I have a spring boot project in which I'm facing a data validation issue while doing a post request.
Problem
While doing a post request I'm mapping the request body to a POJO which does not have any javax validations in itself, but the class has fields of another two POJOs which have data validations in them. How can I trigger data validations in the inner POJOs programmatically and throw relevant exceptions if required. I'm using Spring boot v2.5.2.
In the post request I have:
#PostMapping("/signup")
public ResponseEntity<String> addNewUser(#RequestBody #Valid NewUserDetailsPojo newUserDetailsPojo) {
log.debug("Adding new User: {}", newUserDetailsPojo);
Integer userId = userService.addNewUser(newUserDetailsPojo);
if (userId == null) {
return ResponseEntity.badRequest().build();
} else {
URI location = ServletUriComponentsBuilder.fromCurrentRequest().path("/{id}").buildAndExpand(userId).toUri();
return ResponseEntity.created(location).build();
}
}
Where NewUserDetailsPojo is a simple POJO class having structure:
public class NewUserDetailsPojo {
private BasicDetailsPojo basicDetailsPojo;
private DoctorPojo doctorPojo;
// constructor
public NewUserDetailsPojo(BasicDetailsPojo basicDetailsPojo, DoctorPojo doctorPojo) {
/** before mapping the incoming data to the fields, I want to validate the data
* with my predefined javax.validations constraints declared in the respective
* classes
*/
this.basicDetailsPojo = basicDetailsPojo;
this.doctorPojo = doctorPojo;
}
}
So, as I mentioned earlier, NewUserDetailsPojo does not have any data validations in itself, but its two fields which are of the class
BasicDetailsPojo
DoctorPojo
have data validations in them. I want to invoke javax validations in the constructor of NewUserDetailsPojo and throw suitable exceptions if nessecery.
I'm giving the structures of BasicDetailsPojo and DoctorPojo below:
public class BasicDetailsPojo {
#Size(min = 5, message = "Name should be at least 5 characters long")
private String name;
#Email
private String email;
#Size(min = 10, message = "Contact number must be of 10 digits")
private String contactNo;
private String role;
#NotNull
#Size(min = 8, message = "Password must be 8 characters long")
private String password;
}
This is the structure of DoctorPojo:
public class DoctorPojo extends BasicDetailsPojo {
#NotNull
private String regNo;
#NotNull
private String degree;
#NotNull
private String specialization;
private String experience;
}
I think your problem will be fixed by putting #Valid annotation in the NewUserDetailsPojo class over the basicDetailsPojo and doctorPojo atributes
https://docs.jboss.org/hibernate/stable/validator/reference/en-US/html_single/?v=5.3#section-object-graph-validation
Related
I recently came up to an issue related to validation. Typically, I am building a REST api that allow users to create their account including avatars. All of the information should be submitted when user clicks to Register button. So, my server will then receive a request that includes some fields like name (string), birthday (datetime), ... and avatar (multipart file). So, the question is how to validate the received file is a truly image and has an allowed size and simultaneously validate that the others (email, password) are also valid.
For the case that all fields is text, we can easily validate them using the combination of annotations like this
Controller
#PostMapping(path = "")
public ResponseEntity<?> createNewAccount(#RequestBody #Valid RegisterRequest registerRequest) {
Long resourceId = service.createNewCoderAccount(registerRequest);
return ResponseEntity.created(location(resourceId)).build();
}
Request DTO
#ConfirmedPassword
public class RegisterRequest extends BaseRequest implements ShouldConfirmPassword {
#NotBlank(message = "Field 'email' is required but not be given")
#Email
#Unique(message = "Email has been already in use", service = UserValidatorService.class, column = "email")
private String email;
#NotBlank(message = "Field 'password' is required but not be given")
#Size(min = 6, message = "Password should contain at least 6 characters")
private String password;
#NotBlank(message = "Field 'confirmPassword' is required but not be given")
private String confirmPassword;
#NotBlank(message = "Field 'firstName' is required but not be given")
private String firstName;
#NotBlank(message = "Field 'lastName' is required but not be given")
private String lastName;
}
Or in case that the request containing only file(s), we can absolutely do like this
Controller
#PostMapping(path = "/{id}")
public ResponseEntity<?> editChallengeMetadata(
#ModelAttribute ChallengeMetadataRequest request,
BindingResult bindingResult,
#PathVariable("id") Long id,
#CurrentUser User user
) throws BindException {
challengeMetadataRequestValidator.validate(request, bindingResult);
if (bindingResult.hasErrors()) {
throw new BindException(bindingResult);
}
Long challengeId = service.updateChallengeMetadata(id, request, user);
return ResponseEntity.ok(RestResponse.build(challengeId, HttpStatus.OK));
}
Validator
public class ChallengeMetadataRequestValidator implements Validator {
#Override
public boolean supports(#NonNull Class<?> aClass) {
return ChallengeMetadataRequest.class.isAssignableFrom(aClass);
}
#Override
public void validate(#NonNull Object o, #NonNull Errors errors) {
ChallengeMetadataRequest request = (ChallengeMetadataRequest) o;
if (request.getBanner() != null && !request.getBanner().isEmpty()) {
if (!List.of("image/jpeg", "image/png").contains(request.getBanner().getContentType())) {
errors.rejectValue("banner", "challenge.mime-type.not-supported", new String[]{request.getBanner().getContentType()}, "Mime-type is not supported");
}
}
}
}
As you seen above, if I wrap all data (including avatar) in a DTO class, I definitely write its own validator. But what will happen if then I have to write manually hundreds validators like that.
