在spring应用程序中实现自定义验证的最佳方法是什么?

时间:2015-09-02 09:29:27

标签: java spring validation

我是(在Spring开发中新建)为我的应用程序创建REST API,CRUD操作已成功实现,但现在我想实现服务器端验证。我还读到有几种方法可以实现验证。

  1. 使用给定的注释 - > @notempty,@ email等...
  2. 使用自定义验证 - >扩展验证器

    3. 我想在我的应用程序中实现它们,参考它,

    这是一个很好的方法吗?

    OR

    还有其他方法可以实施验证吗?

    控制器 

    @RestController
public class EmployeeController {

    @Autowired
    DataServices dataServices;

    @Autowired
    EmployeeValidator employeeValidator;

    @InitBinder
    protected void initBinder(WebDataBinder binder) {
        binder.addValidators(employeeValidator);
    }

    @RequestMapping(value = "/employee/", method = RequestMethod.POST)
    public ResponseEntity<Object> createUser(
            @Valid @RequestBody Employee employee,
            UriComponentsBuilder ucBuilder) throws Exception,
            DataIntegrityViolationException {

        if (dataServices.addEmployee(employee) == 0) {
            Error error = new Error(1, "Data integrity violation",
                    "Email id is already exists.");
            return new ResponseEntity<Object>(error, HttpStatus.CONFLICT);
        }

        HttpHeaders headers = new HttpHeaders();
        headers.setLocation(ucBuilder.path("/employee/{id}")
                .buildAndExpand(employee.getId()).toUri());
        Status status = new Status(1, "Employee has been added successfully.");

        return new ResponseEntity<Object>(status, headers, HttpStatus.CREATED);
    }
}

    错误处理程序 

    @ControllerAdvice
public class RestErrorHandler {

    private static final Logger logger = Logger
            .getLogger(RestErrorHandler.class);

    private MessageSource messageSource;

    @Autowired
    public RestErrorHandler(MessageSource messageSource) {
        this.messageSource = messageSource;
    }

    @ExceptionHandler(MethodArgumentNotValidException.class)
    @ResponseStatus(HttpStatus.BAD_REQUEST)
    @ResponseBody
    public ValidationErrorDTO processValidationError(
            MethodArgumentNotValidException ex) {
        logger.debug("Handling form validation error");

        BindingResult result = ex.getBindingResult();
        List<FieldError> fieldErrors = result.getFieldErrors();

        return processFieldErrors(fieldErrors);
    }

    private ValidationErrorDTO processFieldErrors(List<FieldError> fieldErrors) {
        ValidationErrorDTO dto = new ValidationErrorDTO();

        for (FieldError fieldError : fieldErrors) {
            String localizedErrorMessage = resolveLocalizedErrorMessage(fieldError);
            dto.addFieldError(fieldError.getField(), localizedErrorMessage,
                    fieldError.getDefaultMessage());
        }

        return dto;
    }

    private String resolveLocalizedErrorMessage(FieldError fieldError) {
        Locale currentLocale = LocaleContextHolder.getLocale();
        String localizedErrorMessage = messageSource.getMessage(fieldError,
                currentLocale);

        // If a message was not found, return the most accurate field error code
        // instead.
        // You can remove this check if you prefer to get the default error
        // message.
        if (localizedErrorMessage.equals(fieldError.getDefaultMessage())) {
            String[] fieldErrorCodes = fieldError.getCodes();
            localizedErrorMessage = fieldErrorCodes[0];
        }

        return localizedErrorMessage;
    }
}

    验证 

    @Component
public class EmployeeValidator implements Validator {

    public boolean supports(Class clazz) {
        return Employee.class.isAssignableFrom(clazz);
    }

    public void validate(Object target, Errors errors) {
        ValidationUtils.rejectIfEmptyOrWhitespace(errors, "firstName", errors
                .getFieldError().getCode(), "First name is required.");
        ValidationUtils.rejectIfEmptyOrWhitespace(errors, "lastName", errors
                .getFieldError().getCode(),
                "Last name is required.");
        ValidationUtils.rejectIfEmptyOrWhitespace(errors, "email", errors
                .getFieldError().getCode(),
                "Email is required.");

