Guide: Setting up XML validation

Track Test bed setup

This guide walks you through the points to consider when setting up XML validation and the steps to bring your validation service online.

What you will achieve

At the end of this guide you will have understood what you need to consider when starting to implement validation services for your XML-based specification. You will also have gone through the steps to bring it online and make it available to your users.

An XML validation service can be created using multiple approaches depending on your needs. You can have an on-premise (or local to your workstation) service through Docker or use the test bed’s resources and, with minimal configuration, bring online a public service that is automatically kept up-to-date.

For the purpose of this guide you will be presented the options to consider and start with a Docker-based instance that could be replaced (or complemented) by a setup through the test bed. Interestingly, the configuration relevant to the validator is the same regardless of the approach you choose to follow.

What you will need

  • About 30 minutes.
  • A text editor.
  • A web browser.
  • Access to the Internet.
  • Docker installed on your machine (only if you want to run the validator as a Docker container).
  • A basic understanding of XML-related technologies. For more information you can check out online resources on XML Schema (XSD), XPath and Schematron.

How to complete this guide

The steps described in this guide are for the most part hands-on, resulting in you creating a fully operational validation service. For these practical steps there are no prerequisites and the content for all files to be created are provided in each step. In addition, if you choose to try your setup as a Docker container you will also be issuing commands on a command line interface (all commands are provided and explained as you proceed).

Steps

You can complete this guide by following the steps described in this section. Not all steps are required, with certain ones being optional or complementary depending on your needs. The following diagram presents an overview of all steps highlighting the ones that apply in all cases (marked as mandatory):

../_images/step_overview1.png

When and why you should skip or consider certain steps depends on your testing needs. Each step’s description covers the options you should consider and the next step(s) to follow depending on your choice.

Step 1: Determine your testing needs

Before proceeding to setup your validator you need to clearly determine your testing needs. A first outline of the approach to follow would be provided by answering the following questions:

  • Will the validator be available to your users as a tool to be used on an ad-hoc basis?
  • Do you plan on measuring the conformance of your community’s members to the XML-based specification?
  • Is the validator expected to be used in a larger conformance testing context (e.g. during testing of a message exchange protocol)?
  • Should the validator be publicly accessible?
  • Should test data and validation reports be treated as confidential?

The first choice to make is on the type of solution that will be used to power your validation service:

  • Standalone validator: A service allowing validation of individual XML instances based on a predefined configuration of validation artefacts, including XML Schema (XSD) (for syntax validation) and Schematron (for business rule validation). The service supports fine-grained customisation and configuration of different validation types (e.g. specification versions) and supported communication channels. Importantly, use of the validator is anonymous and it is fully stateless in that none of the test data or validation reports are maintained once validation completes.
  • Complete test bed: The test bed is used to realise a full conformance testing campaign. It supports the definition of test scenarios as test cases, organised in test suites that are linked to specifications. Access is account-based allowing users to claim conformance to specifications and execute in a self-service manner their defined test cases. All results are recorded to allow detailed reporting, monitoring and eventually certification. Test cases can address XML validation but are not limited to that, allowing validation of any complex exchange of information.

It is important to note that these two approaches are by no means exclusive. It is often the case that a standalone validator is defined as a first step that is subsequently used from within test cases in the test bed. The former solution offers a community tool to facilitate work towards compliance supporting ad-hoc data validation, whereas the latter allows for rigorous conformance testing to take place where proof of conformance is required. This could apply in cases where conformance is a qualification criterion before receiving funding or before being accepted as a partner in a distributed system. Finally, it is interesting to consider that non-trivial XML validation may involve multiple validation artefacts (e.g. Schematron files). In such a case, even if ad-hoc data validation is not needed, defining a separate validator simplifies management of the validation artefacts by consolidating them in a single location, as opposed to bundling them within test suites.

Regardless of the choice of solution, the next point to consider will be the type of access. If public access is important then the obvious choice is to allow access over the Internet. An alternative would be an installation that allows access only through a restricted network, be it an organisation’s internal network or a virtual private network accessible only by your community’s members. Finally, an extreme case would be access limited to individual workstations where each community member would be expected to run the service locally (albeit of course without the expectation to test message exchanges with remote parties).

If access to your validation services over the Internet is preferred or at least acceptable, the simplest case is to opt for using the shared ISA² test bed resources, both regarding the standalone validator and the test bed itself. If such access is not acceptable or is technically not possible (e.g. access to private resources is needed), the proposed approach would be to go for a Docker-based on-premise installation of all components.

Summarising the options laid out in this section, you will first want to choose:

  • Whether you will be needing a standalone validator, a complete test bed or both.
  • Whether the validator and/or test bed will be accessible over the Internet or not.

Your choices here can help you better navigate the remaining steps of this guide. Specifically:

Step 2: Prepare validation artefacts

As an example case for XML validation we will consider the EU purchase order case first seen in Guide: Creating a test suite. In short, for the purposes of this guide you are considered to be leading an EU cross-border initiative to define a new common specification for the exchange of purchase orders between retailers.

