Spring Boot : Custom Validation in Request Params
I want to validate one of the request parameters in my controller . The request parameter should be from one of the list of given values , if not , an error should be thrown
-
Case 1: If the annotation ValuesAllowed is not triggered at all, it could be because of not annotating the controller with @Validated.
@Validated @ValuesAllowed(propName = "orderBy", values = { "OpportunityCount", "OpportunityPublishedCount", "ApplicationCount", "ApplicationsApprovedCount" }) public class OpportunityController { @GetMapping("/vendors/list") public String getVendorpage(@RequestParam(required = false) String term,..{ }Case 2: If it is triggered and throwing an error, it could be because of the
BeanUtils.getPropertynot resolving the properties and throwing exceptions.If the above solutions do not work, you can try moving the annotation to the method level and update the Validator to use the list of valid values for the
OrderByparameter. This worked for me. Below is the sample code.@RestController @RequestMapping("/api/opportunity") @Validated public class OpportunityController { @GetMapping("/vendors/list") public String getVendorpage(@RequestParam(required = false) String term, @RequestParam(required = false) Integer page, @RequestParam(required = false) Integer size, @ValuesAllowed(propName = "orderBy", values = { "OpportunityCount", "OpportunityPublishedCount", "ApplicationCount", "ApplicationsApprovedCount" }) @RequestParam(required = false) String orderBy, @RequestParam(required = false) String sortDir) { return "success"; }@Retention(RetentionPolicy.RUNTIME) @Constraint(validatedBy = { ValuesAllowed.Validator.class }) public @interface ValuesAllowed { String message() default "Field value should be from list of "; Class<?>[] groups() default {}; Class<? extends Payload>[] payload() default {}; String propName(); String[] values(); class Validator implements ConstraintValidator<ValuesAllowed, String> { private String propName; private String message; private List<String> allowable; @Override public void initialize(ValuesAllowed requiredIfChecked) { this.propName = requiredIfChecked.propName(); this.message = requiredIfChecked.message(); this.allowable = Arrays.asList(requiredIfChecked.values()); } public boolean isValid(String value, ConstraintValidatorContext context) { Boolean valid = value == null || this.allowable.contains(value); if (!valid) { context.disableDefaultConstraintViolation(); context.buildConstraintViolationWithTemplate(message.concat(this.allowable.toString())) .addPropertyNode(this.propName).addConstraintViolation(); } return valid; } } }讨论(0) -
You would have to change few things for this validation to work.
Controller should be annotated with
@Validatedand@ValuesAllowedshould annotate the target parameter in method.import org.springframework.validation.annotation.Validated; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.RestController; @Validated @RestController @RequestMapping("/api/opportunity") public class OpportunityController { @GetMapping("/vendors/list") public String getVendorpage( @RequestParam(required = false) @ValuesAllowed(values = { "OpportunityCount", "OpportunityPublishedCount", "ApplicationCount", "ApplicationsApprovedCount" }) String orderBy, @RequestParam(required = false) String term, @RequestParam(required = false) Integer page, @RequestParam(required = false) Integer size, @RequestParam(required = false) String sortDir) { return "OK"; } }@ValuesAllowedshould targetElementType.PARAMETERand in this case you no longer needpropNameproperty because Spring will validate the desired param.import javax.validation.Constraint; import javax.validation.Payload; import java.lang.annotation.ElementType; import java.lang.annotation.Retention; import java.lang.annotation.RetentionPolicy; import java.lang.annotation.Target; @Target({ElementType.PARAMETER}) @Retention(RetentionPolicy.RUNTIME) @Constraint(validatedBy = {ValuesAllowedValidator.class}) public @interface ValuesAllowed { String message() default "Field value should be from list of "; Class<?>[] groups() default {}; Class<? extends Payload>[] payload() default {}; String[] values(); }Validator:
import javax.validation.ConstraintValidator; import javax.validation.ConstraintValidatorContext; import java.util.Arrays; import java.util.List; public class ValuesAllowedValidator implements ConstraintValidator<ValuesAllowed, String> { private List<String> expectedValues; private String returnMessage; @Override public void initialize(ValuesAllowed requiredIfChecked) { expectedValues = Arrays.asList(requiredIfChecked.values()); returnMessage = requiredIfChecked.message().concat(expectedValues.toString()); } @Override public boolean isValid(String testValue, ConstraintValidatorContext context) { boolean valid = expectedValues.contains(testValue); if (!valid) { context.disableDefaultConstraintViolation(); context.buildConstraintViolationWithTemplate(returnMessage) .addConstraintViolation(); } return valid; } }But the code above returns HTTP 500 and pollutes logs with ugly stacktrace. To avoid it, you can put such
@ExceptionHandlermethod in controller body (so it will be scoped only to this controller) and you gain control over HTTP status:@ExceptionHandler(ConstraintViolationException.class) @ResponseStatus(HttpStatus.BAD_REQUEST) String handleConstraintViolationException(ConstraintViolationException e) { return "Validation error: " + e.getMessage(); }... or you can put this method to the separate
@ControllerAdviceclass and have even more control over this validation like using it across all the controllers or only desired ones.讨论(0)
加载中...
- 热议问题