xerces.impl.xpath.regex.RegularExpression 

Yep. :-)

 to validate XSD flavor regular expression strings and later matching
 test strings against them. It seemingly worked, until someone tried 
 to use a very specific regex.
 
 Here's the code:
 
 import org.apache.xerces.impl.xpath.regex.RegularExpression;
 
 public class XercesRegexTest {
 
 public static void main(String[] args) {
 String regexString = ([a-zA-Z][^ ]*);
 RegularExpression regex = new RegularExpression(regexString, 
x);
 System.out.println(regex.toString());
 }
 
 }
 
 The `x` option is supposed to make the regex engine conform to XSD 
 regular expressions.

Only 'X' does that. That is the only option which Xerces uses internally.

 But if you run this code, you'll end up with 
 
 Exception in thread main 
 org.apache.xerces.impl.xpath.regex.ParseException: Unexpected end of
 the pattern in a character class.
 at org.apache.xerces.impl.xpath.regex.RegexParser.ex(Unknown 
Source)
 at 
 org.apache.xerces.impl.xpath.regex.RegexParser.parseCharacterClass
 (Unknown Source)
 at org.apache.xerces.impl.xpath.regex.RegexParser.parseAtom
 (Unknown Source)
 at 
 org.apache.xerces.impl.xpath.regex.RegexParser.parseFactor(Unknown 
Source)
 at org.apache.xerces.impl.xpath.regex.RegexParser.parseTerm
 (Unknown Source)
 at org.apache.xerces.impl.xpath.regex.RegexParser.parseRegex
 (Unknown Source)
 at 
 org.apache.xerces.impl.xpath.regex.RegexParser.processParen(Unknown 
Source)
 at org.apache.xerces.impl.xpath.regex.RegexParser.parseAtom
 (Unknown Source)
 at 
 org.apache.xerces.impl.xpath.regex.RegexParser.parseFactor(Unknown 
Source)
 at org.apache.xerces.impl.xpath.regex.RegexParser.parseTerm
 (Unknown Source)
 at org.apache.xerces.impl.xpath.regex.RegexParser.parseRegex
 (Unknown Source)
 at org.apache.xerces.impl.xpath.regex.RegexParser.parse
 (Unknown Source)
 at 
 org.apache.xerces.impl.xpath.regex.RegularExpression.setPattern
 (Unknown Source)
 at 
 org.apache.xerces.impl.xpath.regex.RegularExpression.setPattern
 (Unknown Source)
 at 
 org.apache.xerces.impl.xpath.regex.RegularExpression.init(Unknown 
Source)
 at com.mgsoft.testing.regex.XercesRegexTest.main
 (XercesRegexTest.java:9)
 Java Result: 1
 
 It first looked like a bug in Xerces' regular expression parser, but
 after re-reading the documentation (http://xerces.apache.org/xerces-
 j/apiDocs/org/apache/xerces/utils/regex/RegularExpression.html) of 
 this class, I found out that the `x` option should actually be `X` 
 (upper case).

The docs for that class probably haven't changed much over the years but 
worth pointing out that that's the Xerces-J 1.x documentation not Xerces-J 
2.x.

 Thing is...it worked for countless other regular 
 expressions. In fact it is that space that is causing problems, any 
 other char works fine. Also removing the option and using the single
 string constructor of `RegularExpression` works fine.

If you're not specifying 'X' then you're using a mode that isn't XSD and 
that we never use.

 Does anyone know why this is happening? I realize that this class is
 probably not intended for such usage, but since the spec we're 
 implementing uses XSD regular expressions, we tried to avoid 
 reinventing the wheel though re-usage.

Works for me with the current code in SVN.

 We are using xercesImpl.jar that is distributed with xalan-j 2.7.1.

Whatever you got out of Xalan-J 2.7.1 would be very old now. Have you 
tried Xerces-J 2.11.0?

Thanks.

Michael Glavassevich
XML Technologies and WAS Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com
E-mail: mrgla...@apache.org


-
To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org
For additional commands, e-mail: j-users-h...@xerces.apache.org

Re: CoreDocumentImpl.setXmlVersion bug?

2013-06-17 Thread Michael Glavassevich 
Hello Dustin,

That might be a bug but you are not using Apache Xerces or Xalan.

com.sun.org.apache.* is Oracle's fork of the codebase. We have no 
influence over it.

If you have an issue with that implementation which you would like 
addressed you would need to pursue it with Oracle.

Thanks.

Michael Glavassevich
XML Technologies and WAS Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com
E-mail: mrgla...@apache.org

Dustin Schultz dustin.schu...@utah.edu wrote on 06/14/2013 07:49:51 PM:

 Hi,
 
 I don't know if this is a bug or expected behavior?
 
 Through various calls, Xalan ends up calling 
 CoreDocumentImpl.setXmlVersion with null if the processed XML 
 document doesn't contain an XML declaration. I'm inclined to say 
 that it's a bug since the XML declaration is optional and the method
 should protect against NPEs.
 
 java version 1.7.0_21
 OS: Mac OS X 10.8.4
 
 This simple test code: https://gist.github.com/dustinschultz/5786101
 With this XML: https://gist.github.com/dustinschultz/5786108
 
 Results in
 
 java.lang.NullPointerException
 at 
 com.sun.org.apache.xerces.internal.dom.CoreDocumentImpl.setXmlVersion
 (CoreDocumentImpl.java:860)
 at 
 com.sun.org.apache.xalan.internal.xsltc.trax.SAX2DOM.setDocumentInfo
 (SAX2DOM.java:144)
 at com.sun.org.apache.xalan.internal.xsltc.trax.SAX2DOM.startElement
 (SAX2DOM.java:154)
 at 
 com.sun.org.apache.xml.internal.serializer.ToXMLSAXHandler.closeStartTag
 (ToXMLSAXHandler.java:208)
 at 
 com.sun.org.apache.xml.internal.serializer.ToXMLSAXHandler.characters
 (ToXMLSAXHandler.java:528)
 at 
 
com.sun.org.apache.xalan.internal.xsltc.trax.StAXStream2SAX.handleCharacters
 (StAXStream2SAX.java:262)
 at 
 com.sun.org.apache.xalan.internal.xsltc.trax.StAXStream2SAX.bridge
 (StAXStream2SAX.java:169)
 at com.sun.org.apache.xalan.internal.xsltc.trax.StAXStream2SAX.parse
 (StAXStream2SAX.java:118)
 at 
 
com.sun.org.apache.xalan.internal.xsltc.trax.TransformerImpl.transformIdentity
 (TransformerImpl.java:678)
 at 
 com.sun.org.apache.xalan.internal.xsltc.trax.TransformerImpl.transform
 (TransformerImpl.java:727)
 at 
 com.sun.org.apache.xalan.internal.xsltc.trax.TransformerImpl.transform
 (TransformerImpl.java:340)
 
 This same code completes without Exception on 1.6.0_45 (likely 
 doesn't call setVersion but I haven't confirmed)
 
 Thanks,
 Dustin Schultz


-
To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org
For additional commands, e-mail: j-users-h...@xerces.apache.org

Re: document.cloneNode() patch consideration?

2013-06-03 Thread Michael Glavassevich 
Hi Jake,

Just speaking for myself...

I haven't had much time lately to do actual development work on Xerces. 
XERCESJ-1597 was probably already on my TODO list but can't promise when 
I'd get to it.

There's been no discussion of a new release.

Thanks.

Michael Glavassevich
XML Technologies and WAS Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com
E-mail: mrgla...@apache.org

Jacob Kjome h...@visi.com wrote on 06/01/2013 09:54:02 PM:

 Just wondering if/when my patch will be considered for the next release?
 
 https://issues.apache.org/jira/browse/XERCESJ-1597
 
 If I did my homework correctly, the patch should be ready to apply and 
 commit.  It's just a matter of whether Xerces developers agree with it.  
It's 
 been out there a while with no activity.  Can someone please evaluate 
it?
 
 Also, any idea of the timeline for the next release?  It's been a while.
 
 
 thanks,
 
 Jake
 
 -
 To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org
 For additional commands, e-mail: j-users-h...@xerces.apache.org


-
To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org
For additional commands, e-mail: j-users-h...@xerces.apache.org

Re: Problem with serializing Text Data

2013-05-28 Thread Michael Glavassevich 
Hi Chris,

What XML API are you using for serializing your document?

A code snippet showing what you did might help.

Thanks.

Michael Glavassevich
XML Technologies and WAS Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com
E-mail: mrgla...@apache.org

Chris Bowditch bowditch_ch...@hotmail.com wrote on 05/28/2013 12:41:33 
PM:

 Hi All,
 
 I've been searching JIRA for any issue serializing text data that 
 contains CDATA keyword (but is not a fully formed CDATA section) I 
 couldn't see one, so I'm posting here before I starting debugging the 
 Serializer code to see if anyone has seen this issue.
 
 In the input XML we have the following text node:
 
 lt;valuegt;lt;![CDATA[-1]]gt;lt;/valuegt;
 
 Our application is using Xerces to parse this XML and its correctly 
 recognized as a character event. If I try to serialize this same 
 character event, the resulting XML ends up like:
 
 value![CDATA[-1![CDATA[/value
 
 This looks wrong to me and results in a malformed XML File.
 
 Any input would be welcomed.
 
 Thanks,
 
 Chris
 
 -
 To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org
 For additional commands, e-mail: j-users-h...@xerces.apache.org


-
To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org
For additional commands, e-mail: j-users-h...@xerces.apache.org

RE: Problem with apache-xerces.2.9.1.jar file

2013-04-01 Thread Michael Glavassevich 
Hi Radu,

Just so that you're aware, we don't upload our jars to Maven Central. 
Other members of the community have been doing this on the project's 
behalf. Couldn't tell you whether the config is correct since we didn't 
set that up. 

FYI: The Xerces developers don't know much about Maven, though there may 
be some users on this list who do.

Thanks.

Michael Glavassevich
XML Technologies and WAS Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com
E-mail: mrgla...@apache.org

Miron, Radu radu.mi...@hp.com wrote on 01/04/2013 08:31:07 AM:

 Hi Gary,
 
 I’m not connected to the main central nexus. 
 We’re behind some other big nexus which represents in fact a union 
 of many other. I do not have access to the big nexus.
 The proxy which is the Maven Central repo has the following 
configuration:
 Maven Central – http://search.maven.org
 
 I just checked the http://search.maven.org . The 2.9.1 xercesImpl 
 from there is OK. Maybe someone from our organization uploaded the 
 wrong artifact?
 
 Our dependency is defined like this:
 dependency
 groupIdapache-xerces/groupId
 artifactIdxercesImpl/artifactId
 version2.9.1/version
 /dependency
 
 (Possibly) I should change the apache-xerces to just xerces?
 
 Thanks,
 Radu
 
 From: Gary Gregory [mailto:garydgreg...@gmail.com] 
 Sent: Monday, April 01, 2013 2:45 PM
 To: j-users@xerces.apache.org
 Subject: Re: Problem with apache-xerces.2.9.1.jar file
 
 What is the URL that you used to download?
 
 Gary
 
 On Apr 1, 2013, at 5:52, Miron, Radu radu.mi...@hp.com wrote:
 Hello,
 
 I would want to subscribe in order to notify you that you have an 
 issue with your latest apache-xerces.2.9.1.jar file. The JAR file 
 cannot be opened and introduces problems during our build process.
 
 Repository Path:
 /apache-xerces/xercesImpl/2.9.1/xercesImpl-2.9.1.jar
 Uploaded by:
 deployment
 Size:
 168 Bytes
 Uploaded Date:
 Mon Apr 01 2013 09:50:10 GMT+0300 (GTB Daylight Time)
 Last Modified:
 Mon Apr 01 2013 09:50:10 GMT+0300 (GTB Daylight Time)
 
 
 
 
 
 
 
 
 
 SHA1
 d3b963c1d3e2ff326632c5f5a02fdb44cfaaea77
 MD5
 f48a70649b86c40ebb4c86ff0ce8a070
 
 The file you have now is 168 bytes, but the file from yesterday has 
 1,229,125 bytes. This last file is the correct one.
 Please notify me of a fix when fixed.
 
 Thanks,
 Radu

Re: fPreviousChunk == NULL exception on parsing a 2 GB XML file

2013-04-01 Thread Michael Glavassevich 
Hello Hector,

You must be using Xerces-J 1.4.4 or earlier. 
org.apache.xerces.framework.XMLParser doesn't exist in Xerces 2.x.

If there was an issue with processing large XML documents with SAX I 
assume we fixed that over a decade ago. I know of no such problem now.

Thanks.

Michael Glavassevich
XML Technologies and WAS Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com
E-mail: mrgla...@apache.org

Hector Barragan h...@ntrs.com wrote on 01/04/2013 03:03:11 PM:

 Hi there 
 
 In the below version, has the 2 GB file size bug been fixed? 
 
 Xerces2 Java Parser 2.11.0 Release 

 The sax parser wont read/handle a XML file more than 2 GB, 
 populating the below exception 
 
 java.lang.RuntimeException: Internal Error: fPreviousChunk == NULL 
 at org.apache.xerces.framework.XMLParser.parse(XMLParser.java:1094) 
 at javax.xml.parsers.SAXParser.parse(SAXParser.java:345) 
 at javax.xml.parsers.SAXParser.parse(SAXParser.java:223) 
 
 Currently we have this version 
 Sax version is 2009 xercesImpl-2.2.1.jar 2009 xerces.jar 
 Thanks in advance 
 
 
___
 Hector Barragan | Contractor | Derivatives Technology 
 801 S. Canal Chicago IL, 60607 USA||Cell 1 (312) 285 4793 h...@ntrs.com 
 Please visit northerntrust.com 


-
To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org
For additional commands, e-mail: j-users-h...@xerces.apache.org

Re: support for xpointer

2013-03-01 Thread Michael Glavassevich 
Hi Philippe,

philippe.favr...@continental-corporation.com wrote on 01/03/2013 11:22:41 
AM:

 Hi Michael, 
 
 What would you recommend me if i want to be able to xpoint 
 elements or attributes with an approach close to xpointer scheme (xpath 
like)?