So, do anyone have any idea about it, typically, make the multipart/form-data request becomes simalar with application/json request ?
Thanks and regards,
Iam trying to validate the following Scheme with the Spring Validator:
#RestController
#RequestMapping("/bankcode-service")
#Validated
public class BankcodeController {
#Autowired
Delegator delegator;
#Autowired
Delegator delegator;
#Autowired
BankcodeRepository bankcodeRepository;
#DeleteMapping(path = "/bankcode", consumes = MediaType.APPLICATION_JSON_VALUE)
#ResponseBody
public DeferredResult<ResponseEntity<String>> lock(#Valid HttpEntity<BankcodeJSONEntity> httpEntity) {
DeferredResult<ResponseEntity<String>> response = new DeferredResult<>();
if (httpEntity.getBody() == null) {
response.setResult(new ResponseEntity<>("The request was empty!", HttpStatus.BAD_REQUEST));
return response;
}
response.setResult(delegator.delegateUseCase(new LockBankcodeProd(bankcodeRepository, httpEntity.getBody())));
return response;
}
The DTO used looks like that:
#Data
public class BankcodeJSONEntity {
#NotNull
#Size(min = 8, max = 8)
private String bankcode;
#NotNull
#Size(min = 11, max = 11)
private String bic;
#NotNull
private String ticket;
#Basic
#Temporal(TemporalType.DATE)
#NotNull
private Date date;
#NotNull
private String category;
#NotNull
private String name;
}
But no matter if I pass in:
{"bankcode":"00000000", "bic":"AAAAAAAAAAA", "ticket":"SPOC-000000", "date":"2020-01-17", "category":"Fusion", "name":"Fantasiebank"}
Or an invalid one:
{"bankcode":"21750000", "bic":"AAAAAAAA", "ticket":"SPOC-000000", "date":"2020-01-17", "category":"Fusion", "name":"Fantasiebank"}
There is no constraintvalidationexception thrown. In many Tutorials I've seen that the validation is mostly done with concrete Arguments instead of a DTO. Is the DTO Validation possible because I can only have 7 Constructor Arguments before SonarLint lowers my Code Quality.
What am I doing wrong here?
Please remove HttpEntity from parameter. Change your parameter as #Valid BankcodeJSONEntity entity.
Because HttpEntity represents HTTP request or response including headers and body, usually used with RestTemplate. And for controller, usually as response wrapper.
public DeferredResult<ResponseEntity<String>> lock(#Valid BankcodeJSONEntityentity) {
I'm trying to implement the server side validation using spring. but its not validating. Here is my code sample.
#RestController
#RequestMapping("/api/v1/note")
public class NoteController {
#Autowired
private final NoteService noteService;
#PostMapping
public ResponseEntity<String> create(#Valid #RequestBody final NoteDto noteDto){
noteService.create(noteDto);
return new ResponseEntity<>("sucess", HttpStatus.CREATED);
}
}
POJO..
#Data
#JsonInclude(value = Include.NON_NULL)
public class NoteDto {
#NotEmpty(message = "Building No can't be empty!")
private String buildingNo;
private String buildingName;
#NotEmpty(message = "Street can't be empty!")
}
What am missing here
#Valid annotation that triggers validations on the NoteDto (in this case #NotNull and #Future). These annotations could come from different JSR-303 providers (e.g, Hibernate, Spring..etc).
Example
static class NoteDto {
#NotNull #Future
private Date date;
}
And Remove final.
I'm (new in spring development) creating REST API for my application, CRUD operations are implemented successfully but now I want to implement server side validation. I've also read that there are several ways through which validation could be implemented.
Using given annotations -> #notempty, #email, etc...
Using custom validation -> extending validators
I want to implement both of them in my application, With reference to that,
is it good approach to follow?