To specify the content of purchase orders your experts have created the following XML Schema:

<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" targetNamespace="http://itb.ec.europa.eu/sample/po.xsd" xmlns="http://itb.ec.europa.eu/sample/po.xsd" elementFormDefault="qualified">

  <xs:element name="purchaseOrder" type="PurchaseOrderType"/>

  <xs:element name="comment" type="xs:string"/>

  <xs:complexType name="PurchaseOrderType">
    <xs:sequence>
      <xs:element name="shipTo" type="Address"/>
      <xs:element name="billTo" type="Address"/>
      <xs:element ref="comment" minOccurs="0"/>
      <xs:element name="items"  type="Items"/>
    </xs:sequence>
    <xs:attribute name="orderDate" type="xs:date"/>
  </xs:complexType>

  <xs:complexType name="Address">
    <xs:sequence>
      <xs:element name="name"   type="xs:string"/>
      <xs:element name="street" type="xs:string"/>
      <xs:element name="city"   type="xs:string"/>
      <xs:element name="zip"    type="xs:decimal"/>
    </xs:sequence>
    <xs:attribute name="country" type="CountryType" use="required"/>
  </xs:complexType>

  <xs:complexType name="Items">
    <xs:sequence>
      <xs:element name="item" minOccurs="0" maxOccurs="unbounded">
        <xs:complexType>
          <xs:sequence>
            <xs:element name="productName" type="xs:string"/>
            <xs:element name="quantity" type="xs:positiveInteger"/>
            <xs:element name="priceEUR"    type="xs:decimal"/>
            <xs:element ref="comment"   minOccurs="0"/>
          </xs:sequence>
          <xs:attribute name="partNum" type="xs:string" use="required"/>
        </xs:complexType>
      </xs:element>
    </xs:sequence>
  </xs:complexType>

  <xs:simpleType name="CountryType">
    <xs:restriction base="xs:string">
      <xs:pattern value="[A-Z]{2}"/>
    </xs:restriction>
  </xs:simpleType>

</xs:schema>

Based on this, a sample purchase order would be as follows:

<?xml version="1.0"?>
<purchaseOrder xmlns="http://itb.ec.europa.eu/sample/po.xsd" orderDate="2018-01-22">
  <shipTo country="BE">
    <name>John Doe</name>
    <street>Europa Avenue 123</street>
    <city>Brussels</city>
    <zip>1000</zip>
  </shipTo>
  <billTo country="BE">
    <name>Jane Doe</name>
    <street>Europa Avenue 210</street>
    <city>Brussels</city>
    <zip>1000</zip>
  </billTo>
  <comment>Send in one package please</comment>
  <items>
    <item partNum="XYZ-123876">
      <productName>Mouse</productName>
      <quantity>20</quantity>
      <priceEUR>15.99</priceEUR>
      <comment>Confirm this is wireless</comment>
    </item>
    <item partNum="ABC-32478">
      <productName>Keyboard</productName>
      <quantity>15</quantity>
      <priceEUR>25.50</priceEUR>
    </item>
  </items>
</purchaseOrder>

A first obvious validation for purchase orders would be against their XML Schema. However, your business requirements also define the concept of a large purchase order which is one that includes more than 10 of each ordered item. This restriction is not reflected in the XML Schema which is considered as a base for all purchase orders but rather in a Schematron rule file that checks this only for orders that are supposed to be “large”. Such a rule file would be as follows:

<?xml version="1.0" encoding="UTF-8"?>
<schema xmlns="http://purl.oclc.org/dsdl/schematron" queryBinding="xslt2">
  <title>Large Purchase Order business rules</title>
  <ns prefix="po" uri="http://itb.ec.europa.eu/sample/po.xsd"/>
  <pattern name="Check order items">
    <rule context="/po:purchaseOrder/po:items/po:item">
      <assert test="number(po:quantity) > 10" flag="fatal" id="PO-01">[PO-01] The quantities of items for large orders must be greater than 10.</assert>
    </rule>
  </pattern>	
</schema>

Given these requirements and validation artefacts we want to support two types of validation (or profiles):

  • basic: For all purchase orders acting as a common base. This is realised by XML Schema validation.
  • large: For large purchase orders. This includes validation against the XML Schema and also against the relevant Schematron rule.

As the first configuration step for the validator we will prepare a folder with the required resources. For this purpose create a root folder named validator with the following subfolders and files:

validator
 |
 +-- resources
      |
      +-- order
           |
           +-- sch
                |
                +-- PurchaseOrder.xsd
           +-- xsd
                |
                +-- LargePurchaseOrder.sch

You will likely note that we are creating several folders of no obvious use. Nonetheless please follow this structure as it will facilitate subsequent steps where we add resources depending on our needs. In terms of meaning of these folders consider the following:

  • validator is the root folder for all files.
  • resources is the root folder for all files that will be considered by the validator.
  • order is the root folder for all files pertinent to purchase order validation. We separate this as the validator could be used to also validate completely different content.
  • sch is the folder containing all Schematron files.
  • xsd is the folder containing all XML Schemas.

Regarding the PurchaseOrder.xsd and LargePurchaseOrder.sch files you can create them from the above content or download them (here: PurchaseOrder.xsd and LargePurchaseOrder.sch). Finally, note that you are free to use any names for the files and folders; the ones used here will however be the ones considered in this guide’s subsequent steps.

Step 3: Prepare validator configuration

After having defined your testing needs and the validation artefacts for your specific case, the next step will be to configure the validator. The validator is defined by a core engine maintained by the test bed team and a layer of configuration, provided by you, that defines its use for a specific scenario. In terms of features the validator supports the following:

  • Validation channels including a SOAP web service API, a web user interface and validation via email.
  • Configuration of XML Schema and Schematron validation artefacts to drive the validation.
  • Definition of different validation types as logically-related sets of validation artefacts.
  • Definition of separate validator configurations that are logically split but run as part of a single validator instance. Such configurations are termed “validation domains”.
  • Customisation of all texts presented to users.