My impression of XPointer (which could be wrong) is that it didn't really 
take off in the industry. The xpointer() scheme never became a W3C 
Recommendation, meaning the W3C has not endorsed it as a standard. Given 
that it's still a working draft and hasn't been updated since 2002 I'd 
consider it abandoned at this point from a standardization perspective.

I think someone defined an xpath() scheme as an alternative to xpointer() 
but I haven't looked at it and I'm not aware of where it might be 
supported.

 Is it possible to extend the xpointer framework to extend xerces so 
 that it can handle different scheme than the one already implemented ?

It is technically possible to write more scheme handlers for Xerces.

 Is there other parsers supporting such xpath xpointer scheme ? 

I'm not aware of any.

 kind regards 
 Philippe

Thanks.

Michael Glavassevich
XML Technologies and WAS Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com
E-mail: mrgla...@apache.org


-
To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org
For additional commands, e-mail: j-users-h...@xerces.apache.org

Re: support for xpointer

2013-02-27 Thread Michael Glavassevich 
Hi Philippe,

The goal at the time we were working on this was conformance to the 
XInclude 1.0 specification [1] which only requires support for the 
XPointer Framework and XPointer element() scheme.

Thanks.

[1] http://www.w3.org/TR/xinclude/#application

Michael Glavassevich
XML Technologies and WAS Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com
E-mail: mrgla...@apache.org

philippe.favr...@continental-corporation.com wrote on 22/02/2013 10:49:48 
AM:

 Hello Michael, 
 
 Thank you for the reply. 
 In my case, i wanted to use xpointer mainly in the context of xinclude. 
 I do not well understand the reasons why only a part of xpointer has
 been implemented (only the scheme element (e.g.: 
xpointer=element(/1/1/1)))
 . For instance, I think it is a pity not to have implemented the 
 scheme based on Xpath which  seems to be more usefull and powerfull 
 Was it considered not usefull ? Are there are other similar 
 mechanisms allowing to link fragments of xml files ? 
 
 Thanks 
 Philippe 
 
 
 
 De :Michael Glavassevich mrgla...@ca.ibm.com 
 A :j-users@xerces.apache.org 
 Date :21/02/2013 19:17 
 Objet :Re: support for xpointer 
 
 
 
 Hello Philippe,
 
 The XPointer support in Xerces-J is limited to what is required for 
 XInclude and is only usable within the context of XInclude.
 
 There no plans to enhance it further.
 
 Thanks.
 
 Michael Glavassevich
 XML Technologies and WAS Development
 IBM Toronto Lab
 E-mail: mrgla...@ca.ibm.com
 E-mail: mrgla...@apache.org
 
 philippe.favr...@continental-corporation.com wrote on 21/02/2013 
12:03:44 
 PM:
 
  Hello all 
  
  I am a user of Xerces-J and plan to use the Xpointer feature which 
  from the specification i read seems to be very powerfull. 
  However after few tries, i realized that not all is yet completly 
 supported. 
  
  What is the strategy of Xerces in regard to this Xpointer feature ? 
  Will it be implemented or is there other solutions ? 
  
  Thank you 
  Best regards 
  Philippe Favrais 
 
 
 -
 To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org
 For additional commands, e-mail: j-users-h...@xerces.apache.org


-
To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org
For additional commands, e-mail: j-users-h...@xerces.apache.org

Re: support for xpointer

2013-02-21 Thread Michael Glavassevich 
Hello Philippe,

The XPointer support in Xerces-J is limited to what is required for 
XInclude and is only usable within the context of XInclude.

There no plans to enhance it further.

Thanks.

Michael Glavassevich
XML Technologies and WAS Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com
E-mail: mrgla...@apache.org

philippe.favr...@continental-corporation.com wrote on 21/02/2013 12:03:44 
PM:

 Hello all 
 
 I am a user of Xerces-J and plan to use the Xpointer feature which 
 from the specification i read seems to be very powerfull. 
 However after few tries, i realized that not all is yet completly 
supported. 
 
 What is the strategy of Xerces in regard to this Xpointer feature ? 
 Will it be implemented or is there other solutions ? 
 
 Thank you 
 Best regards 
 Philippe Favrais 


-
To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org
For additional commands, e-mail: j-users-h...@xerces.apache.org

Re: Info regarding XML Serializer property setting

2013-02-01 Thread Michael Glavassevich 
Hi Karthik,

I suspect the behavioural difference you're seeing has something to do 
with improving round-tripping of whitespace characters. However, I'm not 
sure what assistance you're asking for here. If you're using what is 
supplied by WAS then you're not using an Apache Xerces release and even if 
you were, serializer.jar comes from Xalan.

Thanks.

Michael Glavassevich
XML Technologies and WAS Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com
E-mail: mrgla...@apache.org

karthikeyan...@polarisft.com wrote on 28/01/2013 03:32:50 AM:

 Dear users,
 
 We recently moved to IBM  WAS 6 to WAS 7.We have a code printing the xml
 file which uses the serializer jar provided by IBM.
 
 Problem noticed in WAS7 is that Carriage Return is converted to #13 
within
 CDATA section of an element.
 
 For ex,
 
 WAS6
 
 MsgTyp![CDATA[other
 Document]]/MsgTyp
 
 WAS7
 
 MsgTyp![CDATA[other]]#13;![CDATA[
 Document]]/MsgTyp
 
 Can anyone please assist us to get this fixed.
 
 Thanks,
 karthik


-
To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org
For additional commands, e-mail: j-users-h...@xerces.apache.org

Re: Caching grammars

2013-01-20 Thread Michael Glavassevich 
The JAXP Schema created through SchemaFactory.newSchema() caches grammars 
(through SoftReferences [1]) by their schema location. It's been quite 
awhile since I've looked at how this works, but it wouldn't surprise me if 
Xerces calls your LSResourceResolver each time you validate in order to 
give your application an opportunity to redirect the schema location and 
then use the value returned from the LSResourceResolver to look up the 
cached grammar.

Thanks.

[1] 
http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/xerces/jaxp/validation/SoftReferenceGrammarPool.java?annotate=699892

Michael Glavassevich
XML Technologies and WAS Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com
E-mail: mrgla...@apache.org

Robert Huffman robert.huff...@gmail.com wrote on 12/01/2013 05:04:17 PM:

 I must parse documents that may use a large number of fairly large 
 XSDs. However, the large majority of documents will not use most of 
 those XSDs. Therefore, I would like to use a custom 
 LSResourceResolver to resolve the target namespaces to local 
 resources during parsing rather than building a Schema object that 
 has all the grammars loaded up front.
 
 Unfortunately, as nearly as I can tell, grammars loaded through the 
 use of a LSResourceResolver are never cached in the grammar pool. Is
 that correct? Is there some nuance I'm missing?


-
To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org
For additional commands, e-mail: j-users-h...@xerces.apache.org

Re: xeres gives Unexpected runtime NullPointer exceptions under load for multi threaded application

2013-01-20 Thread Michael Glavassevich 
Hi,

Xerces DOM implementation is not thread safe [1] even if you're only doing 
read operations. You must synchronize your access to the DOM. If you don't 
synchronize you may get NPEs (in seemingly random places) or other errors 
in a multi-threaded application.

Thanks.

[1] http://xerces.apache.org/xerces2-j/faq-dom.html#faq-1

Michael Glavassevich
XML Technologies and WAS Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com
E-mail: mrgla...@apache.org

nk2013 tmpnk...@gmail.com wrote on 20/01/2013 01:06:08 AM:

 Exception occurs when simple load of messages (approx. 5000 messages of 
4 -
 5KB) posted
 
 XML Messages posted to IBM MQ Queue with MQ API - 
 
 Unexpected runtime exception; nested exception is: 
java.lang.NullPointerException
 
 Please find complete stacktrace below - 
 
 Unexpected runtime exception; nested exception is: t
java.lang.NullPointerException
 java.lang.NullPointerException
at org.apache.xerces.dom.ParentNode.internalInsertBefore(Unknown 
Source)
at org.apache.xerces.dom.ParentNode.insertBefore(Unknown Source)
at org.apache.xerces.dom.NodeImpl.appendChild(Unknown Source)
 ** Pls note it happens under load only  4K
 ** Using xercesImpl.jar
 
 Need resolution on top priority, issue in production. 
 Any help is appreciated.
 
 
 
 
 
 
 --
 View this message in context: http://apache-xml.6118.n7.nabble.com/
 xeres-gives-Unexpected-runtime-NullPointer-exceptions-under-load-
 for-multi-threaded-application-tp39667.html
 Sent from the Xerces - J - Dev mailing list archive at Nabble.com.
 
 -
 To unsubscribe, e-mail: j-dev-unsubscr...@xerces.apache.org
 For additional commands, e-mail: j-dev-h...@xerces.apache.org


-
To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org
For additional commands, e-mail: j-users-h...@xerces.apache.org

Re: Caching grammars

2013-01-20 Thread Michael Glavassevich 
Xerces' grammar objects are thread-safe. The ones cached in the JAXP 
Schema object are shared with each Validator created from the JAXP Schema.

Thanks.

Michael Glavassevich
XML Technologies and WAS Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com
E-mail: mrgla...@apache.org

Robert Huffman robert.huff...@gmail.com wrote on 20/01/2013 01:59:33 PM:

 That does seem to be the way it works. I dug into the source more 
 after my initial post. It seems that the grammar pool in the Schema 
 is used to initialize a second grammar pool owned by the Validator. 
 This second grammar pool lives only as long as the validator.
 
 I haven't gotten back into that part of my code in a week or so, but
 I believe I can ultimately get my grammars that are dynamically 
 loaded via the LSResourceResolver by reusing my Validator. Of 
 course, the Validator is not thread-safe, so I will probably use a 
 ThreadLocalValidator. (Synchronizing a single validator is 
 probably not acceptable in my environment.)
 
 Of course, that means I will end up with a grammar cache in each 
 thread in my thread pool. So my next step is to figure out if the 
 grammars are thread safe. If they are, perhaps I can figure out a 
 way to share a single instance of a thread safe grammar cache 
 between validators.
 
 On Sun, Jan 20, 2013 at 10:23 AM, Michael Glavassevich 
mrgla...@ca.ibm.com
  wrote:
 The JAXP Schema created through SchemaFactory.newSchema() caches 
grammars
 (through SoftReferences [1]) by their schema location. It's been quite
 awhile since I've looked at how this works, but it wouldn't surprise me 
if
 Xerces calls your LSResourceResolver each time you validate in order to
 give your application an opportunity to redirect the schema location and
 then use the value returned from the LSResourceResolver to look up the
 cached grammar.
 
 Thanks.
 
 [1]
 http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/
 xerces/jaxp/validation/SoftReferenceGrammarPool.java?annotate=699892
 
 Michael Glavassevich
 XML Technologies and WAS Development
 IBM Toronto Lab
 E-mail: mrgla...@ca.ibm.com
 E-mail: mrgla...@apache.org
 
 Robert Huffman robert.huff...@gmail.com wrote on 12/01/2013 05:04:17 
PM:
 
  I must parse documents that may use a large number of fairly large
  XSDs. However, the large majority of documents will not use most of
  those XSDs. Therefore, I would like to use a custom
  LSResourceResolver to resolve the target namespaces to local
  resources during parsing rather than building a Schema object that
  has all the grammars loaded up front.
 
  Unfortunately, as nearly as I can tell, grammars loaded through the
  use of a LSResourceResolver are never cached in the grammar pool. Is
  that correct? Is there some nuance I'm missing?
 

 -
 To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org
 For additional commands, e-mail: j-users-h...@xerces.apache.org


-
To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org
For additional commands, e-mail: j-users-h...@xerces.apache.org

Re: Node typw being imported is not supported

2012-12-31 Thread Michael Glavassevich 
Hi,

If you provided more information about what you're doing someone might be 
able to help you.

Thanks.

Michael Glavassevich
XML Technologies and WAS Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com
E-mail: mrgla...@apache.org

karthikeyan...@polarisft.com wrote on 26/12/2012 07:23:53 AM:

 Hi xerces team,
 
 We are getting the below exception after upgrading from old xerces 1.2 
jar
 to the latest xercesImpl.jar (2.9 version).Can u please help on why this
 exception occurs.
 
 JRE : 1.6
 
 Stack Trace:
 org.w3c.dom.DOMException: Node type being imported is not supported
  at org.apache.xerces.dom.CoreDocumentImpl.importNode
 (CoreDocumentImpl.java:1051)
  at org.apache.xerces.dom.CoreDocumentImpl.cloneNode
 (CoreDocumentImpl.java:348)
  at org.apache.xerces.dom.DocumentImpl.cloneNode(DocumentImpl.java:202)
 
 
 Thanks,
 karthik

 -
 To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org
 For additional commands, e-mail: j-users-h...@xerces.apache.org


-
To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org
For additional commands, e-mail: j-users-h...@xerces.apache.org

Re: taskdef class org.apache.xerces.util.XJavac cannot be found

2012-12-06 Thread Michael Glavassevich 
Have you followed the instructions here [1]?