OR
Is there any other ways through which validation can be implemented?
Controller
#RestController
public class EmployeeController {
#Autowired
DataServices dataServices;
#Autowired
EmployeeValidator employeeValidator;
#InitBinder
protected void initBinder(WebDataBinder binder) {
binder.addValidators(employeeValidator);
}
#RequestMapping(value = "/employee/", method = RequestMethod.POST)
public ResponseEntity<Object> createUser(
#Valid #RequestBody Employee employee,
UriComponentsBuilder ucBuilder) throws Exception,
DataIntegrityViolationException {
if (dataServices.addEmployee(employee) == 0) {
Error error = new Error(1, "Data integrity violation",
"Email id is already exists.");
return new ResponseEntity<Object>(error, HttpStatus.CONFLICT);
}
HttpHeaders headers = new HttpHeaders();
headers.setLocation(ucBuilder.path("/employee/{id}")
.buildAndExpand(employee.getId()).toUri());
Status status = new Status(1, "Employee has been added successfully.");
return new ResponseEntity<Object>(status, headers, HttpStatus.CREATED);
}
}
Error Handler
#ControllerAdvice
public class RestErrorHandler {
private static final Logger logger = Logger
.getLogger(RestErrorHandler.class);
private MessageSource messageSource;
#Autowired
public RestErrorHandler(MessageSource messageSource) {
this.messageSource = messageSource;
}
#ExceptionHandler(MethodArgumentNotValidException.class)
#ResponseStatus(HttpStatus.BAD_REQUEST)
#ResponseBody
public ValidationErrorDTO processValidationError(
MethodArgumentNotValidException ex) {
logger.debug("Handling form validation error");
BindingResult result = ex.getBindingResult();
List<FieldError> fieldErrors = result.getFieldErrors();
return processFieldErrors(fieldErrors);
}
private ValidationErrorDTO processFieldErrors(List<FieldError> fieldErrors) {
ValidationErrorDTO dto = new ValidationErrorDTO();
for (FieldError fieldError : fieldErrors) {
String localizedErrorMessage = resolveLocalizedErrorMessage(fieldError);
dto.addFieldError(fieldError.getField(), localizedErrorMessage,
fieldError.getDefaultMessage());
}
return dto;
}
private String resolveLocalizedErrorMessage(FieldError fieldError) {
Locale currentLocale = LocaleContextHolder.getLocale();
String localizedErrorMessage = messageSource.getMessage(fieldError,
currentLocale);
// If a message was not found, return the most accurate field error code
// instead.
// You can remove this check if you prefer to get the default error
// message.
if (localizedErrorMessage.equals(fieldError.getDefaultMessage())) {
String[] fieldErrorCodes = fieldError.getCodes();
localizedErrorMessage = fieldErrorCodes[0];
}
return localizedErrorMessage;
}
}
Validator
#Component
public class EmployeeValidator implements Validator {
public boolean supports(Class clazz) {
return Employee.class.isAssignableFrom(clazz);
}
public void validate(Object target, Errors errors) {
ValidationUtils.rejectIfEmptyOrWhitespace(errors, "firstName", errors
.getFieldError().getCode(), "First name is required.");
ValidationUtils.rejectIfEmptyOrWhitespace(errors, "lastName", errors
.getFieldError().getCode(),
"Last name is required.");
ValidationUtils.rejectIfEmptyOrWhitespace(errors, "email", errors
.getFieldError().getCode(),
"Email is required.");
}
}
Model
#Entity
#Table(name = "employee")
#JsonIgnoreProperties({ "hibernateLazyInitializer", "handler" })
public class Employee implements Serializable {
private static final long serialVersionUID = 1L;
#Id
#GeneratedValue
#Column(name = "id")
private long id;
// #NotEmpty(message = "Please enter first name")
#Column(name = "first_name")
private String firstName;
// #NotEmpty(message = "Please enter last name")
#Column(name = "last_name")
private String lastName;
// #NotEmpty(message = "Please enter email address")
#Email(message = "Please enter valid email address")
#Column(name = "email", unique = true)
private String email;
#NotEmpty(message = "Please enter mobile number")
#Size(min = 10, message = "Please enter valid mobile number")
#Column(name = "phone")
private String phone;
//Getter and Setter
}
In your aproach you are using Server side validations but only in the controller layer. Have you tryied to use Bussines layer validations, like Hibernate Validation API http://hibernate.org/validator/
I've used it in a recent project and form me it's a great way to keep data consistent. Some tweaks and utils were needed to make it work as we wanted but it was not too difficult. For example, this validations, by default, are only checked just after persisting a Object in database, but in our controller we needed to make this validations earlier, so you we had to implement a way to call validation mechanism that relies on hibernate validation mechanism. Or, as another example, we had to develop a similar system on a web service to return errors when incoming data was not valid.