Configuration is provided by means of key-value pairs in a property file. This file can be named as you want but needs to end with the .properties extension. In our case we will name this config.properties and place it within the order folder. Recall that the purpose of this folder is to store all resources relevant to purchase order validation. These are the validation artefacts themselves (PurchaseOrder.xsd and LargePurchaseOrder.sch) and the configuration file (config.properties).

Define the content of the config.properties file as follows:

# The different types of validation to support. These values are reflected in other properties.
validator.type = basic, large
# Labels to describe the defined types.
validator.typeLabel.basic = Basic purchase order
validator.typeLabel.large = Large purchase order
# Validation artefacts (XML Schema) to consider for the "basic" type.
validator.schemaFile.basic = xsd/PurchaseOrder.xsd
# Validation artefacts (XML Schema and Schematron) to consider for the "large" type.
validator.schemaFile.large = xsd/PurchaseOrder.xsd
validator.schematronFile.large = sch/LargePurchaseOrder.sch
# The title to display for the validator's user interface.
validator.uploadTitle = Purchase Order Validator

All validator properties share a validator. prefix. The validator.type property is key as it defines one or more types of validation that will be supported (multiple are provided as a comma-separated list of values). The values provided here are important not only because they define the available validation types but also because they drive most other configuration properties. Regarding the validation artefacts themselves, these are provided by means of the validator.schemaFile and validator.schematronFile properties:

  • validator.schemaFile defines one or more (comma-separated) file paths (relative to the configuration file) to lookup XML Schema files.
  • validator.schematronFile defines one or more (comma-separated) file paths (relative to the configuration file) to lookup Schematron files.

In both cases, each provided path can be for a file or a folder. If a folder is referenced it will load all contained top-level files (i.e. ignoring subfolders). Note that if you define XML Schemas or Schematron files that import or include other files these should not all be provided. You should only specify the path(s) to your “master” files. Finally, if in your case you don’t need e.g. XML Schema or Schematron validation you can simply skip completely the relevant property.

The purpose of the remaining properties is to customise the text descriptions presented to users:

  • validator.typeLabel defines a label to present to users on the validator’s user interface for the type in question.
  • validator.uploadTitle defines the title label to present to users on the validator’s user interface.

Once you have created the config.properties file, the validator folder should be as follows:

validator
 |
 +-- resources
      |
      +-- order
           |
           +-- config.properties
           +-- sch
                |
                +-- PurchaseOrder.xsd
           +-- xsd
                |
                +-- LargePurchaseOrder.sch

This limited configuration file assumes numerous default configuration properties. An important example is that by default, the validator will expose a web user interface and a SOAP web service API. This configuration is driven through the validator.channels property that by default is set to form, webservice (for a user form and SOAP web service respectively). All configuration properties provided in config.properties relate to the specific domain in question, notably purchase orders, reflected in the validator’s resources as the order folder. Although rarely needed, you may define additional validation domains each with its own set of validation artefacts and configuration file (see Configuring additional validation domains for details on this). Finally, if you are planning to host your own validator instance you can also define configuration at the level of the complete validator (see Additional configuration options regarding application-level configuration options).

For the complete reference of all available configuration properties and their default values refer to section Validator configuration properties.

Step 4: Setup validator as Docker container

Note

When to setup a Docker container: The purpose of setting up your validator as a Docker container is to host it yourself or run it locally on workstations. If you prefer or don’t mind the validator being accessible over the Internet it is simpler to delegate hosting to the test bed team by reusing the test bed’s infrastructure. If this is the case skip this section and go directly to Step 5: Setup validator on test bed. Note however that even if you opt for a validator managed by the test bed, it may still be interesting to create a Docker image for development purposes (e.g. to test new validation artefact versions) or to make available to your users as a complementary service (i.e. use online or download and run locally).

Once the validator’s configuration is ready (configuration file and validation artefacts) you can proceed to create a Docker image.

The configuration for your image is driven by means of a Dockerfile. Create this file in the validator folder with the following contents:

FROM isaitb/xml-validator:latest
COPY resources /validator/resources/
ENV validator.resourceRoot /validator/resources/

This Dockerfile represents the most simple Docker configuration you can provide for the validator. Let’s analyse each line:

FROM isaitb/xml-validator:latest This tells Docker that your image will be built over the latest version of the test bed’s isaitb/xml-validator image. This represents the validator’s core that expects configuration to drive the validation. It is available on the public Docker Hub and as such can be directly used through any Docker installation with Internet access.
COPY resources /validator/resources/ This copies your resources folder to the image under path /validator/resources/.
ENV validator.resourceRoot /validator/resources/ This instructs the validator that it should consider as the root of all its configuration resources the /validator/resources/ folder (which was just copied into it).

The contents of the validator folder should now be as follows:

validator
 |
 +-- Dockerfile
 +-- resources
      |
      +-- order
           |
           +-- config.properties
           +-- sch
                |
                +-- PurchaseOrder.xsd
           +-- xsd
                |
                +-- LargePurchaseOrder.sch

That’s it. To build the Docker image open a command prompt to the validator folder and issue:

docker build -t po-validator .

