I'm building a REST API that uses a #PathParameter for a parent PK and a #RequestBody for the child form parameters. Next I need to validate the #RequestBody values against regex values stored in a database using the param key from the #RequestBody and the parent pk from the #PathParameter, however I've been unable to figure out a good way to add the #PathParameter pk id to the #RequestBody child object before #Valid is called without using #ModelAttribute.
Using #ModelAttribute, I've been able to add the #PathParameter to the #RequestBody object and then validate the #RequestBody object using #Valid. However I found while using #ModelAttribute, Spring no longer throws the MethodArgumentNotValidException therefore eliminating the ability to use a global exception handler.
I found adding BindingResult to the controller handler followed by throwing a new MethodArgumentNotValidException when errors exist the global exception handler could be triggered.
It's my understanding the ModelAttribute is for Spring MVC and not so much RestController since I'm not using the view, I'm wondering if this is a correct approach or whether there's a better solution. Here's a sample of my code.
HTTP Post
localhost:8072/api/clover/graph_run/2
[
{
"graphKey" : "DATA_DIRECTORY",
"graphValue" : "/data/clover-prod"
},
{
"graphKey" : "DATAOUT_DIR",
"graphValue" : "/data/clover-prod/94l"
},
{
"graphKey" : "DELAY_MS",
"graphValue" : "0"
}
]
RestController
#Slf4j
#RestController
#RequiredArgsConstructor
#RequestMapping("/api/clover")
public class GraphRunController {
final CloverServerService cloverServerService;
#PostMapping("/graph_run/{graphId}")
public String graphRun(#ModelAttribute("graphId") #Valid GraphJobDTO graphJobDTO,
BindingResult bindingResult ) throws MethodArgumentNotValidException {
log.debug("GraphRun {}", graphJobDTO);
if (bindingResult.hasErrors()) {
throw new MethodArgumentNotValidException(null, bindingResult);
}
return cloverServerService.runGraph(graphJobDTO);
}
}
ModelAttribute in ControllerAdvise
#Slf4j
#RequiredArgsConstructor
#ControllerAdvice( assignableTypes = {GraphRunController.class})
public class GraphRunControllerAdvise {
final GraphJobRepository graphJobRepository;
#ModelAttribute("graphId")
public GraphJobDTO addGraphId(#PathVariable(value = "graphId") Long graphId,
#RequestBody List<GraphJobPropertyDTO> graphProperties) {
log.debug("ModelAttribute graphId {}", graphId);
//Query database for the graph job and all it's parameters
GraphJob graphJob = graphJobRepository.findById(graphId)
.orElseThrow(() -> new HRINotFoundException("No such job execution."
+ graphId));
GraphJobDTO graphJobDTO = new GraphJobDTO();
graphJobDTO.setGraph(graphJob.getGraph());
graphJobDTO.setGraphProperties(graphProperties);
//Create a map from the database with the key being the GraphKey contained in both the request and the database
Map<String, GraphJobProperty> jobMap = graphJob.getJobProperties().stream().collect(
Collectors.toMap(s -> s.getGraphKey().toUpperCase(), Function.identity()));
graphProperties.forEach(v -> {
String graphKey = v.getGraphKey();
//If the graphKey in the request cannot be found in the database, throw an exception. We will handle the exception
//in th exception handler
if(!jobMap.containsKey(graphKey)) {
throw new HRINotFoundException(String.format("%s is an invalid job parameter.", v.getGraphKey()));
}
//Within the database record is the validation message as well as the regex used to validate the incoming value,
//we set the message and regex in the GraphPropertyDTO object for cross validation later on in the validator.