[1] http://xerces.apache.org/xerces2-j/faq-build.html#faq-2

Michael Glavassevich
XML Technologies and WAS Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com
E-mail: mrgla...@apache.org

Albretch Mueller lbrt...@gmail.com wrote on 06/12/2012 10:03:10 AM:

 From: Albretch Mueller lbrt...@gmail.com
 To: j-users@xerces.apache.org, 
 Date: 06/12/2012 10:09 AM
 Subject: taskdef class org.apache.xerces.util.XJavac cannot be found
 
  While tryinng to compile xerces sources, I am getting that
 util.XJavac cannot be found error. Why is it happening? How can I
 troubleshoot it?
 ~
  thanks
  lbrtchx
 ~
 ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
 ~
 $ ant -verbose
 Apache Ant(TM) version 1.8.4 compiled on October 13 2012
 Trying the default build file: build.xml
 Buildfile: /media/sdb1/prjx/kd/java/SAX2/xerces-2_11_0/build.xml
 Detected Java version: 1.7 in: /media/sdb1/inst/sw/jdk/x86/1.7.0_07/jre
 Detected OS: Linux
 parsing buildfile
 /media/sdb1/prjx/kd/java/SAX2/xerces-2_11_0/build.xml with URI =
 file:/media/sdb1/prjx/kd/java/SAX2/xerces-2_11_0/build.xml
 Project base dir set to: /media/sdb1/prjx/kd/java/SAX2/xerces-2_11_0
 parsing buildfile
 jar:file:/media/sdb1/inst/sw/apache-ant-1.8.4/lib/ant.jar!/org/
 apache/tools/ant/antlib.xml
 with URI = jar:file:/media/sdb1/inst/sw/apache-ant-1.8.4/lib/
 ant.jar!/org/apache/tools/ant/antlib.xml
 from a zip file
 dropping 
/media/sdb1/prjx/kd/java/SAX2/xerces-2_11_0/tools/bin/xjavac.jar
 from path as it doesn't exist
 
 BUILD FAILED
 /media/sdb1/prjx/kd/java/SAX2/xerces-2_11_0/build.xml:42: taskdef
 class org.apache.xerces.util.XJavac cannot be found
  using the classloader AntClassLoader[]
  at 
org.apache.tools.ant.taskdefs.Definer.addDefinition(Definer.java:622)
  at org.apache.tools.ant.taskdefs.Definer.execute(Definer.java:239)
  at org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:291)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke
 (NativeMethodAccessorImpl.java:57)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke
 (DelegatingMethodAccessorImpl.java:43)
  at java.lang.reflect.Method.invoke(Method.java:601)
  at org.apache.tools.ant.dispatch.DispatchUtils.execute
 (DispatchUtils.java:106)
  at org.apache.tools.ant.Task.perform(Task.java:348)
  at org.apache.tools.ant.Target.execute(Target.java:392)
  at 
org.apache.tools.ant.helper.ProjectHelper2.parse(ProjectHelper2.java:180)
  at 
org.apache.tools.ant.ProjectHelper.configureProject(ProjectHelper.java:82)
  at org.apache.tools.ant.Main.runBuild(Main.java:795)
  at org.apache.tools.ant.Main.startAnt(Main.java:217)
  at org.apache.tools.ant.launch.Launcher.run(Launcher.java:280)
  at org.apache.tools.ant.launch.Launcher.main(Launcher.java:109)
 Caused by: java.lang.ClassNotFoundException: 
org.apache.xerces.util.XJavac
  at org.apache.tools.ant.AntClassLoader.findClassInComponents
 (AntClassLoader.java:1365)
  at 
org.apache.tools.ant.AntClassLoader.findClass(AntClassLoader.java:1315)
  at 
org.apache.tools.ant.AntClassLoader.loadClass(AntClassLoader.java:1068)
  at java.lang.ClassLoader.loadClass(ClassLoader.java:356)
  at java.lang.Class.forName0(Native Method)
  at java.lang.Class.forName(Class.java:264)
  at 
org.apache.tools.ant.taskdefs.Definer.addDefinition(Definer.java:594)
  ... 15 more
 
 Total time: 0 seconds
 
 $ ant -p
 Buildfile: /media/sdb1/prjx/kd/java/SAX2/xerces-2_11_0/build.xml
 /media/sdb1/prjx/kd/java/SAX2/xerces-2_11_0/build.xml:42: taskdef
 class org.apache.xerces.util.XJavac cannot be found
  using the classloader AntClassLoader[]
 
 
 $ ls -l bin/xjavac.jar
 ls: cannot access bin/xjavac.jar: No such file or directory
 
 $ cat /media/sdb1/prjx/kd/java/SAX2/xerces-2_11_0/build.xml | grep 
xjavac
   taskdef name=xjavac classname=org.apache.xerces.util.XJavac
   pathelement location=${tools.dir}/bin/xjavac.jar/
 property name='jar.xjavac' value='xjavac.jar'/
 echo message= xjavac-jar -- generates the xjavac.jar file/
 xjavac srcdir=${build.src}
 xjavac srcdir=${build.samples}
 xjavac srcdir=${build.tests}
 xjavac srcdir=${build.src}
 xjavac srcdir=${build.src}
 xjavac srcdir=${build.src}
   !-- Builds the xjavac jar file  --
   target name=xjavac-jar depends=prepare
 jar jarfile=${build.dir}/${jar.xjavac}
 
 $ cat /media/sdb1/prjx/kd/java/SAX2/xerces-2_11_0/build.xml | grep 
XJavac
   taskdef name=xjavac classname=org.apache.xerces.util.XJavac
 copy file=${tools.dir}/src/XJavac.java
   tofile=${build.src}/org/apache/xerces/util/XJavac.java/
  includes=org/apache/xerces/util/XJavac.class
 
 $ ls -l build.sh
 -rw-r--r-- 1 knoppix knoppix 2517 Nov 26  2010 build.sh
 
 $ chmod +x build.sh
 
 knoppix@Microknoppix:/media/sdb1/prjx/kd/java/SAX2/xerces-2_11_0$ ls
 -l build.sh
 -rwxr-xr-x 1 knoppix knoppix 2517 Nov 26  2010 build.sh
 
 $ sh build.sh all
 build.sh: line 20: $'\r

Re: Disabling XML External Entites

2012-12-05 Thread Michael Glavassevich 
Hello Daniel,

This is working as designed.

Disabling validation has no impact on entity processing. Please refer to 
this FAQ [1].

DocumentBuilderFactory.setExpandEntityReferences() only tells the 
DocumentBuilder whether it should include EntityReference nodes in the 
tree. Please refer to [2] for more details about this setting.

Xerces has no implementation of XMLInputFactory (StAX) so I'm not sure 
what you tested there.

Thanks.

[1] http://xerces.apache.org/xerces2-j/faq-write.html#faq-2
[2] 
http://xerces.apache.org/xerces2-j/features.html#dom.create-entity-ref-nodes

Michael Glavassevich
XML Technologies and WAS Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com
E-mail: mrgla...@apache.org

Daniel Amodio dan.amo...@aspectsecurity.com wrote on 05/12/2012 
10:35:25 AM:

 Hello,
 
 We recently did some testing to verify the proper way of disabling 
 external entity resolution, as a security recommendation.
 
 Through some unit testing, we came up with a couple findings which I
 wanted to verify were intended functionality:
 
 • Not validating XML did not stop XXE attacks in the 
 JAXP and StAX implementation; It expanded external entities.
 • .setExpandEntityReferences(false) also did not stop 
 XXE attacks in the JAXP implementation;  It also expanded external 
 entity references.
 
 Should this be the case, or should those settings disable the 
 resolution? I’ve included some more details of our test results below.
 We’re willing to contribute the test cases if that’s at all useful.
 
 Thanks,
 Dan
 
 Tested Xerces 2.10.0 and 1.4.4
 
 
 DocumentBuilderFactory (JAXP)
 
 Implementation
 
 Stop XXE?
 
 .setValidating(false);
 
 Xerces 1 or Xerces 2
 
 NO
 
 .setExpandEntityReferences(false)
 
 Xerces 1 or Xerces 2
 
 NO
 
 .setFeature(http://apache.org/xml/features/disallow-doctype-decl
,true);
 
 Xerces 2 Only
 
 YES!
 
 Both .setFeature(http://xml.org/sax/features/external-general-entities
 , false); and .setFeature(http://xml.org/sax/features/external-
 parameter-entities, false);
 
 Xerces 1 and Xerces 2
 
 YES!
 
 
 
 SAXParserFactory (JAXP)
 
 Implementation
 
 Stop XXE?
 
 .setValidating(false);
 
 Xerces 1 or Xerces 2
 
 NO
 
 .setFeature(http://apache.org/xml/features/disallow-doctype-decl
,true);
 
 Xerces 2 Only
 
 YES!
 
 Both .setFeature(http://xml.org/sax/features/external-general-entities
 , false); and .setFeature(http://xml.org/sax/features/external-
 parameter-entities, false);
 
 Xerces 1 and Xerces 2
 
 YES!
 
 
 
 XMLInputFactory (StAX)
 
 Implementation (Did not test on Xerces 1)
 
 Stop XXE?
 
 .setProperty(javax.xml.stream.isValidating, false);
 
 Xerces 2
 
 NO
 
 .setProperty(javax.xml.stream.isSupportingExternalEntities, false);
 
 Xerces 2
 
 YES!
 
 
 

-
To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org
For additional commands, e-mail: j-users-h...@xerces.apache.org

Re: Xerces clone node issue in production environment (Multi threaded). Help needed ...

2012-11-02 Thread Michael Glavassevich 
Jacob Kjome h...@visi.com wrote on 02/11/2012 02:19:44 PM:

snip/

 I feel for you, but there's little I or anyone else can do for you.  
Michael 
 already stated that there's no one currently working on Xerces that has 
any 
 deep understanding of the ancient Xerces1 codebase.  All efforts have 
been in 
 developing Xerces2 for a very long time.  And the two codebases diverge 
 greatly.

For the record Xerces1 was pretty much dead before I arrived (and I've 
been around a long time). As is the case for most other developers who've 
worked on the project, Xerces2 is the only generation I've ever 
contributed to. For folks who are still using Xerces1 they're pretty much 
on their own at this point. They really need to upgrade.
 
 Again, your best bet in the immediate term is to update to the latest 
version 
 of Xerces1.  Your best bet in the long term is to update to 
Xerces2,which you 
 will actually find support for on this list.
 
 
 Jake
 
 -
 To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org
 For additional commands, e-mail: j-users-h...@xerces.apache.org

Michael Glavassevich
XML Technologies and WAS Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com
E-mail: mrgla...@apache.org


-
To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org
For additional commands, e-mail: j-users-h...@xerces.apache.org

Re: xerces cloning a node .. Need your valuable inputs.Please help me.

2012-10-30 Thread Michael Glavassevich 
Doesn't sound like you've done much research. Have you visited the 
xerces.apache.org website or searched on Google? There's a lot of material 
available on the web.

Thanks.

Michael Glavassevich
XML Technologies and WAS Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com
E-mail: mrgla...@apache.org

karthikeyan...@polarisft.com wrote on 30/10/2012 07:07:45 AM:

 Hi Mukul,
 
 Thanks for your reply
 We are coming up with the test cases,standalone api isolating the 
problem.
 BTW, can anyone please let me know if there is any link available to get
 the xerces parsers source code, any books available in market especially
 about the xerces parsers  or any other source to get a detailed idea of 
how
 these parsers work.
 
 
 Thanks
 karthik
 
 
 
 From:   Mukul Gandhi muk...@apache.org
 To:   j-users@xerces.apache.org
 Date:   10/25/2012 08:20 PM
 Subject:   Re: xerces cloning a node .. Need your valuable inputs.Please
 help me.
 
 
 
 Hi Karthik,
 
 On Thu, Oct 25, 2012 at 6:22 PM,  karthikeyan...@polarisft.com wrote:
  We had the below code in place for cloning a node.
 
  Node outNode = inNode.cloneNode(deep);
 
  And then we found that clone node in xerces may sometimes delete a
  attribute
 
 Can you please post a test case, which will help us investigate the
 issue better? Ideally, the test case should include:
 1) a small input XML document.
 2) a complete java program (ideally isolating only the problem parts),
 using the APIs which you think have problems.
 
 If there are attachments within your test case, a Jira issue would be 
good.
 
  so we added below piece of code but this is still not working.
  Can you please let us know the issue?
 
 I feel, the code fragment you've shared won't help significantly to
 debug this issue. I would suggest, first posting a proper test case
 and then give us some time to work on the issue.
 
 
 
 
 --
 Regards,
 Mukul Gandhi
 
 -
 To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org
 For additional commands, e-mail: j-users-h...@xerces.apache.org


-
To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org
For additional commands, e-mail: j-users-h...@xerces.apache.org

Re: Why DOM Parser is not thread safe? Please explain

2012-10-21 Thread Michael Glavassevich 
Michael Glavassevich mrgla...@ca.ibm.com wrote on 21/10/2012 02:43:49 
PM:
 
  Or do I need to import the whole document rather than clone to 
completely 
  disconnect it from the cached master DOM?  If so, how much more 
  overhead, if 
  any, does importing entail than cloning?
 
 Cloning a Document node is the same as creating a new document and 
 (deep) importing all the immediate child of the other document. 
 Whether you're cloning or importing it's going to create new objects. 

With the exception that the DOM spec forbids importing of DocumentType 
nodes, so it isn't quite interchangeable.

Thanks.

Michael Glavassevich
XML Technologies and WAS Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com
E-mail: mrgla...@apache.org

Re: Lazy DOM with regards to memory usage

2012-10-04 Thread Michael Glavassevich 
Hi,

If you were to use XNI (or SAX for that matter) you're not really writing 
a parser. Your DOM builder would be an event handler which responds to 
callbacks to build the DOM.