This command will create a new local Docker image named po-validator based on the Dockerfile it finds in the current directory. It will proceed to download missing images (e.g. the isaitb/xml-validator:latest image) and eventually print the following output:

Sending build context to Docker daemon  32.77kB
Step 1/3 : FROM isaitb/xml-validator:latest
---> 39ccf8d64a50
Step 2/3 : COPY resources /validator/resources/
---> 66b718872b8e
Step 3/3 : ENV validator.resourceRoot /validator/resources/
---> Running in d80d38531e11
Removing intermediate container d80d38531e11
---> 175eebf4f59c
Successfully built 175eebf4f59c
Successfully tagged po-validator:latest

The new po-validator:latest image can now be pushed to a local Docker registry or to the Docker Hub. In our case we will proceed directly to run this as follows:

docker run -d --name po-validator -p 8080:8080 po-validator:latest

This command will create a new container named po-validator based on the po-validator:latest image you just built. It is set to run in the background (-d) and expose its internal listen port through the Docker machine (-p 8080:8080). Note that by default the listen port of the container (which you can map to any available host port) is 8080.

Your validator is now online and ready to validate XML documents. If you want to try it out immediately skip to Step 6: Use the validator. Otherwise, read on to see additional configuration options for the image.

Configuring additional validation domains

Up to this point you have configured validation for purchase orders which defines one or more validation types (basic and large). This configuration can be extended by providing additional types to reflect:

  • Additional profiles with different business rules (e.g. minimal).
  • Specification versions (e.g. basic_v1.0, large_v1.0, basic_v1.1_beta).
  • Other types of content that are linked to purchase orders (e.g. purchase_order_basic_v1.0 and order_receipt_v1.0).

All such extensions would involve defining potentially additional validation artefacts and updating the config.properties file accordingly.

Apart from extending the validation possibilities linked to purchase orders you may want to configure a completely separate validator to address an unrelated specification that would most likely not be aimed to the same user community. To do so you have two options:

  • Repeat the previous steps to define a separate configuration and a separate Docker image. In this case you would be running two separate containers that are fully independent.
  • Reuse your existing validator instance to define a new validation domain. The result will be two validation services that are logically separate but are running as part of a single validator instance.

The rationale behind the second option is simply one of required resources. If you are part of an organisation that needs to support validation for dozens of different XML-based specifications that are unrelated, it would probably be preferable to have a single application to host rather than one per specification.

In your current single domain setup, the purchase order configuration is reflected through folder order. The name of this folder is also by default assumed to match the name of the domain. A new domain could be named invoice that is linked to XML-based invoices. This is represented by an invoice folder next to order that contains similarly its validation artefacts and domain-level configuration property file. Considering this new domain, the contents of the validator folder would be as follows:

validator
 |
 +-- Dockerfile
 +-- resources
      |
      +-- invoice
        (Further contents skipped)
      +-- order
        (Further contents skipped)

If you were now to rebuild the validator’s Docker image this would setup two logically-separate validation domains (invoice and order).

Note

Validation domains vs types: In almost all scenarios you should be able to address your validation needs by having a single validation domain with multiple validation types. Validation types under the same domain will all be presented as options for users. Splitting in domains would make sense if you don’t want the users of one domain to see the supported validation types of other domains.

Important: Support for such configuration is only possible if you are defining your own validator as a Docker image. If you plan to use the test bed’s shared validator instance (see Step 5: Setup validator on test bed), your configuration needs to be limited to a single domain. Note of course that if you need additional domains you can in this case simply repeat the configuration process multiple times.

Additional configuration options

We have seen up to now that configuring how validation takes place is achieved through domain-level configuration properties provided in the domain configuration file (file config.properties in our example). When setting up the validator as a Docker image you may also make use of application-level configuration properties to adapt the overall validator’s operation. Such configuration properties are provided as environment variables through ENV directives in the Dockerfile.

We already saw this when defining the validator.resourceRoot property that is the only mandatory property for which no default exists. Other such properties that you may choose to override are:

  • validator.domain: A comma-separated list of names that are to be loaded as the validator’s domains. By default the validator scans the provided validator.resourceRoot folder and selects as domains all subfolders that contain a configuration property file (folder order in our case). You may want to configure the list of folder names to consider if you want to ensure that other folders get ignored.
  • validator.domainName.DOMAIN: A mapping for a domain (replacing the DOMAIN placeholder) that defines the name that should be presented to users. This would be useful if the folder name itself (order in our example) is not appropriate (e.g. if the folder was named files).
  • validator.acceptedMimeTypes: The mime types of received XML files to consider as acceptable input for the validator.
  • validator.acceptedSchematronExtensions: The file extensions to consider when looking up Schematron files.

The following example Dockerfile illustrates use of these properties. The values set correspond to the applied defaults so the resulting Docker images from this Dockerfile and the original one (see Step 4: Setup validator as Docker container) are in fact identical:

FROM isaitb/xml-validator:latest
COPY resources /validator/resources/
ENV validator.resourceRoot /validator/resources/
ENV validator.domain order
ENV validator.domainName.order order
ENV validator.acceptedMimeTypes application/xml, text/xml, text/plain
ENV validator.acceptedSchematronExtensions xsl, xslt, sch

See Application-level configuration for the full list of supported application-level properties.

Finally, it may be the case that you need to adapt further configuration properties that relate to how the validator’s application is ran. The validator is built as a Spring Boot application which means that you can override all configuration properties by means of environment variables. This is rarely needed as you can achieve most important configuration through the way you run the Docker container (e.g. defining port mappings). Nonetheless the following adapted Dockerfile shows how you could ensure the validator’s application starts up on another port (9090) and uses a specific context path (/ctx).