    }

}

    模型 

    @Entity
@Table(name = "employee")
@JsonIgnoreProperties({ "hibernateLazyInitializer", "handler" })
public class Employee implements Serializable {

    private static final long serialVersionUID = 1L;

    @Id
    @GeneratedValue
    @Column(name = "id")
    private long id;

    // @NotEmpty(message = "Please enter first name")
    @Column(name = "first_name")
    private String firstName;

    // @NotEmpty(message = "Please enter last name")
    @Column(name = "last_name")
    private String lastName;

    // @NotEmpty(message = "Please enter email address")
    @Email(message = "Please enter valid email address")
    @Column(name = "email", unique = true)
    private String email;

    @NotEmpty(message = "Please enter mobile number")
    @Size(min = 10, message = "Please enter valid mobile number")
    @Column(name = "phone")
    private String phone;

//Getter and Setter

}

1 个答案:

答案 0 :(得分:3)

在您的方法中,您使用的是服务器端验证,但仅限于控制器层。您是否尝试过使用Bussines层验证,例如Hibernate Validation API http://hibernate.org/validator/

我在最近的一个项目中使用过它并形成了我保持数据一致性的好方法。需要一些调整和工具来使它按照我们想要的方式工作,但这并不太难。例如,默认情况下,只有在数据库中持久化Object之后才会检查此验证,但是在我们的控制器中我们需要更早地进行此验证,因此您必须实现一种调用依赖于hibernate验证机制的验证机制的方法。 。或者,作为另一个例子,我们必须在Web服务上开发一个类似的系统,以在传入数据无效时返回错误。

在需要时使用验证的一种方法是在所有bussines对象上实现它。他们可以继承这样的类:

import java.io.Serializable;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;

import javax.validation.ConstraintViolation;
import javax.validation.Validation;
import javax.validation.Validator;
import javax.xml.bind.annotation.XmlTransient;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

import com.fasterxml.jackson.annotation.JsonIgnore;

public abstract class BusinessObject implements Serializable, IObjectWithReport, IBusinessObject {

  private static Log log = LogFactory.getLog(BusinessObject.class.getName());

  private final Validator validator = Validation.buildDefaultValidatorFactory().getValidator();

  @JsonIgnore
  private Set<ConstraintViolation<BusinessObject>> errors;

  /* Validation methods */

  public final boolean valid() {
    preValidate();
    errors = new HashSet<ConstraintViolation<BusinessObject>>();
    errors = validator.validate(this);
    postValidate();
    return errors.isEmpty();
  }

  /**
   * Method to be overwriten in subclases so any BO can make some arrangement before checking valid
   */
  protected void preValidate() {
    log.trace("Generic prevalidate of " + this.getClass().getName());
  }
  /**
   * Method to be overwriten in subclases so any BO can make some arrangement once validation has been made
   */
  protected void postValidate() {
    log.trace("Generic postValidate of " + this.getClass().getName());
  }

  public Set<ConstraintViolation<BusinessObject>> getErrors() {
    return errors;
  }

  public boolean hasErrors() {
    return errors != null && !errors.isEmpty();
  }
}

请注意,我使用标准的javax.validation.Validation API(在此处检查引用JPA 2.0 : what is javax.validation.* package?)。但我使用的实现是来自Hibernate的实现。

优点:

  1. 验证放在一个单独的图层中,而不是沿着各个图层展开。所以它们更容易维护。
  2. 更好的模型一致性,因为数据总是以相同的方式验证,与生成方式无关(用户输入,Web服务,从其他系统中提取等)。

    3. 缺点:

    1. 您需要开发一些工具,这样您就可以在其他图层中使用模型验证,但这并不是很困难。
    2. 如果你有一个简单的项目,没有像许多信息来源(用户输入,网络服务输入,休息服务,其他数据库系统等)或交互的复杂性,可能会有点过分。
相关问题
最新问题