The Xerces DOM builder isn't lazy. It reads the whole XML document into 
memory before returning control to the user. It's the materialization of 
nodes in the deferred DOM implementation which is lazy. Instead of 
building the DOM using the standard API methods, Xerces calls methods 
specific to the deferred DOM to build table like structures (stored within 
the Document node) which are more compact than actual DOM node objects. As 
the user walks the DOM tree these tables are read to fill in the node 
objects in the tree. It does improve memory usage when only a fraction of 
the tree is accessed, but it's nowhere near as memory efficient as an 
implementation which lazily loads data from the parser or is able to 
unload nodes like you suggest.

If you want your DOM implementation to pull data from the parser lazily 
you could try using an XMLPullParserConfiguration [1] or a standard API 
like StAX (not supported by Xerces) which can be used to incrementally 
parse the document.

Thanks.

[1] 
http://xerces.apache.org/xerces2-j/javadocs/xni/org/apache/xerces/xni/parser/XMLPullParserConfiguration.html

Michael Glavassevich
XML Technologies and WAS Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com
E-mail: mrgla...@apache.org

Dominik Rauch e0825...@student.tuwien.ac.at wrote on 04/10/2012 03:13:38 
PM:

 Hi Michael!
 
 XNI sounds neat, but do you really think we need to write our own parser 
as
 well? We want to parse XML just as everybody else does, we just want it 
to
 do that lazily - like the lazy Xerces parser. It would just be importatn 
to
 be able to reload some parts later on in case we've dismissed it from 
the
 memory in order to lower RAM usage.
 
 Is that not possible with the currrent Xerces parser? How does the 
current
 lazy implementation work then?
 
 Best regards,
 D.R.
 
 PS: Now posting from OldNabble instead of Outlook, hope this helps.
 
 
 
 Michael Glavassevich-3 wrote:
  
  Hi,
  
  Have you had a read through the XNI manual [1]? This is the framework 
on 
  which all parsers in Xerces are built-on.
  
  You should be able to reuse much of that infrastructure, in particular 
the 
  existing XMLParserConfigurations [2] which are the real guts of a 
parser 
  in Xerces.
  
  Thanks.
  
  [1] http://xerces.apache.org/xerces2-j/xni.html
  [2] http://xerces.apache.org/xerces2-j/faq-xni.html#faq-3
  
  Michael Glavassevich
  XML Technologies and WAS Development
  IBM Toronto Lab
  E-mail: mrgla...@ca.ibm.com
  E-mail: mrgla...@apache.org
  
  Dominik Rauch e0825...@student.tuwien.ac.at wrote on 27/09/2012 
  04:25:09 PM:
  
  Hello Xerces-List!
  
  We’re currently thinking about writing an advanced lazy DOM 
  implementation compliant with the W3C DOM specification.
  We know that there is already a Xerces lazy-loading-solution, 
  however, it is never unloading nodes, which becomes a problem for 
  very big DOM trees which do not fit into memory.
  
  There are some ideas and/or commercial products (like xDB), however,
  no open-source solution yet.
  
  We want to know if it is possible to replace the Xerces DOM parser 
  with our own lazy implementation and reuse all the XPath/etc. 
  features from Xerces or if we need to write everything from scratch.
  
  Hopefully you can give us a positive answer and maybe show us the 
  main extension points where we would have to fit in our 
  implementation (e.g. classes/packages we would have to re-implement 
  / derive / etc.)
  
  
  Best regards,
  D.R.
  Technical University of Vienna
  
  
 
 -- 
 View this message in context: http://old.nabble.com/Lazy-DOM-with-
 regards-to-memory-usage-tp34488915p34513281.html
 Sent from the Xerces - J - Users mailing list archive at Nabble.com.
 
 
 -
 To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org
 For additional commands, e-mail: j-users-h...@xerces.apache.org

Re: error when using

2012-09-25 Thread Michael Glavassevich 
Hi Jim,

You need to add the other Xerces jars to your classpath. xercesSamples.jar 
isn't enough.

You should also include xml-apis.jar using the Endorsed Standards Override 
Mechanism. See the FAQ here [1].

Thanks.

[1] http://xerces.apache.org/xerces2-j/faq-general.html#faq-4

Michael Glavassevich
XML Technologies and WAS Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com
E-mail: mrgla...@apache.org

Jim Barnett jim.barn...@genesyslab.com wrote on 25/09/2012 09:47:14 
AM:

 I’m trying to use the jaxp.SourceValidator example in the beta 
 version of 2.11.  When I pass in the –xsd11 flag, I get a “no schema
 factory” error as shown below.  I assume that I’m doing something 
 very stupid, but I can’t figure out what it is.  Any guidance would 
 be appreciated.
 
 Thanks,
 Jim
 
 C\SCXML_Testsjava -cp D:\xerces\xerces-2_11_0-xml-schema-1.1-beta
 \xercesSamples.jar  jaxp.SourceValidator -a someschema.xsd -i 
 somefile -xsd11
 : Parse error occurred - No SchemaFactory that implements the schema
 language specified by: http://www.w3.org/XML/XMLSchema/v1.1 c
 be loaded
 lang.IllegalArgumentException: No SchemaFactory that implements the 
 schema language specified by: http://www.w3.org/XML/XMLSchema/
 could be loaded
at javax.xml.validation.SchemaFactory.newInstance(Unknown Source)
at jaxp.SourceValidator.main(Unknown Source)

Re: Xerces - Feature not recognized for SchemaFactory but OK for Validator

2012-08-22 Thread Michael Glavassevich 
Hi,

dancerj...@gmail.com wrote on 22/08/2012 10:24:21 AM:

 I have posted this question on StackOverflow here:
 
 http://stackoverflow.com/questions/12072867/xerces-feature-not-
 recognized-for-schemafactory-but-ok-for-validator
 
 I am trying to set features for Xerces XML validation. I am having a
 hard time finding / understanding which features are valid for the 
 `SchemaFactory` and for the `Validator`.
 
 I have the following code:
 
 SchemaFactory factory = SchemaFactory.newInstance
 (XMLConstants.W3C_XML_SCHEMA_US_URI);
 factory.setFeature(http://xml.org/sax/features/validation;, true);
 
 Schema schema = factory.newSchema(mySchemaList);
 Validator validator = schema.newValidator;
 validator.setFeature(http://xml.org/sax/features/validation;, 
true);
 
 If I do the above I get: 
 `SAXNotRecognizedException: Feature 
'http://xml.org/sax/features/validation`
 
 However if I comment out the `setFeature` for the `SchemaFactory`, 
 setting the feature works for the `Validator`.
 
 So questions:
 
 1. Why can I set the feature on the `Validator` but not on the 
 `SchemaFactory`?

The feature you're trying to set isn't relevant to the SchemaFactory, so 
it's not supported at that level of the API. The value of 
http://xml.org/sax/features/validation; is fixed to true on the validator. 
You cannot disable it. A Validator does validation. There's no reason to 
set that feature.

 2. Where can I find documentation of which features are valid for 
 `Validator` and `SchemaFactory`?

Sorry, no one has got around to documenting all of that. Generally the 
ones that apply are those which relate directly to the behaviour of schema 
validation.

 FYI: the `SchemaFactory` I am getting is 
 `com.sun.org.apache.xerces.internal.jaxp.validation.XMLSchemaFactory`

com.sun.org.apache.xerces.internal.* isn't Apache Xerces. We have no 
influence over what Oracle / Sun support in their fork of the codebase.

 # EDIT
 
 Some of the other features I have tried to set with no success are:
 
 `http://xml.org/sax/features/namespaces`
 
 `http://xml.org/sax/features/namespace-prefixes`

Michael Glavassevich
XML Technologies and WAS Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com
E-mail: mrgla...@apache.org

Re: Validate XML with loading schemas at runtime, failure depending on schema order

2012-08-22 Thread Michael Glavassevich 
Hi,

It's likely this problem [1] with the SchemaFactory. We're working on it.

Thanks.

[1] https://issues.apache.org/jira/browse/XERCESJ-1130

Michael Glavassevich
XML Technologies and WAS Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com
E-mail: mrgla...@apache.org

dancerj...@gmail.com wrote on 22/08/2012 10:25:19 AM:

 From: John Butler john.joseph.but...@gmail.com
 To: j-users@xerces.apache.org, 
 Date: 22/08/2012 10:41 AM
 Subject: Validate XML with loading schemas at runtime, failure 
 depending on schema order
 Sent by: dancerj...@gmail.com
 
 I have posted this question on Stack Overflow here:
 
 http://stackoverflow.com/questions/11852311/validate-xml-with-
 loading-schemas-at-runtime-failure-depending-on-schema-order
 
 I am trying to do xml validation. I am being given a list of schemas
 at run-time (possibly wrapped in a jar). Validation passes or failes
 based on the order in which I provide the schemas to the SchemaFactory.
 
 Here is what I am doing:
 
  
   private void validateXml(String xml, ListURI schemas){
 Source[] source = new StreamSource[schemas.size()];
 int i=0;
 for (URI f : schemas){
source[i++] = new StreamSource(f.openStream());
 }
 
 SchemaFactory sf = SchemaFactory.newInstance
 (XMLConstants.W3C_XML_SCHEMA_NA_URI);
 sf.setResourceResolver(new MyClassPathResourceResolver());
 
 Schema schema = schemaFactory.newSchema(source);
 Validator validator = schema.newValidator();
 validator.validate(new StreamSource(new 
 ByteArrayInputStream(xml.getBytes()));
 
 
 again, this fails if the passed set of schema do not start with the 
 schema to which the root element of the xml referrs. Is there a fix 
 to this or am I doing something wrong?

Re: Xerces 2.91 and 2.10 binary, where can I find?

2012-08-10 Thread Michael Glavassevich 
Hi Carlos,

Xerces-J 2.9.1 and later are archived here [1].

For future reference, look on the Xerces website [2] for download 
information.

Thanks.

[1] http://archive.apache.org/dist/xerces/j/
[2] http://xerces.apache.org/mirrors.cgi

Michael Glavassevich
XML Technologies and WAS Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com
E-mail: mrgla...@apache.org

Carlos Andrade carlosvia...@gmail.com wrote on 05/08/2012 10:44:21 PM:

 Dears,
 
 I tried looking both on http://www.reverse.net/pub/apache//xerces/j/ 
and 
 http://archive.apache.org/dist/xml/xerces-j/ and http://
 mirrors.gigenet.com/apache//xerces/j/ but none seem to have neither 
 Xerces 2.91 or 2.10 binaries. I was able to find 2.11 and the 
 releases before. Is there anywhere else I am missing? 
 
 Thank you for your attention :-) 
 
 Carlos Andrade
 http://carlosandrade.co

Re: Weird XSD 1.1 assertion error

2012-06-26 Thread Michael Glavassevich 
I agree. I would expect a SAXException thrown from an ErrorHandler (in any 
context) to propagate up the stack. If this is getting swallowed somewhere 
in Xerces then it's a bug.

Michael Glavassevich
XML Technologies and WAS Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com
E-mail: mrgla...@apache.org

Jorge Williams jorge.willi...@rackspace.com wrote on 25/06/2012 01:14:07 
AM:
 
 Hey Mukul,
 
 Yup, you pointed me in the right direction -- thanks...but I still 
 think there's a bug.
 
 If you look at the docs to ErrorHandler:
 
 http://docs.oracle.com/javase/6/docs/api/org/xml/sax/ErrorHandler.html
 
 It says that:   it is up to the application to decide whether to 
 throw an exception for different types of errors and warnings.
 
 In other words, the error handler gives an app the ability to decide
 whether or not to throw an exception when an error occurs. The issue
 that I was having was that I registered an error handler that threw 
 an exception. I couldn't replicate it from the SourceValidator 
 sample because it reports errors directly from the error handler and
 doesn't throw an exception there at all.
 
 The problem that I have is that in this case:
 
 a xmlns=http://www.rackspace.com/xerces/test; even=23/
 
 The SAXParseException propagated all the way up to my app as expected.
 
 In this case, however:
 
 e xmlns=http://www.rackspace.com/xerces/test;
 even23/even
  /e
 
 The exception never propagated up -- it got lost!  I totally see 
 that as a bug.
 
 I've reworked the code to not throw an exception in the ErrorHandler
 -- but I don't feel this is very efficient. I want to fail fast on 
 the first parse error I see and not have to wait for the entire 
 message to finish parsing.
 
 Thanks,
 
 -jOrGe W.
 
 On Jun 24, 2012, at 2:55 AM, Mukul Gandhi wrote:
 
  Hi Jorge,
I think, this error is not specific to XSD assertions. Setting a
  error handler on the JAXP validator object would solve this problem.
  
  Following are the proposed changes to solve this issue,
  
  Validator v = s.newValidator();
  v.setErrorHandler(new ErrHandler());
  v.validate(new StreamSource(instance));
  
  and define a suitable error handler as following,
  
  class ErrHandler implements ErrorHandler {
 ...
  }
  
  On Fri, Jun 22, 2012 at 12:48 AM, Jorge Williams
  jorge.willi...@rackspace.com wrote:
  Hey Guys,
  
  Can you give me a hand. I'm getting a weird error that I cannot 
 replicate with jaxp.SourceValidator  so I know I must be doing 
 something wrong, but I can't tell what.
  