GraphJobProperty jobProperty = jobMap.get(graphKey);
v.setValidationMessage(jobProperty.getValidationMessage());
v.setValidationRegex(jobProperty.getValidationRegex());
});
//Return the graphJobDTO object for validation
return graphJobDTO;
}
}
Constraint Validator
#Slf4j
public class GraphRegexValidator implements ConstraintValidator<GraphRegex, GraphJobPropertyDTO> {
#Override
public void initialize(final GraphRegex graphRegex) {
}
#Override
public boolean isValid(final GraphJobPropertyDTO dto, final ConstraintValidatorContext context) {
String regex = dto.getValidationRegex();
String value = dto.getGraphValue();
if(regex != null && value != null && !Pattern.matches(regex, value)) {
log.debug("isValid {} - {}", false, dto);
addConstraintViolation(context, getMessage(dto, context));
return false;
}
log.debug("isValid {} - {}", true, dto);
return true;
}
private void addConstraintViolation(ConstraintValidatorContext context, String message) {
context.disableDefaultConstraintViolation();
context.buildConstraintViolationWithTemplate(message).addPropertyNode("graphKey").addConstraintViolation();
}
private String getMessage(GraphJobPropertyDTO dto, ConstraintValidatorContext context) {
return dto.getValidationMessage() != null ? String.format(dto.getValidationMessage(), dto.getGraphValue()) :
context.getDefaultConstraintMessageTemplate();
}
}
DTOs
#Data
public class GraphJobDTO {
#NotNull
Long graphId;
#NotNull
String graph;
#Valid
List<GraphJobPropertyDTO> graphProperties;
}
#Data
#GraphRegex
public class GraphJobPropertyDTO {
String graphKey;
String graphValue;
String validationMessage;
String validationRegex;
}
Related
Lets say I have an Object with two fields which should be validated:
public class AnyRQ {
#MerchantAccountValidation
#JsonProperty(value = "merchant-account")
private MerchantAccount merchantAccount;
#RequestIdValidation
#JsonProperty(value = "request-id")
private String requestId;
}
Both of the Annotations #MerchantAccountValidation and #RequestIdValidation implements a ConstraintValidator and including the rules to be valid or not. (Just show one class)
public class RequestIdValidator
implements ConstraintValidator<RequestIdValidation, String> {
#Override
public boolean isValid(String value, ConstraintValidatorContext context) {
return value != null && value.length() > 10;
}
}
Now I have a Controller with two endpoints. Endpoint 1 should validate both Fields but Request 2 should just validate requestId.
#RestController
#RequestMapping("/validate")
public class ValidController {
#PostMapping("/endpoint1")
public ResponseEntity<?> register(#Valid #RequestBody AnyRQ req, Errors errors) {
if (errors.hasErrors()) {
}
return null;
}
#PostMapping("/endpoint2")
public ResponseEntity<?> authorization(#Valid #RequestBody AnyRQ req, Errors errors) {
if (errors.hasErrors()) {
}
return null;
}
}
Is there any way to achive a kind of priority or inheritance to get this working? I was thinking about to have the Validation Annotation on the method level of the endpoints. But unfortunately this is not working.
Patrick!
To achieve the desired outcome you can use #GroupSequence. It mostly meant for ordering validations (no need to check that entity exists in database, if id is null f.e.), but would work for your task.
Let's say you have 2 validation groups (better names are required :) ):
public interface InitialValidation {
}
#GroupSequence(InitialValidation.class)
public interface InitialValidationGroup {
}
public interface FullValidation {
}
#GroupSequence(FullValidation.class)
public interface FullValidationGroup {
}
Specify them in the DTO:
public class AnyRQ {
#MerchantAccountValidation(groups = FullValidation.class)
#JsonProperty(value = "merchant-account")
private MerchantAccount merchantAccount;
#RequestIdValidation(groups = {InitialValidation.class, FullValidation.class})
#JsonProperty(value = "request-id")
private String requestId;
}
And in the controller use #Validated instead of #Valid to provide corresponding group:
#RestController
#RequestMapping("/validate")
public class ValidController {
#PostMapping("/endpoint1")
public ResponseEntity<?> register(#Validated(FullValidationGroup.class) #RequestBody AnyRQ req, Errors errors) {
if (errors.hasErrors()) {
}
return null;
}
#PostMapping("/endpoint2")
public ResponseEntity<?> authorization(#Validated(InitialValidationGroup.class) #RequestBody AnyRQ req, Errors errors) {
if (errors.hasErrors()) {
}
return null;
}
}
The other option is to keep one group in DTO, but specify two groups in controller for #Validated.