FROM isaitb/xml-validator:latest
COPY resources /validator/resources/
ENV validator.resourceRoot /validator/resources/
ENV server.servlet.context-path /ctx
ENV server.port 9090

Note

Custom port: Even if you define the server.port property to a different value other than the default 8080 this remains internal to the Docker container. The port through which you access the validator will be the one you map on your host through the -p flag of the docker run command.

The full list of such application configuration properties, as well as their default values, are listed in the Spring Boot configuration property documentation.

Step 5: Setup validator on test bed

Note

When to setup on test bed resources: Setting up your validator on the test bed’s resources removes hosting concerns and allows you to benefit from automatic service reloads for configuration changes. In doing so however you need to keep in mind that the validator will be exposed over the Internet. If this approach is not suitable for you (e.g. you want to expose the validator within a restricted network) you should consider setting up the validator as a Docker container (see Step 4: Setup validator as Docker container) that you can then host as you see fit.

To configure a validator using the test bed’s resources all you need to do is get in touch with the test bed team and provide the validator’s configuration. Specifically:

  1. Send an email to DIGIT-ITB@ec.europa.eu describing your case: This step is needed for two reasons. Firstly you may want to have a further discussion and potentially a demo to better understand the available options. Secondly the test bed’s team would need to ensure that you qualify to use its resources (to e.g. avoid that you are a private company planning to offer commercial validation services).
  2. Share the configuration for the validator: Once contact has been established you need to provide the initial configuration for the validator.

Regarding the second step, the validator’s configuration to be shared is the contents of the validator folder as described in Step 3: Prepare validator configuration. The eventual goal here will be to have the configuration available through an accessible Git repository. This can be done in a number of ways listed below in decreasing order of preference:

  • Create a new Git repository: You can push all resources (the validator folder) to a new Git repository (e.g. on GitHub or the European Commission’s CITNet Bitbucket server). You can of course add any other resources to this repository as you see fit (e.g. a README file). Once done provide the repository’s URL to the test bed team.
  • Provide the resources to the test bed team: You can send the configuration files themselves to the test bed’s team (e.g. make an archive of the validator folder). Ideally you should define the configuration file but if in doubt you can simply describe the resources and the test bed team will prepare the initial configuration for you. When following this approach a new Git repository will be created for you on the European Commission’s CITNet Bitbucket server for which you will be assigned write access (assuming you have a CITNet user account).
  • Update an existing Git repository: If you already have a Git repository to maintain the validation artefacts you can reuse this by adding to it the required configuration file (config.properties in our case). When ready you will need to provide the test bed team with the URL to the repository and the location of the configuration file.

Following the initial configuration, the resulting Git repository will be monitored to detect any changes to the validation artefacts or the configuration file. If such a change is detected, the validation service will be automatically updated within a few minutes.

Note

Using a dedicated Git repository for the validator: Whether you define a new Git repository yourself or the test bed team creates one for you, the result is a repository that is dedicated to the validator. This approach is preferable to reusing an existing Git repository to avoid unwanted changes to the validator. whether or not this is done through GitHub, CITNet’s Bitbucket or another service depends on what best suits your needs.

As part of the initial setup for the validator the test bed team will also configure how it is accessed. The name used will match the name of the folder that contains your configuration file (order in the considered example), but this can differ according to your preferences. If this is the case make sure to inform the test bed team of your preferred naming.

Considering our example, for a name of order, the resulting root URL through which the validator will be accessed is https://www.itb.ec.europa.eu/order. The specific paths will depend on the supported validation channels as described in Step 6: Use the validator.

Step 6: Use the validator

Well done! At this step your validator has been successfully configured and is ready to use. Depending on which approach was followed, this may have been done either:

The validation channels that are supported depend on the configuration you have supplied. This is done through the validator.channels property of your configuration file (config.properties) that defaults to form, webservice. The supported channels are as follows:

  • form: A web user interface allowing a user to upload the XML document to validate.
  • webservice: A SOAP web service API allowing for machine-to-machine integration.
  • email: Validation via email exchange (disabled by default).

The following sub-sections describe how each channel can be used considering the example EU purchase order specification.

Validation via user interface

The validator’s user interface is available at the /upload path. The exact path depends on how this is deployed:

The first page that you see is a simple form to upload the file to validate.

../_images/validator_upload1.png

This form expects the following input:

  • File to validate: The file that will be validated. Clicking anywhere on this will open a file browser dialog.
  • Validate as: The type of validation to apply.

Note that all displayed labels can be adapted through the config.properties configuration file (see Properties related to UI labels). In addition, notice that the available validation types match the ones defined in the validator.type property, displayed using the validator.typeLabel.TYPE labels.

../_images/validator_upload_selected1.png

It is worth noting also that if your configuration defined only a single validation type, the user interface would be simplified by presenting only a single file upload input.

../_images/validator_upload_simple1.png

Once a file has been uploaded and the validation type is selected click the Upload button to trigger the validation. Upon completion you will be presented with the validation results:

../_images/validator_result1.png

This screen includes an overview of the result listing:

  • The validation timestamp (in UTC), the name of the validated file and the applied validation type.
  • The overall result (SUCCESS or FAILURE).
  • The number of errors, warnings and information messages.

This section is followed by the Details panel, where the details of each report item are listed:

  • It’s type (whether this is an error, warning or information message).
  • It’s description.
  • It’s location in the provided input.

Clicking on each item’s details will open a popup that shows within the provided content the specific point that triggered the issue:

../_images/validator_result_errordetail.png

In terms or reporting, apart from the on-screen display, buttons are available allowing you to download the validation report:

  • Download XML report: Download as XML (in GITB TRL syntax - sample here).
  • Download PDF report: Download as PDF (sample here).