  My code looks like this:
  
  package com.rackspace.xerces;
  
  import javax.xml.validation.*;
  import javax.xml.transform.stream.*;
  
  public class Test {
public static void main(String[] args) {
   if (args.length != 2) {
  System.err.println (Usage: need XSD and instance doc);
  return;
   }
  
   try {
  System.setProperty (javax.xml.validation.SchemaFactory:
 http://www.w3.org/XML/XMLSchema/v1.1;, 
 org.apache.xerces.jaxp.validation.XMLSchema11Factory);
  
  String xsd = args[0];
  String instance = args[1];
  
  SchemaFactory factory = SchemaFactory.newInstance(
 http://www.w3.org/XML/XMLSchema/v1.1;);
  factory.setFeature (http://apache.org/xml/features/
 validation/cta-full-xpath-checking, true);
  
  Schema s = factory.newSchema(new StreamSource(xsd));
  s.newValidator().validate(new StreamSource(instance));
  
   } catch (Exception e) {
  e.printStackTrace();
   }
}
  }
  
  
  You pass a schema in param 1 and an instance document in param 2,
 the code validates and returns errors.  Here's the schema I'm using to 
test:
  
  
  schema
 elementFormDefault=qualified
 attributeFormDefault=unqualified
 xmlns=http://www.w3.org/2001/XMLSchema;
 xmlns:xsd=http://www.w3.org/2001/XMLSchema;
 xmlns:tst=http://www.rackspace.com/xerces/test;
 targetNamespace=http://www.rackspace.com/xerces/test;
  
 element name=e type=tst:SampleElement/
 element name=a type=tst:SampleAttribute/
  
 complexType name=SampleElement
 sequence
 element name=even type=tst:EvenInt100 minOccurs=0/
 /sequence
 /complexType
  
 complexType name=SampleAttribute
 attribute name=even type=tst:EvenInt100 use=optional/
 /complexType
  
 !-- XSD 1.1 assert --
 simpleType name=EvenInt100
 restriction base=xsd:integer
minInclusive value=0 /
maxInclusive value=100 /
assertion test=$value mod 2 = 0 /
 /restriction
 /simpleType
  /schema
  
  
  When I pass the following instance document, the assertion in 
 EvenInt100 trips and things fail as expected:
  
   a xmlns=http://www.rackspace.com/xerces/test; even=23/
  
  When I pass *this* instance document however, I'd expect the same
 assertion to fail, but it doesn't.
  
   e xmlns=http://www.rackspace.com/xerces/test;
  even23/even
   /e

Re: Xerces StAX: XInclude support?

2012-05-22 Thread Michael Glavassevich 
Hi Klaus,

Xerces doesn't have an implementation of XMLInputFactory / XMLStreamReader 
yet.

You might have noticed that XMLInputFactory has a 
createXMLStreamReader(javax.xml.transform.Source) method. Some StAX 
implementations may support SAXSource and DOMSource here which would allow 
you to get an XMLStreamReader over APIs which support XInclude.

Thanks.

Michael Glavassevich
XML Technologies and WAS Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com
E-mail: mrgla...@apache.org

Klaus Malorny klaus.malo...@knipp.de wrote on 21/05/2012 09:40:39 AM:

 Hi all,
 
 while I know that Xerces supports XInclude, I have seen no way to enable 
this 
 for the StAX pull parser interface. Did I miss something? Are there any 
 Xerces-specific property names for the XMLInputFactory.setProperty 
 method which 
 would allow me that?
 
 Thanks  regards,
 
 Klaus
 
 -
 To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org
 For additional commands, e-mail: j-users-h...@xerces.apache.org

Re: AW: Error Parsing xml document

2012-05-15 Thread Michael Glavassevich 
The type of the targetNamespace attribute is xs:anyURI. The xs:anyURI type 
[1] allows many characters (which are not allowed in vanilla URIs) without 
requiring escaping. However, there are still many classes of strings which 
are not valid xs:anyURI values.

Thanks.

[1] http://www.w3.org/TR/xmlschema-2/#anyURI

Michael Glavassevich
XML Technologies and WAS Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com
E-mail: mrgla...@apache.org

kesh...@us.ibm.com wrote on 15/05/2012 02:36:19 PM:

 From: kesh...@us.ibm.com
 To: j-users@xerces.apache.org, 
 Date: 15/05/2012 02:37 PM
 Subject: Re: AW: Error Parsing xml document
 
  in your XML-Documet change //$xrd*($v*2.0) to a valid URI
 
 Websearching for URI RFC will find the formal specification for 
 URIs, including the grammar that defines what is and isn't legal; 
 namespace names must meet the syntactic constraints of URI 
 References. You may have to escape some characters (and your tool 
 may have to be able to handle escaped characters) if you really need
 to pass that sort of information through your namespace names.
 
 Also note, while I'm writing, that per the XML Namespaces Recommendation 

 The empty string, though it is a legal URI reference, cannot be used
 as a namespace name.  The use of relative URI references, including 
 same-document references, in namespace declarations is deprecated.

Re: Problem with parsing HTML

2012-05-13 Thread Michael Glavassevich 
Perhaps you already know... NekoHTML is maintained by another community 
out in SourceForge [1].

Thanks.

[1] http://sourceforge.net/tracker/?group_id=195122atid=952178

Michael Glavassevich
XML Technologies and WAS Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com
E-mail: mrgla...@apache.org

Yizhou Z. westward.zh...@gmail.com wrote on 13/05/2012 11:13:00 PM:

 Just tried out parsing some other HTML files, and found Xerces 
 worked well for the input tags in these HTML files. The previous 
 problem seems to have something to do with NekoHTML's parser.

 On Sun, May 13, 2012 at 1:22 PM, Yizhou Z. westward.zh...@gmail.com 
wrote:
 NekoHTML parser uses Xerces' HTML DOM implementation. And it seems 
 that it can always return the appropriate HTML DOM element objects 
 for other types of element nodes.  But for input /, I found it 
 returns an object of type org.apache.xerces.dom.ElementNSImpl. I 
 wonder if this is a bug in the version of Xerces that I use.
 
 Thanks.
 

 On Sun, May 13, 2012 at 5:34 AM, Michael Glavassevich 
mrgla...@ca.ibm.com
  wrote:
 Have you tried setting the 'document-class-name' property [1] so 
 that it points to Xerces' HTML DOM implementation? 
 
 Thanks. 
 
 [1] 
http://xerces.apache.org/xerces2-j/properties.html#dom.document-class-name
 
 Michael Glavassevich
 XML Technologies and WAS Development
 IBM Toronto Lab
 E-mail: mrgla...@ca.ibm.com 
 E-mail: mrgla...@apache.org 
 
 Yizhou Z. westward.zh...@gmail.com wrote on 12/05/2012 11:40:23 AM:
 
 
  Hi. I am using NekoHTML to parse a piece of HTML code which includes
  an input element:
 
  input type=password name=pw maxlength=20 class=password 
  id=Password1 / 
  
  My program for parsing HTML is below. 
  
  DOMParser parser = new DOMParser(); 
  parser.setProperty(
http://cyberneko.org/html/properties/default-encoding
  , UTF-8); 
  parser.setProperty(http://cyberneko.org/html/properties/filters;, 
new XMLDocumentFilter[] { new DefaultFilter() { 
  public void startElement(QName element, XMLAttributes attrs, 
  Augmentations augs) 
  throws XNIException { 
element.uri = null; 
super.startElement(element, attrs, augs); 
  } 
  } }); 
  BufferedReader in = new BufferedReader(new FileReader(./test.html)); 

  parser.parse(new InputSource(in)); 
  HTMLDocument d = (HTMLDocument) parser.getDocument(); 
  System.out.println(d.getElementById(Password1).getClass()); 
  
  The print out of the above program is class 
  org.apache.xerces.dom.ElementNSImpl rather than class 
  org.apache.html.dom.HTMLInputElementImpl, which puzzles me. Is 
  there anything I went wrong with? 
  
  Thanks!

Re: Problem with parsing HTML

2012-05-12 Thread Michael Glavassevich 
Have you tried setting the 'document-class-name' property [1] so that it 
points to Xerces' HTML DOM implementation?

Thanks.

[1] 
http://xerces.apache.org/xerces2-j/properties.html#dom.document-class-name

Michael Glavassevich
XML Technologies and WAS Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com
E-mail: mrgla...@apache.org

Yizhou Z. westward.zh...@gmail.com wrote on 12/05/2012 11:40:23 AM:

 Hi. I am using NekoHTML to parse a piece of HTML code which includes
 an input element:
 input type=password name=pw maxlength=20 class=password 
 id=Password1 / 
 
 My program for parsing HTML is below.
 
 DOMParser parser = new DOMParser();
 parser.setProperty(
http://cyberneko.org/html/properties/default-encoding
 , UTF-8);
 parser.setProperty(http://cyberneko.org/html/properties/filters;,
   new XMLDocumentFilter[] { new DefaultFilter() {
 public void startElement(QName element, XMLAttributes attrs, 
 Augmentations augs)
 throws XNIException {
   element.uri = null;
   super.startElement(element, attrs, augs);
 }
 } });
 BufferedReader in = new BufferedReader(new FileReader(./test.html));
 parser.parse(new InputSource(in));
 HTMLDocument d = (HTMLDocument) parser.getDocument();
 System.out.println(d.getElementById(Password1).getClass());
 
 The print out of the above program is class 
 org.apache.xerces.dom.ElementNSImpl rather than class 
 org.apache.html.dom.HTMLInputElementImpl, which puzzles me. Is 
 there anything I went wrong with?
 
 Thanks!

Re: When will 1.1 support leave beta

2012-04-23 Thread Michael Glavassevich 
Andrew Welch andrew.j.we...@gmail.com wrote on 23/04/2012 03:30:45 PM:

 From: Andrew Welch andrew.j.we...@gmail.com
 To: j-users@xerces.apache.org, 
 Date: 23/04/2012 03:32 PM
 Subject: Re: When will 1.1 support leave beta
 
 On 23 April 2012 19:34, David Glaser dgla...@acmepacket.com wrote:
  When will the XSD 1.1 functionality in Xerces-J 2.11.0 leave beta?
 
 
 
  It seems to be in the beta state since November of 2010.
 
 The XSD 1.1 spec has only just become a rec (5th April 2012).

Right. That was one factor keeping it in beta.

I expect there's some clean-up we will want to do as well.

 -- 
 Andrew Welch
 http://andrewjwelch.com
 
 -
 To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org
 For additional commands, e-mail: j-users-h...@xerces.apache.org

Thanks.

Michael Glavassevich
XML Technologies and WAS Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com
E-mail: mrgla...@apache.org

Re: How do I load an XSD 1.1 Schema using the XSloader?

2012-04-23 Thread Michael Glavassevich 
Andrew Welch andrew.j.we...@gmail.com wrote on 23/04/2012 03:33:23 PM:

 From: Andrew Welch andrew.j.we...@gmail.com
 To: j-users@xerces.apache.org, 
 Date: 23/04/2012 03:33 PM
 Subject: Re: How do I load an XSD 1.1 Schema using the XSloader?
 
 On 23 April 2012 19:31, David Glaser dgla...@acmepacket.com wrote:
  I tried to load an XSD conforming to Version 1.1 using the 
QueryXS.java
  sample and it refuses to load an XSD containing a single “assert” 
element.
 
 
 
  I used the getRecognizedVersions()  method of the 
XSImplementationobject to
  determine what versions are supported and it reports “1.0”.
 
 
 
  T then tried to create a new string list that has “1.0” and “1.1” and 
then
  passed the string list to the createXSLoader method.  It threw an 
exception
  saying
 
 
 
  “FEATURE_NOT_SUPPORTED: The parameter 1.1 is recognized but the 
requested
  value cannot be set”.
 
 
 
  So, how do I get an XSLoader that will load a 1.1 xsd?
 
 Are you sure you've got the 2.11 version that supports xsd 1.1 ?
 There are 2 versions of 2.11.0, one that supports xsd 1.0, and one
 that supports xsd 1.1.

Support for the XML Schema 1.1 component model [1] isn't complete. The 
intent was to only support the JAXP Validation API [2] initially, so would 
be surprised if you can find a way to get the XSLoader to accept an XML 
Schema document with XML Schema 1.1 language features. Certainly something 
I'd like to see working in the future but it's not ready for prime time 
yet.

 -- 
 Andrew Welch
 http://andrewjwelch.com
 
 -
 To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org
 For additional commands, e-mail: j-users-h...@xerces.apache.org

Thanks.

[1] https://issues.apache.org/jira/browse/XERCESJ-1362
[2] 
http://wiki.apache.org/xerces/Xerces-J%3A_XML_Schema_1.1_Design_Thoughts

Michael Glavassevich
XML Technologies and WAS Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com
E-mail: mrgla...@apache.org

Re: XSD 1.1 using xerces 2.11

2012-04-04 Thread Michael Glavassevich 
Hi Andrew,

We don't distribute anything called 'xercesImpl-2.11.0.jar'. If you have a 
jar on your classpath with that name you either renamed it or got it from 
somewhere else.

The jar in an official Apache Xerces release is always called 
'xercesImpl.jar'. You can determine the version by running 
org.apache.xerces.impl.Version [1] or looking at the manifest. If you have 
the one with XML Schema 1.1 support, the version string you should see is 
'2.11.0-xml-schema-1.1-beta'.

If it helps you identify it feel free to rename the jar.

Thanks.

[1] http://xerces.apache.org/xerces2-j/faq-general.html#faq-1

Michael Glavassevich
XML Technologies and WAS Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com
E-mail: mrgla...@apache.org

Andrew Welch andrew.j.we...@gmail.com wrote on 04/04/2012 06:04:16 AM:

 Hi,
 
 I've just been done again by this I saw xercesImpl-2.11.0.jar on
 the classpath and assumed xsd 1.1 support, after a bit of messing
 around I realised it was the xerces 2.11.0 with 1.0 support only.  (I
 made the assumption because I know I include 2.11.0 with Kernow for
 the 1.1 support)
 
 For people like me :) it might be worth differentiating them a little
 more, maybe the version with 1.1 could be Xerces 3.0, leaving the 2.x
 version for 1.0?
 
 thanks
 andrew
 
 On 15 December 2010 16:51, Andrew Welch andrew.j.we...@gmail.com 
wrote:
  Sanity check... Did you download [1] the stable version of Xerces-J 
2.11.0
  or the XML Schema 1.1 beta version of 2.11.0?
 