In Spring boot.
I want to do field validation and return an error if the input does not exist in the database.
I am trying to write the custom annotation for multiple input fields.
The controller is as below
#RestController
#Api(description = "The Mailer controller which provides send email functionality")
#Validated
public class SendMailController {
#Autowired
public SendMailService sendemailService;
org.slf4j.Logger logger = LoggerFactory.getLogger(SendMailService.class);
#RequestMapping(method = RequestMethod.POST, value = "/sendMail", consumes = {MediaType.TEXT_XML_VALUE, MediaType.APPLICATION_JSON_VALUE}, produces = {"text/xml", "application/json"})
#ResponseBody
#Async(value = "threadPoolTaskExecutor")
#ApiOperation("The main service operation which sends one mail to one or may recipient as per the configurations in the request body")
public Future<SendMailResult> sendMail(#ApiParam("Contains the mail content and configurations to be used for sending mail") #Valid #RequestBody MailMessage message) throws InterruptedException {
SendMailResult results = new SendMailResult();
try {
sendemailService.sendMessages(message);
long txnid = sendemailService.createAudit (message);
results.setTxnid (txnid);
results.setStatus("SUCCESS");
} catch(MessagingException | EmailServiceException e) {
logger.error("Exception while processing sendMail " + e);
results.setStatus("FAILED");
// TODO Handle error create results
e.printStackTrace();
} catch(Exception e) {
logger.error("Something went wrong " + e);
results.setStatus("FAILED");
// TODO Handle error create results
e.printStackTrace();
}
return new AsyncResult<SendMailResult>(results);
}
}
one DTO that is mapped with request
public class MailContext {
#NotNull
private String clientId;
#NotNull
private String consumer;
public int getClientId() {
return Integer.parseInt(clientId);
}
public void setClientId(String clientId) {
this.clientId = clientId;
}
public String toJson() throws JsonProcessingException {
ObjectMapper mapper = new ObjectMapper();
String writeValueAsString = mapper.writeValueAsString(this);
return writeValueAsString;
}
}
Request xml
<mailMessage>
<mailContext>
<clientId>10018</clientId>
<consumer>1</consumer>
</mailContext>
</mailMessage>
I want to write a custom annotation to validate client which exists in the database (table client_tbl) if provided in the request.
consumer: is present in database table cunsumer_tbl
if these not present in database send error message else call service method.
Please suggest how to write such custom annotation with the error.
I know another way to validate this.
Inside your controller, you can register a validator.
#InitBinder
public void setup(WebDataBinder webDataBinder) {
webDataBinder.addValidators(dtoValidator);
}
Where dtoValidator is an instance of Spring Bean, for example, which must implements org.springframework.validation.Validator.
So, you just have to implement two methods: supports() and validate(Object target, Errors errors);
Inside supports() method you can do whatever you want to decide whether the object should be validated by this validator or not. (for example, you can create an interface WithClientIdDto and if the tested object isAssignableFrom() this interface you can do this validation. Or you can check your custom annotation is presented on any field using reflection)
For example: (AuthDtoValidator.class)
#Override
public boolean supports(Class<?> clazz) {
return AuthDto.class.isAssignableFrom(clazz);
}
#Override
public void validate(Object target, Errors errors) {
final AuthDto dto = (AuthDto) target;
final String phone = dto.getPhone();
if (StringUtils.isEmpty(phone) && StringUtils.isEmpty(dto.getEmail())) {
errors.rejectValue("email", "", "The phone or the email should be defined!");
errors.rejectValue("phone", "", "The phone or the email should be defined!");
}
if (!StringUtils.isEmpty(phone)) {
validatePhone(errors, phone);
}
}
UPDATE:
You can do that.
