I have this problem encountered in CXF (or SOAP in general). When I enable MTOM requests on both sides - server and client, my applications works well, Java heap size does not grow exponentially. But problem appears if some client decides to NOT use MTOM to send LARGE (I mean 500MB+ attachments as B64 encoded format) messages, this causes Java heap size to grow exponentially and of course OutOfMemoryException happens.
So How Can I TOTALLY disable non-MTOM messages and force clients to use it. Is there any solution using CXF or something other... I mean to detect non-MTOM messages and throw Fault IMMEDIATELY (without processing the whole XML message). Or is there any solution to restrict non-MTOM message sizes, like if message is ~30MB allow it, otherwise throw Fault.
This is a problem I have been thinking for a long time, and searching a lot about it, unfortunately, not found any solution.
I don't want to give up on SOAP and stick to REST because of contracts. But I think if I won't find any solution that will be only chance I've got.
Any suggestions are appreciated.
The best possible solution that I found was written in http://cxf.apache.org/docs/securing-cxf-services.html
I had to enable org.apache.cxf.stax.maxXMLCharacters property and set its value to a sensisble number for elements... It had an ambiguous description that you had to use insecure parser for doing that but that was not correct.