I have a Spring 3.2 application and I've created a REST API that uses a token-based security. Every REST JSON payload contains a "token" field that is used to perform security validation.
The controller methods are like this:
@RequestMapping(value = "/something", method = RequestMethod.POST)
public
@ResponseBody
Map something(@RequestBody SomethingParams params) {
}
where SomethingParams has a token field, and is automatically filled in by Spring from the JSON body of the request.
Is there a way to automatically have a validator invoked on all the controller methods to check that parameters such as SomethingParams have a valid token?
Previously I used an Interceptor, and the token was included in the query string, but now, since it's in the body of the request, I would have to parse the JSON in the interceptor in order to check it. Since Spring already parses the JSON to bind the parameters, I'm curious if there's a smarter way. Ideally just with some global or controller-level settings (not per method).
You can use a spring Validator for such cases.
@Component
public class SomethingParamsValidator implements Validator {
@Override
public boolean supports(Class<?> clazz) {
return clazz.isAssignableFrom(SomethingParams.class);
}
@Override
public void validate(Object o, Errors errors) {
SomethingParams sp = (SomethingParams)o;
validateToken(sp.getToken(), errors);
}
private void validateToken(String token, Errors errors) {
if (!TokenUtils.isValid(token)) {
errors.rejectValue("token", "foo", "Token is invalid");
}
}
}
Then you register it in your Controller by adding the following method
@Autowired
SomethingParamsValidator somethingParamsValidator;
@InitBinder
protected void initBinder(WebDataBinder binder) {
binder.setValidator(somethingParamsValidator);
}
Finally all you have to add is the @Valid annotation on your SomethingParams object and it will be validated.
@RequestMapping(value = "/something", method = RequestMethod.POST)
public @ResponseBody Map something(@Valid @RequestBody SomethingParams params) {
// ...
}
You can make base class with token field annotated with JSR-303 @NotNull and extend from it.
public class ParamsBase {
@NotNull
private String token;
// getters, setters ...
}
public class SomethingParams extends ParamsBase {...}
And then just mark parameter with @Valid:
@RequestMapping(value = "/something", method = RequestMethod.POST)
public @ResponseBody Map something(@Valid @RequestBody SomethingParams params) {
// ...
}
Spring will automatically validate parameter with JSR-303 implementation available at runtime.
I usually use hibernate-validator as implementation provider:
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-validator</artifactId>
<version>5.0.1.Final</version>
</dependency>
You can also implement your own Aspect, which will intercept all controller methods and validate params. This will give you opportunity to get rid of @Valid annotation.
But unfortunately I don't have time for full example.
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 混吃等死 的文章《Spring 3 MVC request validation》','https://www.manongdao.com/article-381225.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}