Create an annotation
for example:
#Target({ FIELD })
#Retention(RUNTIME)
#Constraint(validatedBy = ClientIdValidator.class)
#Documented
public #interface ClientId {
String message() default "{some msg}";
Class<?>[] groups() default { };
Class<? extends Payload>[] payload() default { };
}
and implement this validator:
class ClientIdValidator implements ConstraintValidator<ClientId, Long> {
#Override
public boolean isValid(Long value, ConstraintValidatorContext context) {
//validation logc
}
}
More details you can find here: https://reflectoring.io/bean-validation-with-spring-boot/
I am building project on spring boot and want to add validation that are easy to integrate.
I have Pojo for my project as below:
public class Employee{
#JsonProperty("employeeInfo")
private EmployeeInfo employeeInfo;
}
EmployeeInfo class is as below:
public class EmployeeInfo extends Info {
#JsonProperty("empName")
private String employeeName;
}
Info class is as below:
#JsonIgnoreProperties(ignoreUnknown = true)
public class Info {
#JsonProperty("requestId")
protected String requestId;
}
How to I validate if request Id is not blank with javax.validation
My controller class is as below:
#RequestMapping(value = "/employee/getinfo", method = RequestMethod.GET, consumes = MediaType.APPLICATION_JSON_VALUE, produces = MediaType.APPLICATION_JSON_VALUE)
public ResponseEntity<> getEmployee(#RequestBody Employee employee) {
//need to validate input request here
//for e.g to check if requestId is not blank
}
Request :
{
"employeeInfo": {
"requestId": "",
}
}
Considering you are making use of validation-api:
Please try using below to validate if your String is not null or not containing any whitespace
#NotBlank
In order to validate request parameters in controller methods, you can either use builtin validators or custom one(where you can add any type of validations with custom messages.)
Details on how to use custom validations in spring controller, Check how to validate request parameters with validator like given below:
#Component
public class YourValidator implements Validator {
#Override
public boolean supports(Class<?> clazz) {
return clazz.isAssignableFrom(Employee.class);
}
#Override
public void validate(Object target, Errors errors) {
if (target instanceof Employee) {
Employee req = (Employee) target;
ValidationUtils.rejectIfEmptyOrWhitespace(errors, "employeeInfo.requestId", "YourCustomErrorCode", "yourCustomErrorMessage");
//Or above validation can also be done as
if(req.getEmployeeInfo().getRequestId == null){
errors.rejectValue("employeeInfo.requestId", "YourCustomErrorCode", "YourCustomErrorMessage");
}
}
}
}
What's the simplest approach to validating a complex JSON object being passed into a GET REST contoller in spring boot that I am mapping with com.fasterxml.jackson.databind.ObjectMapper?
Here is the controller:
#RestController
#RequestMapping("/products")
public class ProductsController {
#GetMapping
public ProductResponse getProducts(
#RequestParam(value = "params") String requestItem
) throws IOException {
final ProductRequest productRequest =
new ObjectMapper()
.readValue(requestItem, ProductRequest.class);
return productRetriever.getProductEarliestAvailabilities(productRequest);
}}
DTO request object I want to validate:
public class ProductRequest {
private String productId;
public String getProductId() {
return productId;
}
public void setProductId(String productId) {
this.productId = productId;
}}
I was thinking of using annotations on the request DTO however when I do so, they are not triggering any type of exceptions, i.e. #NotNull. I've tried various combinations of using #Validated at the controller as well as #Valid in the #RequestParam and nothing is causing the validations to trigger.
In my point of view, Hibernate Bean Validator is probably one of the most convenient methods to validate the annotated fields of a bean anytime and anywhere. It's like setup and forget
Setup the Hibernate Bean Validator
Configure how the validation should be done
Trigger the validator on a bean anywhere
I followed the instructions in the documentation given here
Setup dependencies
I use Gradle so, I am going to add the required dependencies as shown below
// Hibernate Bean validator
compile('org.hibernate:hibernate-validator:5.2.4.Final')
Create a generic bean valdiator
I setup a bean validator interface as described in the documentation and then use this to validate everything that is annotated
public interface CustomBeanValidator {
/**
* Validate all annotated fields of a DTO object and collect all the validation and then throw them all at once.
