Using XML Validation Framework with Web Services

A good Web service has to have a well defined and enforceable contract. Typically, the contract is expressed using XML Schema language. Unfortunately, up until recently, enforcing the contact was very problematic because of the huge performance overhead associated with running schema validation. XML parsers used to load and parse the schema for every validation request, which was clearly expensive.

This has changed with the release JAXP 1.3 which comes with the schema validation framework which allows to first load and compile a schema and then reuse the compiled version for all subsequent validation requests. This may finally make it feasible to use the schema validation for Web services in production environment.

I decided to prototype the use of the validation framework for my Web services implemented in XFire (you may also want to explore a schema validation component implemented in ServiceMix ESB).

All it took is a fairly simple handler:

public class XFireSchemaValidationHandler extends AbstractHandler {
private Schema schema = null;
public XFireSchemaValidationHandler() throws SAXException{
super();
setPhase(Phase.PARSE);
before(ReadHeadersHandler.class.getName());
// Load the schema - note that handler is only
// instantiated once, so we can keep the schema in
// an instance variable
SchemaFactory factory = SchemaFactory
.newInstance(XMLConstants.W3C_XML_SCHEMA_NS_URI);
// I‘m hardcoding the path for now, but we should be able
// to extract it from the WSDL
StreamSource ss = new StreamSource(
new File("/ws/xfire/etc/person.xsd"));
schema = factory.newSchema(ss);
}
public void invoke(MessageContext ctx) throws Exception {
InMessage message = ctx.getInMessage();
XMLStreamReader streamReader = message.getXMLStreamReader();
// create JDom from the stream - alternatively we can rely on
// DOM and XFire DOM handler
StaxBuilder builder = new StaxBuilder();
Document doc = builder.build(streamReader);
// get to the body first
Element body =
(Element)doc.getRootElement().getChildren().get(0);
// we assume that we use "unwrapped" mode and
// our payload is the direct child of the body element
Element payload = (Element) body.getChildren().get(0);
// dump the message for testing purposes
XMLOutputter outputter =
new XMLOutputter(Format.getPrettyFormat());
outputter.output(payload, System.out);
// create validation handler from the pre-complied schema
ValidatorHandler vh = schema.newValidatorHandler();
// the handler only works with SAX events, so we create
// SAX from JDom
SAXOutputter so = new SAXOutputter(vh);
// Validator will run as a SAX handler and throw an exception
// if the validation fails.
so.output(payload);
System.out.println("\nValidation passed");
// rewind the stream reader for subsequent processing
message.setXMLStreamReader( new JDOMStreamReader( doc) );
}
}

Unfortunately, the validation framework does not currently support StAX, so an XML document has to be parsed using SAX or DOM (or JDom with subsequent SAX conversion which is what I chose to do since it was quicker to develop that way). I‘m sure this conversion (and the validation process itself) adds some performance overhead, but I‘m hoping that it won‘t be too bad, especially for simple schemas (and from my experience 90% of all Web services have very simple messages). JAX-RPC-compliant Web services engines should see even less of performance penalty since everything is loaded into DOM from the get-go. Perhaps I‘ll try to run some performance tests and see what happens.