Note that these download buttons are initially disabled but are enabled as soon as the respective reports become available.

Finally, to trigger a new validation you may either use the form from the top of the result screen or click on the form’s title that will take you back to the previous page.

Validation via SOAP web service API

The validator’s SOAP API is available under the /api path. The exact path depends on how this is deployed (path to WSDL provided):

Note that the api and order path elements are intentionally inverted in the Docker case. This inconsistency is due to a technical restriction that however doesn’t apply when running on the test bed.

The SOAP API used is the GITB validation service API, meaning that the validator is a GITB-compliant validation service. The importance of this is that apart from using it directly, this SOAP API allows integration of the validator in more complex conformance testing scenarios as a validation step in GITB TDL test cases. This potential is covered further in Step 7: Use the validator in GITB TDL test cases.

The operations supported are as follows:

  • getModuleDefinition: Called to return information on how to call the service (i.e. what inputs are expected).
  • validate: Called to trigger validation for provided content.

You can download this SOAP UI project that includes sample calls of these operations (make sure to change the service URL to match your setup).

Regarding the getModuleDefinition operation, a request of:

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:v1="http://www.gitb.com/vs/v1/">
   <soapenv:Header/>
   <soapenv:Body>
      <v1:GetModuleDefinitionRequest/>
   </soapenv:Body>
</soapenv:Envelope>

Will produce a response as follows:

<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
   <soap:Body>
      <ns4:GetModuleDefinitionResponse xmlns:ns2="http://www.gitb.com/core/v1/" xmlns:ns3="http://www.gitb.com/tr/v1/" xmlns:ns4="http://www.gitb.com/vs/v1/">
         <module operation="V" id="ValidatorService">
            <ns2:metadata>
               <ns2:name>ValidatorService</ns2:name>
               <ns2:version>1.0.0</ns2:version>
            </ns2:metadata>
            <ns2:inputs>
               <ns2:param type="string" name="type" use="R" kind="SIMPLE"/>
               <ns2:param type="object" name="xml" use="R" kind="SIMPLE"/>
            </ns2:inputs>
         </module>
      </ns4:GetModuleDefinitionResponse>
   </soap:Body>
</soap:Envelope>

This response can be customised through configuration properties in config.properties to provide descriptions specific to your setup. For example, extending config.properties with the following:

...
validator.webServiceId = PurchaseOrderValidator
validator.webServiceDescription.xml = The purchase order XML file to validate
validator.webServiceDescription.type = The type of validation to perform ('basic' or 'large')

Will produce a response as follows:

<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
   <soap:Body>
      <ns4:GetModuleDefinitionResponse xmlns:ns2="http://www.gitb.com/core/v1/" xmlns:ns3="http://www.gitb.com/tr/v1/" xmlns:ns4="http://www.gitb.com/vs/v1/">
         <module operation="V" id="PurchaseOrderValidator">
            <ns2:metadata>
               <ns2:name>PurchaseOrderValidator</ns2:name>
               <ns2:version>1.0.0</ns2:version>
            </ns2:metadata>
            <ns2:inputs>
               <ns2:param type="string" name="type" use="R" kind="SIMPLE" desc="The type of validation to perform ('basic' or 'large')"/>
               <ns2:param type="object" name="xml" use="R" kind="SIMPLE" desc="The purchase order XML file to validate"/>
            </ns2:inputs>
         </module>
      </ns4:GetModuleDefinitionResponse>
   </soap:Body>
</soap:Envelope>

Running the validation itself is done through the validate operation. This expects two inputs:

  • xml: The XML content to validate.
  • type: The type of validation to perform (optional if a single type is defined).

Interestingly, the content to validate can be provided by any of three means that are determined by the input element’s embeddingMethod attribute. Specifically:

  • STRING: The content is provided as an embedded text within the request.
  • BASE64: The content is provided as a BASE64 encoded string.
  • URI: The content is to be loaded remotely from the provided URI.

The sample SOAP UI project includes sample requests per case. As an example, validating via URI would be done using the following envelope:

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:v1="http://www.gitb.com/vs/v1/" xmlns:v11="http://www.gitb.com/core/v1/">
   <soapenv:Header/>
   <soapenv:Body>
      <v1:ValidateRequest>
         <sessionId>?</sessionId>
         <input name="xml" embeddingMethod="URI">
            <v11:value>https://www.itb.ec.europa.eu/files/samples/po-sample-invalid.xml</v11:value>
         </input>
         <input name="type" embeddingMethod="STRING">
            <v11:value>large</v11:value>
         </input>
      </v1:ValidateRequest>
   </soapenv:Body>
</soapenv:Envelope>

With the resulting report provided as follows:

<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
   <soap:Body>
      <ns4:ValidationResponse xmlns:ns2="http://www.gitb.com/core/v1/" xmlns:ns3="http://www.gitb.com/tr/v1/" xmlns:ns4="http://www.gitb.com/vs/v1/">
         <report>
            <ns3:date>2019-06-05T15:08:21.537Z</ns3:date>
            <ns3:result>FAILURE</ns3:result>
            <ns3:counters>
               <ns3:nrOfAssertions>0</ns3:nrOfAssertions>
               <ns3:nrOfErrors>1</ns3:nrOfErrors>
               <ns3:nrOfWarnings>0</ns3:nrOfWarnings>
            </ns3:counters>
            <ns3:context>
               <ns2:item name="xml" embeddingMethod="STRING">
                  <ns2:value><![CDATA[<?xml version="1.0"?>
<purchaseOrder xmlns="http://itb.ec.europa.eu/sample/po.xsd" orderDate="2018-01-22">
  <shipTo country="BE">
    <name>John Doe</name>
    <street>Europa Avenue 123</street>
    <city>Brussels</city>
    <zip>1000</zip>
  </shipTo>
  <billTo country="BE">
    <name>Jane Doe</name>
    <street>Europa Avenue 210</street>
    <city>Brussels</city>
    <zip>1000</zip>
  </billTo>
  <comment>Send in one package please</comment>
  <items>
    <item partNum="XYZ-123876">
      <productName>Mouse</productName>
      <quantity>5</quantity>
      <priceEUR>15.99</priceEUR>
      <comment>Confirm this is wireless</comment>
    </item>
    <item partNum="ABC-32478">
      <productName>Keyboard</productName>
      <quantity>15</quantity>
      <priceEUR>25.50</priceEUR>
    </item>
  </items>
</purchaseOrder>]]></ns2:value>
               </ns2:item>
            </ns3:context>
            <ns3:reports>
               <ns3:error xsi:type="ns3:BAR" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
                  <ns3:description>[PO-01] The quantities of items for large orders must be greater than 10.</ns3:description>
                  <ns3:location>xml:17:0</ns3:location>
                  <ns3:test>number(po:quantity) > 10</ns3:test>
               </ns3:error>
            </ns3:reports>
         </report>
      </ns4:ValidationResponse>
   </soap:Body>
</soap:Envelope>

The returned report uses the GITB TRL syntax and is the same as the XML report you can download from the user interface (see Validation via user interface). It includes:

  • The validation timestamp (in UTC).
  • The overall result (SUCCESS or FAILURE).
  • The count of errors, warnings and information messages.
  • The context for the validation (i.e. the XML that was validated).
  • The list of report items displaying per item its description, location in the validated content and performed test.

Validation via email

Validation via email takes place by configuring a mailbox for the validator (at the level of a validation domain) and validating any documents sent to it. The validator processes the XML attachments contained in an incoming message that are validated for a configured validation type based on how they are named. Specifically, the validation type is added as a prefix to the attached file name followed by a .. For example, an attachment named basic.myFile.xml will be validated against the basic validation type.

Note

Validation type names when email validation is enabled: The target validation type is determined by the part of the attachment’s name up to the first .. This means that an attachment named v1.2.myFile.xml will attempt validation for a v1 validation type rather than a v1.2 type. To avoid such issues, ensure your validation type identifiers don’t include . separators if you plan to enable validation via email (e.g. use v1_2 instead of v1.2).

Once validation is completed for all attachments, the results are returned as a reply addressed to the received email’s sender. This email includes for each validated document the XML and PDF version of the validation report as attachments. These are complemented by a summary message in the email’s body such as:

Validation report for [basic.myFile.xml]:
- Date: 14/06/2019 12:43:20
- Result: FAILURE
- Errors: 5
- Warnings: 2
- Messages: 0
- Detailed report in: XML [basic.myFile.report.xml] and PDF [basic.myFile.report.pdf]

Note

Enabling email validation: Validation via email is by default disabled. To enable it you will need to ensure availability of a mail server and mailbox for which you will need to configure its inbound (SMTP) and outbound (IMAP/POP) parameters. See Properties related to email for the properties to configure.

Step 7: Use the validator in GITB TDL test cases

As a next step over the standalone XML validator you may consider using it from within GITB TDL test cases running in the test bed. You would typically do this for the following reasons:

  • You want to control access to the validation service based on user accounts.
  • You prefer to record all data linked to validations (for e.g. subsequent inspection).
  • You want to build complete conformance testing scenarios that are either focused on the validator or that use it as part of validation steps.

As described in Validation via SOAP web service API, the standalone XML validator offers by default a SOAP API for machine-to-machine integration that realises the GITB validation service specification. In short this means that the service can be easily included in any GITB TDL test case as the handler of a verify step. This is done by supplying as the handler value the full URL to the service’s WSDL, as illustrated in the following example that requests the user to upload the file to validate:

<?xml version="1.0" encoding="UTF-8"?>
<testcase id="testCase1_upload" xmlns="http://www.gitb.com/tdl/v1/" xmlns:gitb="http://www.gitb.com/core/v1/">
    <metadata>
        <gitb:name>testCase1_upload</gitb:name>
        <gitb:version>1.0</gitb:version>
        <gitb:description>Test case that allows the developer of an EU retailer system to upload a purchase order for validation.</gitb:description>
    </metadata>
    <variables>
        <var name="purchaseOrderToValidate" type="binary"/>
    </variables>
    <actors>
        <gitb:actor id="Retailer" name="Retailer" role="SUT"/>
    </actors>
    <steps>
        <interact desc="Upload content">
            <request desc="Purchase order to validate:">$purchaseOrderToValidate</request>
        </interact>
        <verify handler="https://www.itb.ec.europa.eu/order/api/validation?wsdl" desc="Validate purchase order">
            <input name="xml">$purchaseOrderToValidate</input>
            <input name="type">"basic"</input>
        </verify>
    </steps>
</testcase>

Notice in this example how the xml and type inputs are provided as input elements to the verify step. We included the type input because we define two validation types (basic and large) but this could be omitted if only a single validation type is supported. In addition, note that although you can define the service’s WSDL URL directly, a better approach to improve portability is to define this in the test bed’s domain configuration as a domain parameter. Defining a validationService parameter in the domain you could thus redefine the verify step as:

...
<verify handler="$DOMAIN{validationService}" desc="Validate purchase order">
    ...
</verify>
...