*
* #param object
*/
public <T> void validateFields(T object);
}
Implement the above interface as follow
#Component
public class CustomBeanValidatorImpl implements CustomBeanValidator {
ValidatorFactory valdiatorFactory = null;
public CustomBeanValidatorImpl() {
valdiatorFactory = Validation.buildDefaultValidatorFactory();
}
#Override
public <T> void validateFields(T object) throws ValidationsFatalException {
Validator validator = valdiatorFactory.getValidator();
Set<ConstraintViolation<T>> failedValidations = validator.validate(object);
if (!failedValidations.isEmpty()) {
List<String> allErrors = failedValidations.stream().map(failure -> failure.getMessage())
.collect(Collectors.toList());
throw new ValidationsFatalException("Validation failure; Invalid request.", allErrors);
}
}
}
The Exception class
The ValidationsFatalException I used above is a custom exception class that extends RuntimeException. As you can see I am passing a message and a list of violations in case the DTO has more than one validation error.
public class ValidationsFatalException extends RuntimeException {
private String message;
private Throwable cause;
private List<String> details;
public ValidationsFatalException(String message, Throwable cause) {
super(message, cause);
}
public ValidationsFatalException(String message, Throwable cause, List<String> details) {
super(message, cause);
this.details = details;
}
public List<String> getDetails() {
return details;
}
}
Simulation of your scenario
In order to test whether this is working or not, I literally used your code to test and here is what I did
Create an endpoint as shown above
Autowire the CustomBeanValidator and trigger it's validateFields method passing the productRequest into it as shown below
Create a ProductRequest class as shown above
I annotated the productId with #NotNull and #Length(min=5, max=10)
I used Postman to make a GET request with a params having a value that is url-encoded json body
Assuming that the CustomBeanValidator is autowired in the controller, trigger the validation as follow after constructing the productRequest object.
beanValidator.validateFields(productRequest);
The above will throw exception if any violations based on annotations used.
How is the exception handled by exception controller?
As mentioned in the title, I use ExceptionController in order to handle the exceptions in my application.
Here is how the skeleton of my exception handler where the ValidationsFatalException maps to and then I update the message and set my desired status code based on exception type and return a custom object (i.e. the json you see below)
#ResponseStatus(HttpStatus.BAD_REQUEST)
#ExceptionHandler({SomeOtherException.class, ValidationsFatalException.class})
public #ResponseBody Object handleBadRequestExpection(HttpServletRequest req, Exception ex) {
if(ex instanceof CustomBadRequestException)
return new CustomResponse(400, HttpStatus.BAD_REQUEST, ex.getMessage());
else
return new DetailedCustomResponse(400, HttpStatus.BAD_REQUEST, ex.getMessage(),((ValidationsFatalException) ex).getDetails());
}
Test 1
Raw params = {"productId":"abc123"}
Url encoded parmas = %7B%22productId%22%3A%22abc123%22%7D
Final URL: http://localhost:8080/app/product?params=%7B%22productId%22%3A%22abc123%22%7D
Result: All good.
Test 2
Raw params = {"productId":"ab"}
Url encoded parmas = %7B%22productId%22%3A%22ab%22%7D
Final URL: http://localhost:8080/app/product?params=%7B%22productId%22%3A%22ab%22%7D
Result:
{
"statusCode": 400,
"status": "BAD_REQUEST",
"message": "Validation failure; Invalid request.",
"details": [
"length must be between 5 and 10"
]
}
You can expand the Validator implementation to provide a mapping of field vs message error message.
Do you mean something like this ?