  You need the XML Schema 1.1 beta binary package.
 
  Thanks.
 
  [1] http://xerces.apache.org/mirrors.cgi#binary
 
  Ahh sorry, I didn't see the (XML Schema 1.1) link...  not sure how I
  missed it as its directly beneath the link I clicked.  Wood for the
  trees time.
 
  Now sorted, thanks.
 
  --
  Andrew Welch
  http://andrewjwelch.com
 
 
 
 -- 
 Andrew Welch
 http://andrewjwelch.com
 
 -
 To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org
 For additional commands, e-mail: j-users-h...@xerces.apache.org

Re: XMLCatalogResolver and catalog.xml within jar file

2012-03-30 Thread Michael Glavassevich 
Hi Yoann,

The XMLCatalogResolver just passes the catalog file names down to the XML 
Commons Resolver's Catalog.parseCatalog() method [1]. So 
XMLCatalogResolver accepts whatever Catalog.parseCatalog() accepts. I know 
that doesn't really answer your question, though hope you might get closer 
if you looked at little deeper there.

Thanks.

[1] 
http://xml.apache.org/commons/components/apidocs/resolver/org/apache/xml/resolver/Catalog.html#parseCatalog%28java.lang.String%29

Michael Glavassevich
XML Technologies and WAS Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com
E-mail: mrgla...@apache.org

Yoann Moranville yoann.moranvi...@gmail.com wrote on 29/03/2012 09:32:19 
AM:

 From: Yoann Moranville yoann.moranvi...@gmail.com
 To: j-users@xerces.apache.org, 
 Date: 29/03/2012 09:38 AM
 Subject: XMLCatalogResolver and catalog.xml within jar file
 
 Hi all,
 
 I have a problem using XML catalogs.
 Basically, the project is like this:
 - main jar file
 -- including a logic jar file
 --- including a few schemas + a catalog.xml file
 
 In the main program, I call an method that should validate an XML file, 
 but since it could happen offline, I wanted to use XML catalogs in order 

 to have the schema locally. For some reasons, the schemas need to stay 
 where they are (in the second jar file).
 I use the XSD directly into a Schema object 
 (schemaFactory.newSchema()), but this schema imports another XSD 
 (schema.xsd) which points somewhere online.
 
 It does not quite work, I can not actually read the catalog.xml file 
 from the XMLCatalogResolver.
 
 Catalog.xml:
 !DOCTYPE catalog PUBLIC -//OASIS//DTD Entity Resolution XML Catalog 
 V1.0//EN 
 http://www.oasis-open.org/committees/entity/release/1.0/catalog.dtd;
 catalog xmlns=urn:oasis:names:tc:entity:xmlns:xml:catalog 
 prefer=public
 uri name=http://www.example.org/schema; uri=schema.xsd/
 /catalog
 
 The XMLCatalogResolver accepts an array of String for the setCatalogList 

 method. What kind of String should I pass to that method?
 
 Thanks for the help,
 Yoann
 
 -
 To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org
 For additional commands, e-mail: j-users-h...@xerces.apache.org

Re: factory.newSchema(schemaLocation) freezes

2012-03-28 Thread Michael Glavassevich 
Andrew Welch andrew.j.we...@gmail.com wrote on 28/03/2012 02:23:45 AM:

 From: Andrew Welch andrew.j.we...@gmail.com
 To: j-users@xerces.apache.org, 
 Date: 28/03/2012 02:24 AM
 Subject: Re: factory.newSchema(schemaLocation) freezes
 
  There's only one XML document being validated and I made sure to add 
a ?xml
  version=1.0 encoding=UTF-8? at the beginning of the file, making 
sure
  there's no whitespace before it. Still running into the same error.
 
 I'm guessing now but if it looks ok, perhaps there's a non-visible
 character at the start... if you look at the bytes in a hex editor
 what is the first byte?

If the document doesn't start with a '', whitespace or a byte order mark 
I'd expect to see a different error message like:

An invalid XML character (Unicode: 0x{0}) was found in the prolog of the 
document.
 
  As for the XSD, there's one main XSD, but it imports and includes 
other
  XSD's.
 
  Besides inspecting all those XSD files (there are lots of them) for
  whitespaces, is there a way to get Xerces to indicate which XSD 
itfinds the
  problem in ?
 
 One option (if Michael's suggestion of writing some code isn't doable)
  is to use the validation tab in Kernow, and click the 'check schema'
 button.  That will return any errors when compiling the xsd (although
 I can't remember if I include the extra information... I will add it
 if not).  Either way, it will help narrow down the issue.
 
 http::/kernowforsaxon.sf.net/
 
 
 -- 
 Andrew Welch
 http://andrewjwelch.com
 
 -
 To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org
 For additional commands, e-mail: j-users-h...@xerces.apache.org

Thanks.

Michael Glavassevich
XML Technologies and WAS Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com
E-mail: mrgla...@apache.org

Re: XMLStreamWriter

2012-03-23 Thread Michael Glavassevich 

Hi Christopher,

Christopher L. Ramsey christopherlram...@hotmail.com wrote on
03/23/2012 12:03:51 PM:

 Sorry for the delayed reply,

 So when you mean native you mean C/C++  decoders?

I probably should have used the word custom. I meant developing
custom/optimized encoders for UTF-8, US-ASCII, etc...

Xerces has optimized decoders for several encodings, for example:
http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/xerces/impl/io/UTF8Reader.java?view=log

That's for the parser. Optimized encoders would be for the serializer.

 If I am selected, are you sure this will take the whole summer?

It depends on your design and the scope of your proposal. I suggested on
the JIRA issue that the project could include more of the serialization API
(e.g. XMLEventWriter). If you chose to include custom encoders in the
design that would also give you more room for development.

 What happens if I get this wrapped up in a month? I am committed
 to the whole summer.

I think some students finish early and recall when I've filled out mid-term
evaluations in the past that there was a check-box for whether the
student's already finished. So it happens, and I think Google knows some
students would finish early. That said, if you feel you would be likely to
finish with time to spare it would be good if you add some optional stretch
goals in your proposal, things that you would do next if you finished the
main objectives of the project.

 Christopher L. Ramsey

 From: Michael Glavassevich
 Sent: Wednesday, March 21, 2012 13:10
 To: j-users@xerces.apache.org
 Subject: Re: XMLStreamWriter

 Hi Christopher,

 An XMLStreamWriter should be able to write to any
 java.io.OutputStream or java.io.Writer. It needs to take care of the
 encoding when the target is an OutputStream. This can be as simple
 as wrapping it in an java.io.OutputStreamWriter and as complex as
 having native support in the serializer for char to byte conversions
 (for each encoding), the latter usually being done in XML
 serializers for performance reasons.

 Thanks.

 Michael Glavassevich
 XML Technologies and WAS Development
 IBM Toronto Lab
 E-mail: mrgla...@ca.ibm.com
 E-mail: mrgla...@apache.org

 Christopher L. Ramsey christopherlram...@hotmail.com wrote on
 03/21/2012 12:47:31 PM:

  I have some questions about the XMLStreamWriter? Would this
  serialize to an FileWriter and a FileInputStream or would this be
  able to filter to any stream or writer. I think it should be able to
  support any of them, and maybe use a string decoder if somebody
  wants a different encoding? What do you think?
 
  --Christopher L. Ramsey

Thanks.

Michael Glavassevich
XML Technologies and WAS Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com
E-mail: mrgla...@apache.org

Re: XMLStreamWriter

2012-03-21 Thread Michael Glavassevich 

Hi Christopher,

An XMLStreamWriter should be able to write to any java.io.OutputStream or
java.io.Writer. It needs to take care of the encoding when the target is an
OutputStream. This can be as simple as wrapping it in an
java.io.OutputStreamWriter and as complex as having native support in the
serializer for char to byte conversions (for each encoding), the latter
usually being done in XML serializers for performance reasons.

Thanks.

Michael Glavassevich
XML Technologies and WAS Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com
E-mail: mrgla...@apache.org

Christopher L. Ramsey christopherlram...@hotmail.com wrote on
03/21/2012 12:47:31 PM:

 I have some questions about the XMLStreamWriter? Would this
 serialize to an FileWriter and a FileInputStream or would this be
 able to filter to any stream or writer. I think it should be able to
 support any of them, and maybe use a string decoder if somebody
 wants a different encoding? What do you think?

 --Christopher L. Ramsey

Re: factory.newSchema(schemaLocation) freezes

2012-03-20 Thread Michael Glavassevich 

If you're using Xerces' XMLCatalogResolver utility, URI entries [1] are
expected to map the schema's target namespace not its schema location hint.

[1] http://xerces.apache.org/xerces2-j/faq-xcatalogs.html#faq-2

Michael Glavassevich
XML Technologies and WAS Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com
E-mail: mrgla...@apache.org

Danny Sinang d.sin...@gmail.com wrote on 03/20/2012 05:41:52 PM:

 Hi Jake,

 I tried your suggestion. Still the same problem.

 Regards,
 Danny

 On Tue, Mar 20, 2012 at 5:29 PM, Jacob Kjome h...@visi.com wrote:

 Try using valid URIs

 ?xml version=1.0?
 !DOCTYPE catalog
    PUBLIC -//OASIS/DTD Entity Resolution XML Catalog V1.0//EN
    http://www.oasis-open.org/committees/entity/release/1.0/catalog.dtd;
 catalog xmlns=urn:oasis:names:tc:entity:xmlns:xml:catalog
prefer=public
   uri name=http://www.w3.org/2001/xml.xsd; uri=file:/C:/Users/
 dsinang/Desktop/xml.xsd/
   uri name=http://www.w3.org/2001/XMLSchema.xsd; uri=file:/C:/
 Users/dsinang/Desktop/XMLSchema.xsd/
 /catalog


 Jake

 On Tue, 20 Mar 2012 17:23:38 -0400
  Danny Sinang d.sin...@gmail.com wrote:
 Hi Michael,

 Thanks.

 I tried using a resolver but I still get stuck at factory.newSchema().
 Here's an excerpt from my jUnit  :

 SchemaFactory factory =
 SchemaFactory.newInstance(XMLConstants.W3C_XML_SCHEMA_NS_URI);

 // load a WXS schema, represented by a Schema instance
 //Source schemaFile = new StreamSource(new File(xplana_2.xsd));
 File schemaLocation = new File(D:\\schema\\xplana_2.xsd);
 XMLCatalogResolver resolver = new XMLCatalogResolver();
 String[] catalogs = {D:\\catalogs\\catalog.xml};
 resolver.setCatalogList(catalogs);
 resolver.resolveURI(http://www.w3.org/2001/xml.xsd;);
 resolver.resolveURI(http://www.w3.org/2001/XMLSchema.xsd;);
 factory.setResourceResolver(resolver);
 Schema schema = factory.newSchema(schemaLocation);

 catalog.xml looks like this :

 ?xml version=1.0?
 !DOCTYPE catalog
    PUBLIC -//OASIS/DTD Entity Resolution XML Catalog V1.0//EN
    http://www.oasis-open.org/committees/entity/release/1.0/catalog.dtd;

 catalog xmlns=urn:oasis:names:tc:entity:xmlns:xml:catalog
 prefer=public
    uri name=http://www.w3.org/2001/xml.xsd;
 uri=file:C:\\Users\\dsinang\\Desktop\\xml.xsd/
   uri name=http://www.w3.org/2001/XMLSchema.xsd;
 uri=file:C:\\Users\\dsinang\\Desktop\\XMLSchema.xsd/
 /catalog


 What am I doing wrong ?

 Regards,
 Danny

 On Mon, Mar 19, 2012 at 7:42 PM, Michael Glavassevich
 mrgla...@ca.ibm.comwrote:

   Hi Danny,

 You have at least one import in your graph of schema documents which
 points to a resource on the net.

 From xhtml11.xsd:

   xs:import namespace=http://www.w3.org/XML/1998/namespace;
 schemaLocation=http://www.w3.org/2001/xml.xsd;
   xs:annotation
   xs:documentation
   This import brings in the XML namespace attributes
   The XML attributes are used by various modules.
   /xs:documentation
   /xs:annotation
   /xs:import

 That's one reason why it might take so long. The W3C sometimes blocks
 requests [1] for its schemas/DTDs or returns things very slowly.

 Have a look at XML Catalogs [2] and entity resolvers as lighter
 alternatives to fetching these external resources from the net every
time.

 Thanks.

 [1]
http://www.w3.org/blog/systeam/2008/02/08/w3c_s_excessive_dtd_traffic/
 [2] http://xerces.apache.org/xerces2-j/faq-xcatalogs.html

 Michael Glavassevich
 XML Technologies and WAS Development
 IBM Toronto Lab
 E-mail: mrgla...@ca.ibm.com
 E-mail: mrgla...@apache.org

 Danny Sinang d.sin...@gmail.com wrote on 03/19/2012 05:16:37 PM:

  Hello,
 
  I'm trying to validate the attached XML document (MBS1172478.xml)
  against an XSD file (xplana_2.xsd inside schema.zip) but I can't get
  past the line
 
   Schema schema = factory.newSchema(schemaLocation);
 
  It takes too long (like 5 to 10 minutes) when I run my code in a
  jUnit test, after which I get the following error :
 
  org.xml.sax.SAXParseException: sch-props-correct.2: A schema cannot
  contain two global components with the same name; this schema
  contains two occurrences of 'http://www.w3.org/1999/xhtml,Length'.
 
