在JSR-303 Bean验证中获取HttpServletRequest

时间:2015-03-09 19:22:35

标签: java spring validation

我的应用程序中有一个验证,它使用cookie(request.getCookies)来验证验证码。

我想为此验证码验证创建一个ConstraintValidator,因此它与其他bean的属性一起验证 - 由JSR-303 Bean验证指定。

有没有办法在ConstraintValidator中检索HttpServletRequest?

1 个答案:

答案 0 :(得分:4)

假设(由于目前的标签)你有Spring,最近的版本是一个(> = 2.5.1),这应该就像

一样简单 
package org.yourapp.controller.validation;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.context.support.SpringBeanAutowiringSupport;

import javax.servlet.http.HttpServletRequest;
import javax.validation.ConstraintValidator;
import javax.validation.ConstraintValidatorContext;

public class YourValidator implements ConstraintValidator<YourValidatorAnnotaion, String> {
    // here should be autowired a proxy to currently undergoing request
    @Autowired
    private HttpServletRequest request;

    @Override
    public void initialize(YourValidatorAnnotaion constraintAnnotation) {
        // this should autowire all dependencies of this class using
        // current application context
        SpringBeanAutowiringSupport.processInjectionBasedOnCurrentContext(this);
    }

    @Override
    public boolean isValid(String value, ConstraintValidatorContext context) {
        // here goes your custom logic for validation, like matching
        // captcha challenge to captcha response, but i am not doing
        // this for you, as i don't know what it supposed to be, so
        // i simply test presence of cookies.
        return request.getCookies().length > 0;
    }
}

对于completness,这是一个示例@YourValidatorAnnotaion实现:

package org.yourapp.controller.validation;

import javax.validation.Constraint;
import javax.validation.Payload;
import java.lang.annotation.Retention;
import java.lang.annotation.Target;

import static java.lang.annotation.ElementType.*;
import static java.lang.annotation.RetentionPolicy.RUNTIME;

@Constraint(validatedBy = YourValidator.class)
@Target({ METHOD, FIELD, ANNOTATION_TYPE, CONSTRUCTOR, PARAMETER })
@Retention(RUNTIME)
public @interface YourValidatorAnnotaion {
    String message() default "No cookies - no validation";
    Class<?>[] groups() default {};
    Class<? extends Payload>[] payload() default {};
}

多数民众赞成。现在,如果您使用@YourValidatorAnnotaion注释您的DTO字段,那么只要在请求标头中没有cookie就调用具有此类@Valid @RequestBody参数的控制器,您就会收到错误。

相关问题
最新问题