#RequestMapping("/products")
public ResponseEntity getProducts(
#RequestParam(value = "params") String requestItem) throws IOException {
ProductRequest request = new ObjectMapper().
readValue(requestItem, ProductRequest.class);
ValidatorFactory factory = Validation.buildDefaultValidatorFactory();
Validator validator = factory.getValidator();
Set<ConstraintViolation<ProductRequest>> violations
= validator.validate(request);
if (!violations.isEmpty()) {
return ResponseEntity.badRequest().build();
}
return ResponseEntity.ok().build();
}
public class ProductRequest {
#NotNull
#Size(min = 3)
private String id;
public String getId() {
return id;
}
public String setId( String id) {
return this.id = id;
}
}
I'm trying to handle missing json data in a POST request.
My controller class
#Controller
#RequestMapping("/testMetrics")
public class TestMetricsEndPoint extends StatusEndpointHandler implements RestEndPoint<TestMetrics,String> {
#Autowired
private ObjectMapper mapper;
#Autowired
private TestMetricsService testMetricsService;
#Override
public Status get(String id) {
// TODO Auto-generated method stub
return null;
}
#Override
#RequestMapping(method = RequestMethod.POST,consumes = "application/json", produces = "application/json")
public #ResponseBody Status create(#RequestBody TestMetrics core, BindingResult bindingResult) {
try {
if(bindingResult.hasErrors()){
throw new InvalidRequestException("Add failed, Please try again ", bindingResult);
}
if((core.getGroupName()==""||core.getGroupName()==null)&&(core.getTestName()==null||core.getTestName()=="")){
throw new MissingParametersException(HttpStatus.BAD_REQUEST.value(),"Please provide all necessary parameters");
}
TestMetrics dataObject = testMetricsService.create(core);
return response(HttpStatus.CREATED.value(),dataObject);
}catch (MissingParametersException e) {
return response(HttpStatus.BAD_REQUEST.value(),e.getLocalizedMessage());
}
}
Extended class:
public class StatusEndpointHandler {
public Status response(Integer statusCode,Object data){
Status status = new Status();
status.setData(data);
status.setStatus(statusCode);
return status;
}
}
Implemented interface:
public interface RestEndPoint<T extends SynRestBaseJSON, ID extends Serializable> {
Status get(ID id);
Status create(T entity, BindingResult bindingResult);}
Result:
Please look at the highlighted part
So, when i tried to test the result through POSTMAN, i'm getting status as 200 OK. I have no idea hot to solve it. please help me with this situation. How to get the correct status code.?
You should change your return type from #ResponseBody to ResponseEntity which will allow you to manipulate headers, therefor set the status, this is a snippet from the docs
#RequestMapping("/handle")
public ResponseEntity<String> handle() {
URI location = ...;
HttpHeaders responseHeaders = new HttpHeaders();
responseHeaders.setLocation(location);
responseHeaders.set("MyResponseHeader", "MyValue");
return new ResponseEntity<String>("Hello World", responseHeaders, HttpStatus.CREATED);
}
In your catch statement, try to set the status through
response.setStatus( HttpServletResponse.SC_BAD_REQUEST );
Source
The problem is with your code handing the string comparison, to compare strings you have to use equals, from Postman also you are passing empty testName and groupName
if ((core.getGroupName() == "" || core.getGroupName() == null) && (core.getTestName() == null || core.getTestName() == "")) {
}
so change your code to below
if ((core.getGroupName() == null || core.getGroupName().trim().isEmpty()) && (core.getTestName() == null || core.getTestName().trim().isEmpty())) {
}
also write an ExceptionHandler for this
#ExceptionHandler({ MissingParametersException.class })
public ModelAndView handleException(ServiceException ex, HttpServletResponse response) {
response.setStatus(HttpStatus.BAD_REQUEST.value());
ModelMap model = new ModelMap();
model.addAttribute("message", ex.getMessage());
return new ModelAndView("error", model);
}
You can also define validation constrains in entity class using validation api, in this case you need to add #Valid to the request model object
#Entity
class TestMetrics {
#Id
Long id;
#NotNull
#NotEmpty
#Column
String groupName;
#NotNull
#NotEmpty
#Column
String testName;
// Getters and Setters
}