在Spring应用程序中实现自定义验证的最佳方法是什么?

imb*_*ond 5 java validation spring

我(春季开发中的新手)正在为我的应用程序创建REST API,CRUD操作已成功实现,但现在我想实现服务器端验证。我还读到,可以通过几种方法来实施验证。

  1. 使用给定的注释-> @ notempty,@ email等...
  2. 使用自定义验证->扩展验证器

我想在我的应用程序中同时实现它们,

是遵循的好方法吗?

要么

还有其他方法可以实现验证吗?


控制者

@RestController
public class EmployeeController {

    @Autowired
    DataServices dataServices;

    @Autowired
    EmployeeValidator employeeValidator;

    @InitBinder
    protected void initBinder(WebDataBinder binder) {
        binder.addValidators(employeeValidator);
    }

    @RequestMapping(value = "/employee/", method = RequestMethod.POST)
    public ResponseEntity<Object> createUser(
            @Valid @RequestBody Employee employee,
            UriComponentsBuilder ucBuilder) throws Exception,
            DataIntegrityViolationException {

        if (dataServices.addEmployee(employee) == 0) {
            Error error = new Error(1, "Data integrity violation",
                    "Email id is already exists.");
            return new ResponseEntity<Object>(error, HttpStatus.CONFLICT);
        }

        HttpHeaders headers = new HttpHeaders();
        headers.setLocation(ucBuilder.path("/employee/{id}")
                .buildAndExpand(employee.getId()).toUri());
        Status status = new Status(1, "Employee has been added successfully.");

        return new ResponseEntity<Object>(status, headers, HttpStatus.CREATED);
    }
}
Run Code Online (Sandbox Code Playgroud)

错误处理程序

@ControllerAdvice
public class RestErrorHandler {

    private static final Logger logger = Logger
            .getLogger(RestErrorHandler.class);

    private MessageSource messageSource;

    @Autowired
    public RestErrorHandler(MessageSource messageSource) {
        this.messageSource = messageSource;
    }

    @ExceptionHandler(MethodArgumentNotValidException.class)
    @ResponseStatus(HttpStatus.BAD_REQUEST)
    @ResponseBody
    public ValidationErrorDTO processValidationError(
            MethodArgumentNotValidException ex) {
        logger.debug("Handling form validation error");

        BindingResult result = ex.getBindingResult();
        List<FieldError> fieldErrors = result.getFieldErrors();

        return processFieldErrors(fieldErrors);
    }

    private ValidationErrorDTO processFieldErrors(List<FieldError> fieldErrors) {
        ValidationErrorDTO dto = new ValidationErrorDTO();

        for (FieldError fieldError : fieldErrors) {
            String localizedErrorMessage = resolveLocalizedErrorMessage(fieldError);
            dto.addFieldError(fieldError.getField(), localizedErrorMessage,
                    fieldError.getDefaultMessage());
        }

        return dto;
    }

    private String resolveLocalizedErrorMessage(FieldError fieldError) {
        Locale currentLocale = LocaleContextHolder.getLocale();
        String localizedErrorMessage = messageSource.getMessage(fieldError,
                currentLocale);

        // If a message was not found, return the most accurate field error code
        // instead.
        // You can remove this check if you prefer to get the default error
        // message.
        if (localizedErrorMessage.equals(fieldError.getDefaultMessage())) {
            String[] fieldErrorCodes = fieldError.getCodes();
            localizedErrorMessage = fieldErrorCodes[0];
        }

        return localizedErrorMessage;
    }
}
Run Code Online (Sandbox Code Playgroud)

验证器

@Component
public class EmployeeValidator implements Validator {

    public boolean supports(Class clazz) {
        return Employee.class.isAssignableFrom(clazz);
    }

    public void validate(Object target, Errors errors) {
        ValidationUtils.rejectIfEmptyOrWhitespace(errors, "firstName", errors
                .getFieldError().getCode(), "First name is required.");
        ValidationUtils.rejectIfEmptyOrWhitespace(errors, "lastName", errors
                .getFieldError().getCode(),
                "Last name is required.");
        ValidationUtils.rejectIfEmptyOrWhitespace(errors, "email", errors
                .getFieldError().getCode(),
                "Email is required.");