One way to use validations when needed is to implement it on all your bussines objects. They can inherit for a class like this:
import java.io.Serializable;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.validation.ConstraintViolation;
import javax.validation.Validation;
import javax.validation.Validator;
import javax.xml.bind.annotation.XmlTransient;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import com.fasterxml.jackson.annotation.JsonIgnore;
public abstract class BusinessObject implements Serializable, IObjectWithReport, IBusinessObject {
private static Log log = LogFactory.getLog(BusinessObject.class.getName());
private final Validator validator = Validation.buildDefaultValidatorFactory().getValidator();
#JsonIgnore
private Set<ConstraintViolation<BusinessObject>> errors;
/* Validation methods */
public final boolean valid() {
preValidate();
errors = new HashSet<ConstraintViolation<BusinessObject>>();
errors = validator.validate(this);
postValidate();
return errors.isEmpty();
}
/**
* Method to be overwriten in subclases so any BO can make some arrangement before checking valid
*/
protected void preValidate() {
log.trace("Generic prevalidate of " + this.getClass().getName());
}
/**
* Method to be overwriten in subclases so any BO can make some arrangement once validation has been made
*/
protected void postValidate() {
log.trace("Generic postValidate of " + this.getClass().getName());
}
public Set<ConstraintViolation<BusinessObject>> getErrors() {
return errors;
}
public boolean hasErrors() {
return errors != null && !errors.isEmpty();
}
}
Note that i use standard javax.validation.Validation API (check references here JPA 2.0 : what is javax.validation.* package?). But the implementation i use is the one from Hibernate.
Pros:
Validations are placed in one single layer, not spread along various layers. So they are easier to maintain.
Better model consistency because of that data is always validated in the same way, independently of how it was generated (user input, web service, pulled from other systems, etc).
Cons:
You need to develop some utils so you can use Model Validations in other layers, but it's not very dificult.
May be overkill if you have a simple project, whithout complexities like many info sources (user input, webservices input, rest services, other database systemas, etc) or interactions.
I have two classes (Beans)
public class BeanOne {
#Min(1)
private Integer idBeanOne;
#NotBlank
private String nameBeanOne;
#NotNull
#Min(1)
private Integer idOther;
// ... Getters and Setters
}
public class BeanTwo {
#Min(1)
private Integer idBeanTwo;
#NotBlank
private String nameBeanTwo;
#NotNull
#Min(1)
private Integer idOtherTwo;
// ... Getters and Setters
}
Controller of Spring
// Method in Controller
#RequestMapping(value = "/name.html", method = RequestMethod.POST)
public #ResponseBody
Map<String, Object> submitInsert(#Valid BeanOne one,
#Valid BeanTwo two, BindingResult result) {
if (result.hasErrors()) {
// Errores
} else {
// :D
}
}
Is there any way that I can validate two or more beans? I have successfully validated a single bean, but I have not been successful in validating two or more beans. How can I do this?
thanks: D
thanks: D
After many attempts to validate two or more beans with JSR303, come to this solution.
public class BeanOne {
#Valid
private BeanTwo beanTwo;
// other beans to validate
#Valid
private BeanN beanN;
#Min(1)
private Integer idBeanOne;
#NotBlank
private String nameBeanOne;
#NotNull
#Min(1)
private Integer idOther;
// ... Getters and Setters
}
public class BeanTwo {
#Min(1)
private Integer idBeanTwo;
#NotBlank
private String nameBeanTwo;
#NotNull
#Min(1)
private Integer idOtherTwo;
// ... Getters and Setters
}
// Controller Spring
#Controller
public class XController {
#Autowired
private Validator validator;
#RequestMapping(value = "/name.html", method = RequestMethod.POST)
public #ResponseBody Map<String, Object>
submitInsert(BeanOne beanOne, BeanTwo beanTwo, BindingResult result) {
beanOne.setBeanTwo(beanTwo);
// beanOne.setBeabN(beanN);
validator.validate(beanOne, result);
if (result.hasErrors()) {
// Errores
} else {
// :D
}
}
// more code ...
}
But now I have another problem :(
I have this file Messages.properties
typeMismatch.java.lang.Integer = Must specify an integer value.
typeMismatch.java.lang.Long = Must specify an integer value.
typeMismatch.java.lang.Float = Must specify a decimal value.
typeMismatch.java.lang.Double=Must specify a decimal value.
This file helps me to catch exceptions, when a field expects a number, and the user enters text
This works perfectly for the first bean (BeanOne) but not for nested beans (BeanTwo, BeanN)
I hope they can help me: D
thanks