  My jUnit looks like this :
 
  import java.io.File;
  import java.io.FileOutputStream;
  import java.io.IOException;
  import java.io.InputStream;
  import java.util.ArrayList;
  import java.util.Enumeration;
  import java.util.HashMap;
  import java.util.List;
  import java.util.zip.ZipEntry;
  import java.util.zip.ZipException;
  import java.util.zip.ZipFile;
 
  import javax.xml.XMLConstants;
  import javax.xml.parsers.DocumentBuilder;
  import javax.xml.parsers.DocumentBuilderFactory;
  import javax.xml.parsers.ParserConfigurationException;
  import javax.xml.transform.Source;
  import javax.xml.transform.dom.DOMSource;
  import javax.xml.transform.stream.StreamSource;
  import javax.xml.validation.Schema;
  import javax.xml.validation.SchemaFactory;
  import javax.xml.validation.Validator

Re: factory.newSchema(schemaLocation) freezes

2012-03-19 Thread Michael Glavassevich 

Hi Danny,

You have at least one import in your graph of schema documents which points
to a resource on the net.

From xhtml11.xsd:

  xs:import namespace=http://www.w3.org/XML/1998/namespace;
schemaLocation=http://www.w3.org/2001/xml.xsd;
 xs:annotation
   xs:documentation
 This import brings in the XML namespace attributes
 The XML attributes are used by various modules.
   /xs:documentation
 /xs:annotation
  /xs:import

That's one reason why it might take so long. The W3C sometimes blocks
requests [1] for its schemas/DTDs or returns things very slowly.

Have a look at XML Catalogs [2] and entity resolvers as lighter
alternatives to fetching these external resources from the net every time.

Thanks.

[1] http://www.w3.org/blog/systeam/2008/02/08/w3c_s_excessive_dtd_traffic/
[2] http://xerces.apache.org/xerces2-j/faq-xcatalogs.html

Michael Glavassevich
XML Technologies and WAS Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com
E-mail: mrgla...@apache.org

Danny Sinang d.sin...@gmail.com wrote on 03/19/2012 05:16:37 PM:

 Hello,

 I'm trying to validate the attached XML document (MBS1172478.xml)
 against an XSD file (xplana_2.xsd inside schema.zip) but I can't get
 past the line

  Schema schema = factory.newSchema(schemaLocation);

 It takes too long (like 5 to 10 minutes) when I run my code in a
 jUnit test, after which I get the following error :

 org.xml.sax.SAXParseException: sch-props-correct.2: A schema cannot
 contain two global components with the same name; this schema
 contains two occurrences of 'http://www.w3.org/1999/xhtml,Length'.

 My jUnit looks like this :

 import java.io.File;
 import java.io.FileOutputStream;
 import java.io.IOException;
 import java.io.InputStream;
 import java.util.ArrayList;
 import java.util.Enumeration;
 import java.util.HashMap;
 import java.util.List;
 import java.util.zip.ZipEntry;
 import java.util.zip.ZipException;
 import java.util.zip.ZipFile;

 import javax.xml.XMLConstants;
 import javax.xml.parsers.DocumentBuilder;
 import javax.xml.parsers.DocumentBuilderFactory;
 import javax.xml.parsers.ParserConfigurationException;
 import javax.xml.transform.Source;
 import javax.xml.transform.dom.DOMSource;
 import javax.xml.transform.stream.StreamSource;
 import javax.xml.validation.Schema;
 import javax.xml.validation.SchemaFactory;
 import javax.xml.validation.Validator;

 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.simpleframework.xml.Serializer;
 import org.simpleframework.xml.convert.AnnotationStrategy;
 import org.simpleframework.xml.core.Persister;
 import org.simpleframework.xml.strategy.Strategy;
 import org.springframework.test.context.ContextConfiguration;
 import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
 import org.w3c.dom.Document;
 import org.xml.sax.SAXException;

 @RunWith(SpringJUnit4ClassRunner.class)
 @ContextConfiguration(locations = { /xplana-marklogic-test.xml })
 public class ValidationV2Test {

 private void validateXml (File xmlFile) throws
 ParserConfigurationException, SAXException, IOException {

    // parse an XML document into a DOM tree
    DocumentBuilderFactory parserFactory =
 DocumentBuilderFactory.newInstance();
    parserFactory.setNamespaceAware(true);
    DocumentBuilder parser = parserFactory.newDocumentBuilder();
    Document document = parser.parse(xmlFile);

    // create a SchemaFactory capable of understanding WXS schemas
    SchemaFactory factory = SchemaFactory.newInstance
 (XMLConstants.W3C_XML_SCHEMA_NS_URI);

    // load a WXS schema, represented by a Schema instance
    File schemaLocation = new File(D:\\schema\\xplana_2.xsd);
    Schema schema = factory.newSchema(schemaLocation);

    // create a Validator instance, which can be used to validate an
 instance document
    Validator validator = schema.newValidator();

    // validate the DOM tree
    try {
        validator.validate(new DOMSource(document));
        System.out.println(Validation successful.);
    } catch (SAXException e) {
        // instance document is invalid!
    }

 }

 @Test
 public void v2PrototypeTest()  {
 validateXml(D:\\temp\\MBS1172478\\MBS1172478.xml);
 }

 }

 Any idea what I'm doing wrong ?

 I validated the same XML against the same XSD using OxygenXML and
 MarkLogic and it validates fine.

 Regards,
 Danny

 -
 To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org
 For additional commands, e-mail: j-users-h...@xerces.apache.org

Re: src-import.3.1 error message

2012-03-15 Thread Michael Glavassevich 

Xerces doesn't know anything about WSDL. How are you extracting and loading
the inlined schema documents?

Thanks.

Michael Glavassevich
XML Technologies and WAS Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com
E-mail: mrgla...@apache.org

rJassal jassal.ravinder...@gmail.com wrote on 03/15/2012 04:12:27 AM:

 Bindul,

 schemaLocation attribute is not required, as both the schemas are defined
in
 a single WSDL file.


 Bindul Bhowmik wrote:
 
  Hello,
 
  On Thu, Mar 15, 2012 at 01:18, rJassal jassal.ravinder...@gmail.com
  wrote:
 
 
  Hi,
 
  I am using the below schema in one of my WSDL, I didn't find anything
  wrong
  in the schema but not sure why Xerces is complaining.
 
         xs:schema xmlns:ax223=http://example.com/loan;
  attributeFormDefault=qualified elementFormDefault=qualified
  targetNamespace=http://example.com/xsd;
             xs:import namespace=http://example.com/loan/
             xs:complexType name=Input
                 xs:sequence
                     xs:element minOccurs=0 name=loanDecision
  nillable=true type=ax223:LoanDecision/
                     xs:element minOccurs=0 name=loanInformation
  nillable=true type=ax223:LoanInformation/
                 /xs:sequence
             /xs:complexType
             xs:complexType name=Output
                 xs:sequence
                     xs:element minOccurs=0 name=loanDecision
  nillable=true type=ax223:LoanDecision/
                     xs:element minOccurs=0 name=loanInformation
  nillable=true type=ax223:LoanInformation/
                 /xs:sequence
             /xs:complexType
         /xs:schema
 
                 xs:schema attributeFormDefault=qualified
  elementFormDefault=qualified
  targetNamespace=http://example.com/loan;
             xs:complexType name=LoanDecision
                 xs:sequence
                     xs:element minOccurs=0 name=decision
  nillable=true type=xs:string/
                     xs:element minOccurs=0 name=paymentDuration
  nillable=true type=xs:int/
                     xs:element minOccurs=0 name=rate
nillable=true
  type=xs:double/
                 /xs:sequence
             /xs:complexType
             xs:complexType name=LoanInformation
                 xs:sequence
                     xs:element minOccurs=0 name=amountNeeded
  nillable=true type=xs:int/
                     xs:element minOccurs=0 name=currentIncome
  nillable=true type=xs:int/
                     xs:element minOccurs=0 name=privateInput
  nillable=true type=xs:int/
                 /xs:sequence
             /xs:complexType
         /xs:schema
 
  And I am getting below message.
 
  src-import.3.1: The namespace attribute, 'http://example.com/loan', of
an
  import element information item must be identical to the
  targetNamespace
  attribute, 'http://example.com/xsd', of the imported document.
 
  What could be reason for this message and why?
 
  Perhaps you are missing the schemaLocation attribute of the xs:import
  element (with the relative or absolute location of the second schema)
  ? Otherwise according to Schema Representation Constraint: Import
  Constraints and Semantics [1] of the Xml Schema specification, the
  error from xerces is correct.
 
 
  Thanks.
  --
 
  Regards,
  Bindul
 
  [1] http://www.w3.org/TR/2004/REC-xmlschema-1-20041028/#src-import
 
  -
  To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org
  For additional commands, e-mail: j-users-h...@xerces.apache.org
 
 
 

 --
 View this message in context: http://old.nabble.com/src-import.3.1-
 error-message-tp33507809p33507987.html
 Sent from the Xerces - J - Users mailing list archive at Nabble.com.


 -
 To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org
 For additional commands, e-mail: j-users-h...@xerces.apache.org

Re: Problem building xml-schema-1.1-dev

2012-03-14 Thread Michael Glavassevich 
Hi Jorge,

I see there was some refactoring done yesterday which caused this
compilation error. It's fixed now.

Thanks for pointing it out.

Michael Glavassevich
XML Technologies and WAS Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com
E-mail: mrgla...@apache.org

Jorge Williams jorge.willi...@rackspace.com wrote on 03/14/2012 07:21:00
PM:

 The following seems to fix:

 diff --git a/samples/xs/XSSerializer.java b/samples/xs/XSSerializer.java
 index 400d28b..bdf1b6b 100644
 --- a/samples/xs/XSSerializer.java
 +++ b/samples/xs/XSSerializer.java
 @@ -39,7 +39,7 @@ import org.apache.xerces.impl.xs.identity.Field;
  import org.apache.xerces.impl.xs.identity.IdentityConstraint;
  import org.apache.xerces.impl.xs.identity.KeyRef;
  import org.apache.xerces.impl.xs.identity.Selector;
 -import org.apache.xerces.impl.xs.util.XSTypeHelper;
 +import org.apache.xerces.impl.xs.util.XS11TypeHelper;
  import org.apache.xerces.xs.StringList;
  import org.apache.xerces.xs.XSAttributeUse;
  import org.apache.xerces.xs.XSComplexTypeDefinition;
 @@ -885,7 +885,7 @@ public class XSSerializer {
  String requiredVal = (attrUse.getRequired() == true) ?
 SchemaSymbols.ATTVAL_REQUIRED : SchemaSymbols.ATTVAL_OPTIONAL;
  XSAttributeDecl attrDecl = (XSAttributeDecl)
 attrUse.getAttrDeclaration();
  XSComplexTypeDefinition enclosingCTDefn =
 attrDecl.getEnclosingCTDefinition();
 -boolean complexTypesIdentical = (enclosingCTDefn ==
 null) ? false : XSTypeHelper.isSchemaTypesIdentical(complexTypeDecl,
 enclosingCTDefn);
 +boolean complexTypesIdentical = (enclosingCTDefn ==
 null) ? false : XS11TypeHelper.isSchemaTypesIdentical
 (complexTypeDecl, enclosingCTDefn);
  // do not add attributes, from the base type. they will
 be serialized as part of the base type serialization.
  if (complexTypesIdentical) {
  addAttributeToSchemaComponent(document,
 parentDomNode, attrDecl, constraintName, constraintVal, requiredVal);


 Thanks,

 -jOrGe W.


 -
 To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org
 For additional commands, e-mail: j-users-h...@xerces.apache.org

Re: Using Schema 1.1 with SourceValidator example.

2012-03-08 Thread Michael Glavassevich 

Did you place xml-apis.jar in your endorsed directory [1]?

[1] http://xerces.apache.org/xerces2-j/faq-general.html#faq-4

Michael Glavassevich
XML Technologies and WAS Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com
E-mail: mrgla...@apache.org

Jim Barnett jim.barn...@genesyslab.com wrote on 03/08/2012 10:16:57 AM:

 Thanks.  That was certainly part of the problem.  I?ve downloaded
 the 1.1 beta package, and it now recognizes the ?xsd11 option, but I
 get a different error:

 : Parse error occurred - No SchemaFactory that implements the schema
 language specified by: http://www.w3.org/XML/XMLSchema/v1.1 c
 be loaded
 lang.IllegalArgumentException: No SchemaFactory that implements the
 schema language specified by: http://www.w3.org/XML/XMLSchema/
 could be loaded
at javax.xml.validation.SchemaFactory.newInstance(Unknown Source)
at jaxp.SourceValidator.main(Unknown Source)

 The package works if I leave out the ?xsd11 flag and process using
 schema 1.0.

 = Jim

Re: Xerces-J and xml:id support

2012-03-08 Thread Michael Glavassevich 
Hi Jeff,

Jeff Powanda jpowa...@vocera.com wrote on 03/08/2012 09:08:10 PM:

 After converting a small amount of XML content from DocBook 4.5 to
 DocBook 5, I tried generating output and was surprised to discover
 that Xerces-J 2.11 (the latest release) doesn't support xml:id. As a
 result, I get XPointer resolution unsuccessful for any XIncludes
 that reference an XPointer.

 I've read other posts that suggest there's a patch somewhere that
 addresses this, but I haven't found a downloadable version of
 Xerces-J that includes the patch. Can anyone point me in the right
direction?

xml:id support was developed as part of GSoC last year. The patch that was
contributed hasn't been applied to SVN yet and would probably need a bit of
polishing / clean-up first before that would happen.

 I tried downloading the source for Xerces-J 2.11 and then building
 new JAR files with patched classes found here: https://
 issues.apache.org/jira/browse/XERCESJ-1113. However, I couldn't get
 Xerces-J to build successfully with several different JDK versions
 due to problems with org.apache.html.dom.HTMLElementImpl. I haven't
 tried later versions of the Xerces-J source from the Subversion
 Repository yet to see if they build successfully.

 Any help would be appreciated.