    }

}
Run Code Online (Sandbox Code Playgroud)

模型

@Entity
@Table(name = "employee")
@JsonIgnoreProperties({ "hibernateLazyInitializer", "handler" })
public class Employee implements Serializable {

    private static final long serialVersionUID = 1L;

    @Id
    @GeneratedValue
    @Column(name = "id")
    private long id;

    // @NotEmpty(message = "Please enter first name")
    @Column(name = "first_name")
    private String firstName;

    // @NotEmpty(message = "Please enter last name")
    @Column(name = "last_name")
    private String lastName;

    // @NotEmpty(message = "Please enter email address")
    @Email(message = "Please enter valid email address")
    @Column(name = "email", unique = true)
    private String email;

    @NotEmpty(message = "Please enter mobile number")
    @Size(min = 10, message = "Please enter valid mobile number")
    @Column(name = "phone")
    private String phone;

//Getter and Setter

}
Run Code Online (Sandbox Code Playgroud)

Ric*_*ila 3

在您的方法中,您使用服务器端验证,但仅在控制器层中使用。您是否尝试过使用业务层验证,例如 Hibernate Validation API http://hibernate.org/validator/

我在最近的一个项目中使用了它,我认为这是保持数据一致性的好方法。需要进行一些调整和实用程序才能使其按我们想要的方式工作,但这并不太困难。例如,默认情况下,仅在将对象持久化到数据库后才检查此验证,但在我们的控制器中,我们需要提前进行此验证,因此我们必须实现一种调用依赖于 hibernate 验证机制的验证机制的方法。或者,再举一个例子,我们必须在 Web 服务上开发一个类似的系统,以便在传入数据无效时返回错误。

在需要时使用验证的一种方法是在所有业务对象上实现它。他们可以继承这样的类:

import java.io.Serializable;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;

import javax.validation.ConstraintViolation;
import javax.validation.Validation;
import javax.validation.Validator;
import javax.xml.bind.annotation.XmlTransient;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

import com.fasterxml.jackson.annotation.JsonIgnore;

public abstract class BusinessObject implements Serializable, IObjectWithReport, IBusinessObject {

  private static Log log = LogFactory.getLog(BusinessObject.class.getName());

  private final Validator validator = Validation.buildDefaultValidatorFactory().getValidator();

  @JsonIgnore
  private Set<ConstraintViolation<BusinessObject>> errors;

  /* Validation methods */

  public final boolean valid() {
    preValidate();
    errors = new HashSet<ConstraintViolation<BusinessObject>>();
    errors = validator.validate(this);
    postValidate();
    return errors.isEmpty();
  }

  /**
   * Method to be overwriten in subclases so any BO can make some arrangement before checking valid
   */
  protected void preValidate() {
    log.trace("Generic prevalidate of " + this.getClass().getName());
  }
  /**
   * Method to be overwriten in subclases so any BO can make some arrangement once validation has been made
   */
  protected void postValidate() {
    log.trace("Generic postValidate of " + this.getClass().getName());
  }

  public Set<ConstraintViolation<BusinessObject>> getErrors() {
    return errors;
  }

  public boolean hasErrors() {
    return errors != null && !errors.isEmpty();
  }
}
Run Code Online (Sandbox Code Playgroud)

请注意,我使用标准 javax.validation.Validation API(在此处查看参考资料JPA 2.0:什么是 javax.validation.* 包?)。但我使用的实现是 Hibernate 的实现。

优点:

  1. 验证被放置在一个单层中,而不是沿着各个层传播。因此它们更容易维护。
  2. 更好的模型一致性,因为数据始终以相同的方式进行验证,无论其生成方式如何(用户输入、Web 服务、从其他系统提取等)。

缺点:

  1. 您需要开发一些实用程序,以便可以在其他层中使用模型验证,但这并不是很困难。
  2. 如果您有一个简单的项目,没有像许多信息源(用户输入、Web 服务输入、休息服务、其他数据库系统等)或交互这样的复杂性,则可能有点矫枉过正。