Using an external service for XML validation is not the only way to support XML validation from within a test case. The test bed actually offers numerous embedded validators to cover most XML validation needs:

  • The XSDValidator to check syntax against an XSD.
  • The SchematronValidator to validate content against business rules.
  • The XPathValidator to validate content through XPath expressions (resulting in true or false values).
  • The XmlMatchValidator to check an XML document against a given template (potentially skipping certain elements or complete sections).

Given these built-in validators you may wonder why use an external service to begin with. The following are reasons you may choose to do so:

  • To allow data validation also as a separate public, anonymous and stateless service. If you need to define such a service you might as well reuse it within test cases.
  • To simplify management of validation artefacts. Artefacts used in test cases such as XSDs and Schematrons need to either be included in each test suite or referred to remotely through URIs. Given multiple test suites and artefacts it is likely simpler to bundle resources once in a separate validation service where you can have a single update reflected automatically across all relevant test cases.
  • To aggregate reporting. If your needs include validation against multiple independent XSDs and Schematrons, each relevant verify step will produce a separate report. It may be preferable in such a case to always have a single aggregated report produced by the external service regardless of how underlying artefacts are organised.

Summary

Congratulations! You have just setup a validation service for your XML specification. In doing so you considered your needs and defined your service through configuration on the ISA² test bed or as a Docker container. In addition, you used this service via its different APIs and considered how this could be used as part of complete conformance testing scenarios.

See also

In Step 7: Use the validator in GITB TDL test cases we briefly touched upon using the test bed for complete conformance testing scenarios. If this interests you, several additional guides are available that can provide you with further information:

For the full information on GITB TDL test cases check out the GITB TDL documentation, the reference for all test step constructs as well as a source of numerous complete examples.

In case you need to consider also validation of RDF-based specifications, the test bed provides similar support to easily configure and use an RDF validator based on SHACL shapes. For more information on this check Guide: Setting up RDF validation.

Finally, for more information on Docker and the commands used in this guide, check out the Docker online documentation.

References

This section contains additional references linked to this guide.

Validator configuration properties

The following sections list the configuration properties you can use to customise the operation of your validation service.

Domain-level configuration

The properties in this section are to be provided in the configuration property file (one per configured validation domain) you define as part of your validator configuration.

Property Description Type Default value
validator.channels Comma-separated list of validation channels to have enabled. Possible values are (form, email, webservice). Comma-separated Strings form, webservice
validator.type Comma-separated list of supported validation types. Values need to be reflected in properties validator.typeLabel, validator.schemaFile, validator.schematronFile. Comma-separated Strings  
validator.typeLabel.XYZ Label to display in the web form for a given validation type (added as a postfix of validator.typeLabel). Only displayed if there are multiple types. String  
validator.webServiceId The ID of the web service. String ValidatorService
validator.webServiceDescription.xml The description of the web service for element “xml”. String  
validator.webServiceDescription.type The description of the web service for element “type”. Only displayed if there are multiple types. String  
validator.schemaFile.XYZ Comma-separated list of XSD files loaded for a given validation type (added as a postfix). These can be a files or folders. Comma-separated Strings  
validator.schematronFile.XYZ Comma-separated list of Schematron files loaded for a given validation type (added as a postfix). These can be files or folders. Comma-separated Strings  
validator.includeTestDefinition Whether test expressions (if available) should be included in the resulting reports. Boolean true
validator.reportsOrdered Whether the report items are to be ordered (errors first, then warnings, then messages). Otherwise the items will appear based on where they were raised in the validated content. Boolean false
validator.showAbout Whether or not to show the about panel on the web UI. Boolean true

Application-level configuration

These properties govern the validator’s application instance itself. They apply only when you are defining your own validator as a Docker image in which case they are supplied as environment variables (ENV directives in a Dockerfile). Note that apart from these properties any Spring Boot configuration property can also be supplied.

Note

Mandatory property: The only mandatory property that needs to be defined is validator.resourceRoot.

Property Description Type Default value
validator.resourceRoot The root folder under which domain subfolders will be loaded from. String  
validator.domain The names of the domain subfolders to consider. By default all folders under validator.resourceRoot will be considered. Comma-separated Strings  
validator.domainName.XYZ The name to display for a given domain folder. This value will also be used in request paths. String The folder name is used.
logging.path Path to a folder that will hold the validator’s log output. String /validator/logs
validator.reportFolder Path to a folder that contains temporary data and reports. String /validator/reports
validator.cleanupPollingRate The rate at which the validator.reportFolder folder is polled for forced cleanup (in ms). Integer 60000
validator.mailPollingRate The rate at which the configured email addresses (if configured) are polled for received input files (in ms). Integer 60000
validator.inputFilePrefix Prefix of input files in the report folder. String ITB-
validator.minimumCachedInputFileAge Time to keep XML input files in milliseconds (600000 = 10 minutes). Integer 600000
validator.reportFilePrefix Prefix of report files in the report folder. String TAR-
validator.acceptedMimeTypes Accepted mime-types for input files. Comma-separated Strings application/xml, text/xml, text/plain
validator.acceptedSchematronExtensions Accepted Schematron file extensions. All other files found in validator.schematronFile.XYZ (when folders are defined) are ignored. Comma-separated Strings xsl, xslt, sch