Did you follow the build instructions here [1]? You need Xerces' build
tools.

 Thanks in advance,
 Jeff Powanda
 Vocera Communications
 (831) 882-5150

Thanks.

[1] http://xerces.apache.org/xerces2-j/faq-build.html#faq-2

Michael Glavassevich
XML Technologies and WAS Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com
E-mail: mrgla...@apache.org

Re: Using Schema 1.1 with SourceValidator example.

2012-03-07 Thread Michael Glavassevich 

Sanity check... Did you download [1] the stable version of Xerces-J 2.11.0
or the XML Schema 1.1 beta version of 2.11.0?

You need the XML Schema 1.1 beta binary package.

Thanks.

[1] http://xerces.apache.org/mirrors.cgi#binary

Michael Glavassevich
XML Technologies and WAS Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com
E-mail: mrgla...@apache.org

Jim Barnett jim.barn...@genesyslab.com wrote on 03/07/2012 04:53:24 PM:

 On the faq page for XML Schema
http://xerces.apache.org/xerces2-j/faq-xs.html
 is the following:

 ?You can also refer to the JAXP sample, SourceValidator, where you
 can validate XML documents against 1.1 schemas by specifying the -
 xsd11 flag when running the sample.?

 However when I try the following, I get told that ?xsd11 is an
 unknown option :

 java -cp D:\xerces\xerces-2_11_0\xercesSamples.jar
 jaxp.SourceValidator -xsd11 -a someschema.xsd -i someinputfile -f

 Am I doing something wrong?

 Thanks,
 Jim

Re: Problem caused by namespace change of xerces

2012-03-05 Thread Michael Glavassevich 

Steven,

Someone might be able help you if you provided more details on the issues
you're having.

Thanks.

Michael Glavassevich
XML Technologies and WAS Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com
E-mail: mrgla...@apache.org

Steven Troxell steven.trox...@gmail.com wrote on 03/03/2012 11:57:14 AM:

 Hi all,

 I'm working with a project dependant on Jena, which is in turn
 dependant on xerces:  My issue is summed up nicely here, http://
 tech.groups.yahoo.com/group/jena-dev/message/33894 which also
 proposes a solution. Problem is stated solution requires access to
 the code, and I'm only working with a binary distribution of the
 software. Anyone know what else I can do, if there's a jar file I
 can download from somewhere/add to classpath? There's various
 versions of XercesImpl.jar that I've tried, all resulting in various
 other errors. Any help greatly appreciated!

 My sun java version (same problem with openjdk)

   java version 1.6.0_31
 Java(TM) SE Runtime Environment (build 1.6.0_31-b04)
 Java HotSpot(TM) Server VM (build 20.6-b01, mixed mode)


 Any help, greatly appreciated

Re: XMLCatalogResolver Schema with Include

2012-02-05 Thread Michael Glavassevich 

Paul,

The XMLCatalogResolver is working as documented / designed. Users are
encouraged to extend this class if the default behaviour isn't what they
desire.

If you register your extension as an XNI entity resolver, you could cast
the XMLResourceIdentifier to an XMLSchemaDescription [1] and ignore the
namespace when getContextType() equals
XMLSchemaDescription.CONTEXT_INCLUDE.

Thanks.

[1]
http://xerces.apache.org/xerces2-j/javadocs/xni/org/apache/xerces/xni/grammars/XMLSchemaDescription.html

Michael Glavassevich
XML Technologies and WAS Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com
E-mail: mrgla...@apache.org

Ramirez, Paul M (388J) paul.m.rami...@jpl.nasa.gov wrote on 02/05/2012
02:56:59 PM:

 Hey Michael,

 Thanks for your feedback. It ended up being the resolveResource
 method that was overridden. It starts out with the following:

 public LSInput resolveResource(String type, String namespaceURI,
 String publicId, String systemId, String baseURI) {

 String resolvedId = null;
 try {
 // The namespace is useful for resolving namespace aware
 // grammars such as XML schema. Let it take precedence over
 // the external identifier if one exists.
 if (namespaceURI != null) {
 resolvedId = resolveURI(namespaceURI);
 }
 ...
 ...
 }

 So all I needed to do was set the namespace to null when a systemId
 was present and then call this method. That said, I'm not sure I
 want this to be the behavior and am wondering if this can be solved
 somewhere else with a patch. It seems as though when the xs:include
 is being encountered its namespace is being set to the namespace in
 which it is encountered. What seemingly should happen is that the
 include should not need to be associated with a namespace; that way
 it won't get resolved to a URI element in a catalog.

 Any thoughts on this? Do you know where I could look to deduce this
 issue further. I'm just not sure I'm comfortable going with the
 systemId every time its specified and thats what would happen with
 solving at the catalog level. I could be wrong and this could be fine.

 Also does this seem like something that should be patched in Xerces.
 If so when I figure it out I can create a Jira issue and submit a patch.

 Thanks,
 Paul Ramirez

 On Feb 3, 2012, at 12:20 PM, Michael Glavassevich wrote:

 You might also want to extend the XMLCatalogResolver and override
 its core resolveIdentifier() method. The base method won't make any
 distinction between your main schema document and the include and is
 probably always returning the URI entry from the catalog since the
 namespace is given higher precedence than the schema location.

 Thanks.

 Michael Glavassevich
 XML Technologies and WAS Development
 IBM Toronto Lab
 E-mail: mrgla...@ca.ibm.com
 E-mail: mrgla...@apache.org

 Mark R Maxey mark_r_ma...@raytheon.com wrote on 02/03/2012 02:25:36 PM:

  You might try reading this discussion on JAXP, XML Catalogs, and XSDs
  . I don't know that this will solve your problem, but it seems
related ...
 
 
  Mark Maxey
  Raytheon, Garland
  580/2/P22-1
  (972)205-5760
  mark_r_ma...@raytheon.com
 
  [image removed] Ramirez, Paul M (388J) ---02/03/2012 09:18:06
  AM---Hi All, I'm having an issue with XML catalogs and validating an
  XML file based on lookups with URI e
 
  From: Ramirez, Paul M (388J) paul.m.rami...@jpl.nasa.gov
  To: j-users@xerces.apache.org j-users@xerces.apache.org
  Date: 02/03/2012 09:18 AM
  Subject: XMLCatalogResolver Schema with Include
 
 
 
  Hi All,
 
  I'm having an issue with XML catalogs and validating an XML file
  based on lookups with URI elements. I believe the issue is coming
  down to resolving the include from one of my namespace schema. It
  could be that I'm not setting something but I just can't seem to
  figure it out. I believe the following example shows what I am
  talking about. If anyone can test it out please let me know if you
  are experiencing the same thing or know how or why it doesn't work.
  As a side note this works within a editor like Oxygen and
 everythingresolves.
 
  foo.xsd:
 
  ?xml version=1.0 encoding=UTF-8?
  xs:schema xmlns:xs=http://www.w3.org/2001/XMLSchema;
elementFormDefault=
  qualified targetNamespace=http://foo.jpl.nasa.gov/foo; xmlns:foo=
  http://foo.jpl.nasa.gov/foo;
  xs:include schemaLocation=http://foo.jpl.nasa.gov/foo-include.xsd/
  xs:element name=first type=xs:string/
  xs:complexType name=name
  xs:sequence
  xs:element ref=foo:first/
  xs:element ref=foo:last/
  /xs:sequence
  /xs:complexType
  xs:element name=name type=foo:name/
  /xs:schema
 
  foo.xsd-include.xsd:
 
  ?xml version=1.0 encoding=UTF-8?
  xs:schema xmlns:xs=http://www.w3.org/2001/XMLSchema;
elementFormDefault=
  qualified targetNamespace=http://foo.jpl.nasa.gov/foo;
  xs:element name=last type=xs:string/
  /xs:schema
 
  catalog-foo.xml:
 
  ?xml version=1.0 encoding=UTF

Re: XMLCatalogResolver Schema with Include

2012-02-03 Thread Michael Glavassevich 

You might also want to extend the XMLCatalogResolver and override its core
resolveIdentifier() method. The base method won't make any distinction
between your main schema document and the include and is probably always
returning the URI entry from the catalog since the namespace is given
higher precedence than the schema location.

Thanks.

Michael Glavassevich
XML Technologies and WAS Development
IBM Toronto Lab
E-mail: mrgla...@ca.ibm.com
E-mail: mrgla...@apache.org

Mark R Maxey mark_r_ma...@raytheon.com wrote on 02/03/2012 02:25:36 PM:

 You might try reading this discussion on JAXP, XML Catalogs, and XSDs
 . I don't know that this will solve your problem, but it seems
related ...


 Mark Maxey
 Raytheon, Garland
 580/2/P22-1
 (972)205-5760
 mark_r_ma...@raytheon.com

 [image removed] Ramirez, Paul M (388J) ---02/03/2012 09:18:06
 AM---Hi All, I'm having an issue with XML catalogs and validating an
 XML file based on lookups with URI e

 From: Ramirez, Paul M (388J) paul.m.rami...@jpl.nasa.gov
 To: j-users@xerces.apache.org j-users@xerces.apache.org
 Date: 02/03/2012 09:18 AM
 Subject: XMLCatalogResolver Schema with Include



 Hi All,

 I'm having an issue with XML catalogs and validating an XML file
 based on lookups with URI elements. I believe the issue is coming
 down to resolving the include from one of my namespace schema. It
 could be that I'm not setting something but I just can't seem to
 figure it out. I believe the following example shows what I am
 talking about. If anyone can test it out please let me know if you
 are experiencing the same thing or know how or why it doesn't work.
 As a side note this works within a editor like Oxygen and
everythingresolves.

 foo.xsd:

 ?xml version=1.0 encoding=UTF-8?
 xs:schema xmlns:xs=http://www.w3.org/2001/XMLSchema;
elementFormDefault=
 qualified targetNamespace=http://foo.jpl.nasa.gov/foo; xmlns:foo=
 http://foo.jpl.nasa.gov/foo;
 xs:include schemaLocation=http://foo.jpl.nasa.gov/foo-include.xsd/
 xs:element name=first type=xs:string/
 xs:complexType name=name
 xs:sequence
 xs:element ref=foo:first/
 xs:element ref=foo:last/
 /xs:sequence
 /xs:complexType
 xs:element name=name type=foo:name/
 /xs:schema

 foo.xsd-include.xsd:

 ?xml version=1.0 encoding=UTF-8?
 xs:schema xmlns:xs=http://www.w3.org/2001/XMLSchema;
elementFormDefault=
 qualified targetNamespace=http://foo.jpl.nasa.gov/foo;
 xs:element name=last type=xs:string/
 /xs:schema

 catalog-foo.xml:

 ?xml version=1.0 encoding=UTF-8?
 catalog xmlns=urn:oasis:names:tc:entity:xmlns:xml:catalog
 !-- This is a sample --
 uri name=http://foo.jpl.nasa.gov/foo; uri=file:///Users/pramirez/
 Desktop/catalog/foo.xsd/
 system systemId=http://foo.jpl.nasa.gov/foo-include.xsd; uri=
 file:///Users/pramirez/Desktop/catalog/includes/foo-include.xsd/
 /catalog

 name.xml (purposely with an error so I can see if validation is
 occurring correctly):

 ?xml version=1.0 encoding=UTF-8?
 name xmlns=http://foo.jpl.nasa.gov/foo;
 last/last
 first/first
 /name

 XMLTest.java:

 public class XMLTest {
 public static void main(String[] args) throws Exception {
 String[] catalogs = {args[0]};
 XMLCatalogResolver resolver = new XMLCatalogResolver();
 resolver.setCatalogList(catalogs);

 SchemaFactory sf = SchemaFactory.newInstance(XMLConstants.
 W3C_XML_SCHEMA_NS_URI);
 sf.setResourceResolver(resolver);
 Schema s = sf.newSchema();
 Validator v = s.newValidator();
 v.setResourceResolver(resolver);
 v.validate(new StreamSource(args[1]));
 }
 }

 The java program then is just called with the reference to the
 catalog-foo.xml and name.xml and I receive the following error:

 Exception in thread main org.xml.sax.SAXParseException: src-
 resolve: Cannot resolve the name 'foo:last' to a(n) 'element
 declaration' component.
 at
 org.apache.xerces.util.ErrorHandlerWrapper.createSAXParseException
 (Unknown Source)
 at org.apache.xerces.util.ErrorHandlerWrapper.error(Unknown Source)
 at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown Source)
 at org.apache.xerces.impl.xs.traversers.XSDHandler.reportSchemaError
 (Unknown Source)
 at org.apache.xerces.impl.xs.traversers.XSDHandler.reportSchemaError
 (Unknown Source)
 at org.apache.xerces.impl.xs.traversers.XSDHandler.getGlobalDecl
 (Unknown Source)
 at
 org.apache.xerces.impl.xs.traversers.XSDElementTraverser.traverseLocal
 (Unknown Source)
 at
 org.apache.xerces.impl.xs.traversers.XSDHandler.traverseLocalElements
 (Unknown Source)
 at org.apache.xerces.impl.xs.traversers.XSDHandler.parseSchema(Unknown
Source)
 at org.apache.xerces.impl.xs.XMLSchemaLoader.loadSchema(Unknown Source)
 at org.apache.xerces.impl.xs.XMLSchemaValidator.findSchemaGrammar
 (Unknown Source)
 at org.apache.xerces.impl.xs.XMLSchemaValidator.handleStartElement
 (Unknown Source)
 at org.apache.xerces.impl.xs.XMLSchemaValidator.startElement(Unknown
Source)
 at org.apache.xerces.impl.XMLNSDocumentScannerImpl.scanStartElement
 (Unknown Source)
 at org.apache.xerces.impl.XMLNSDocumentScannerImpl

  1   2   3   4   5   6   7   8   >