Spring 3 MVC request validation

2019-02-15 12:15发布

站内问答 / Java
1207 3 4

I have a Spring 3.2 application and I've created a REST API that uses a token-based security. Every REST JSON payload contains a "token" field that is used to perform security validation.

The controller methods are like this: 

@RequestMapping(value = "/something", method = RequestMethod.POST)
public
@ResponseBody
Map something(@RequestBody SomethingParams params) {
}

where SomethingParams has a token field, and is automatically filled in by Spring from the JSON body of the request.

Is there a way to automatically have a validator invoked on all the controller methods to check that parameters such as SomethingParams have a valid token?

Previously I used an Interceptor, and the token was included in the query string, but now, since it's in the body of the request, I would have to parse the JSON in the interceptor in order to check it. Since Spring already parses the JSON to bind the parameters, I'm curious if there's a smarter way. Ideally just with some global or controller-level settings (not per method).

3条回答
够拽才男人
2楼-- · 2019-02-15 12:48

You can make base class with token field annotated with JSR-303 @NotNull and extend from it.

public class ParamsBase {
  @NotNull
  private String token;
  // getters, setters ...
}
public class SomethingParams extends ParamsBase {...}

And then just mark parameter with @Valid:

@RequestMapping(value = "/something", method = RequestMethod.POST)
public @ResponseBody Map something(@Valid @RequestBody SomethingParams params) {
    // ...
}

Spring will automatically validate parameter with JSR-303 implementation available at runtime.

I usually use hibernate-validator as implementation provider:

<dependency>
    <groupId>org.hibernate</groupId>
    <artifactId>hibernate-validator</artifactId>
    <version>5.0.1.Final</version>
</dependency>
查看更多
0人赞 添加讨论(0) 举报
爷的心禁止访问
3楼-- · 2019-02-15 12:51

You can also implement your own Aspect, which will intercept all controller methods and validate params. This will give you opportunity to get rid of @Valid annotation. But unfortunately I don't have time for full example.

查看更多
0人赞 添加讨论(0) 举报
别忘想泡老子
4楼-- · 2019-02-15 13:06

You can use a spring Validator for such cases.

@Component
public class SomethingParamsValidator implements Validator {
  @Override
  public boolean supports(Class<?> clazz) {
    return clazz.isAssignableFrom(SomethingParams.class);
  }

  @Override
  public void validate(Object o, Errors errors) {
    SomethingParams sp = (SomethingParams)o;
    validateToken(sp.getToken(), errors);
  }

  private void validateToken(String token, Errors errors) {
    if (!TokenUtils.isValid(token)) {
      errors.rejectValue("token", "foo", "Token is invalid");
    }
  }
}

Then you register it in your Controller by adding the following method

@Autowired
SomethingParamsValidator somethingParamsValidator;

@InitBinder
protected void initBinder(WebDataBinder binder) {
    binder.setValidator(somethingParamsValidator);
}

Finally all you have to add is the @Valid annotation on your SomethingParams object and it will be validated.

@RequestMapping(value = "/something", method = RequestMethod.POST)
public @ResponseBody Map something(@Valid @RequestBody SomethingParams params) {
    // ...
}
查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(4)