-
cdanger authored
used for validating XACML anyURI AttributeValue is no longer XSD 1.0 but 1.1 where anyURI has same value space as string. - Fix: possible memory leak (e.g. in Tomcat) by using SAXON anyURI validator. More info: <p> * Last but not least, we now refer to the definition of anyURI datatype given in XSD 1.1, which has the same value space as the string datatype. More info in the XSD 1.1 datatypes document and SAXON * documentation: http://www.saxonica.com/html/documentation9.4/changes/intro93/xsd11-93.html. Also confirmed on the mailing list: * https://sourceforge.net/p/saxon/mailman/saxon-help/thread/4F9E683E.8060001@saxonica.com/. Although XACML 3.0 still refers to XSD 1.0 and its stricter definition of anyURI, we prefer to anticipate * and use the definition from XSD 1.1 for XACML AttributeValues of datatype anyURI. However, this does not affect XACML schema validation of Policy/PolicySet/Request documents, where the XSD 1.0 * definition of anyURI still applies. * </p> * <p> * With the new anyURI definition of XSD 1.1, we also avoid using {@link StandardURIChecker} which maintains a thread-local cache of validated URIs (cache size is 50 and eviction policy is LRU) that * may be spotted as a possible memory leak by servlet containers such as Tomcat, as confirmed on the mailing list: https://sourceforge.net/p/saxon/mailman/message/27043134/ , * https://sourceforge.net/p/saxon/mailman/saxon-help/thread/4F9E683E.8060001@saxonica.com/ . * </p>
cb0700e8