添加依赖
1 <!-- 参数校验 -->
2 <dependency>
3 <groupId>org.hibernate.validator</groupId>
4 <artifactId>hibernate-validator</artifactId>
5 <version>6.0.17.Final</version>
6 </dependency>
一.基本类型参数(String)校验
1.注解要写在接口中,实现类会自动继承,如果实现类的某个重写方法没有加上了注解,接口中却没有定义,运行时会产生redefine异常
接口:
User getUserById(@NotNull(message = "uid不能为null") @Min(value = 1,message = "uid不合法") Integer id);
实现类:
@Override
public User getUserById(@NotNull(message = "uid不能为null") @Min(value = 1,message = "uid不合法") Integer id) {
return userMapper.getUserById(id);
}
Controller(restful风格最容易出的问题就是参数为空,只要不传就是404,不要尝试:xxx/getUserById/null,这种写法是400,给url设置null没有意义,解决方式很简单,给Controller增加一个映射路径即可,空参数导致的bind异常可以用在全局异常处理器捕获即可,当然你在web.xml中统一处理404也可以):
1 @RequestMapping(value = {"/getUserById/{uid}","/getUserById"}) 2 public @ResponseBody Object getUserById(@PathVariable Integer uid) { 3 return userService.getUserById(uid); 4 }
2.提供校验器,自定义异常(可选),全局异常处理器
校验器:
1 public class ParamsValidator { 2 3 public static ExecutableValidator getValidator() { 4 ValidatorFactory validatorFactory = Validation.buildDefaultValidatorFactory(); 5 return validatorFactory.getValidator().forExecutables(); 6 } 7 }
自定义异常(可选):
1 public class ValidParamException extends RuntimeException { 2 private static final long serialVersionUID = 1L; 3 4 private Set<ConstraintViolation<Object>> validateResult; 5 6 public ValidParamException() { 7 super(); 8 } 9 10 public ValidParamException(String message) { 11 super(message); 12 } 13 14 public ValidParamException(Set<ConstraintViolation<Object>> validateResult) { 15 this.validateResult = validateResult; 16 } 17 18 public Set<ConstraintViolation<Object>> getValidateResult() { 19 return validateResult; 20 } 21 22 public void setValidateResult(Set<ConstraintViolation<Object>> validateResult) { 23 this.validateResult = validateResult; 24 } 25 26 @Override 27 public String getMessage() { 28 return validateResult.iterator().next().getMessage(); 29 } 30 31 public Map<Object, String> getErrorMap() { 32 Map<Object, String> map = new HashMap<Object, String>(6); 33 Iterator<ConstraintViolation<Object>> iterator = validateResult.iterator(); 34 while (iterator.hasNext()) { 35 ConstraintViolation<Object> cons = iterator.next(); 36 Path propertyPath = cons.getPropertyPath(); 37 String message = cons.getMessage(); 38 map.put(propertyPath, message); 39 } 40 return map; 41 } 42 43 }
全局异常处理器:
1 @ControllerAdvice 2 @EnableWebMvc 3 public class GlobalExceptionHandler { 4 // 单参数校验
5 @ExceptionHandler(ValidParamException.class) 6 public @ResponseBody Map<Object, String> validParamException(HttpServletRequest req, ValidParamException vpe) { 7 return vpe.getErrorMap(); 8 } 9
10 // 对象类型参数校验
11 @ExceptionHandler(MethodArgumentNotValidException.class) 12 public @ResponseBody Map<Object, String> methodArgumentNotValidException(MethodArgumentNotValidException ex) { 13 String parameterName = ex.getParameter().getParameterName(); 14 Map<Object, String> map = new HashMap<Object, String>(6); 15 map.put(parameterName, ex.getLocalizedMessage()); 16 return map; 17 } 18
19 // pathvariable不传递参数时抛出的异常
20 @ExceptionHandler(ServletRequestBindingException.class) 21 public @ResponseBody Map<Object, String> servletRequestBindingException(ServletRequestBindingException ex) { 22 Map<Object, String> map = new HashMap<Object, String>(6); 23 map.put("error", ex.getLocalizedMessage()); 24 return map; 25 } 26 }
3.使用aop进行拦截
关于aop"失效"的问题有几点说明:
1)如果拦截controller,那么aop的配置要写在springmvc的配置文件中,拦截其他层(如service)写在spring的配置文件中
2)被拦截的类必须也被spring管理否则无法拦截成功
3)开启注解扫描时,springmvc只扫描@Controller类型的注解,其他的如@Service,@Repository注解由spring进行扫描
aop:
1 @Component 2 @Aspect 3 public class UserAspect { 4 5 private ExecutableValidator validator = ParamsValidator.getValidator(); 6 7 @Pointcut("execution (* cn.tele.service.*.*(..))") 8 private void pt() { 9 } 10 11 @Before("pt()") 12 public void checkParams(JoinPoint jp) { 13 14 Object target = jp.getTarget(); 15 Object[] params = jp.getArgs(); 16 MethodSignature methodSignature = (MethodSignature) jp.getSignature(); 17 18 String[] paramNames = methodSignature.getParameterNames(); 19 Method method = methodSignature.getMethod(); 20 21 Set<ConstraintViolation<Object>> validateResult = validator.validateParameters(target, method, params); 22 if (!validateResult.isEmpty()) { 23 throw new ValidParamException(validateResult); 24 } 25 } 26 27 }
4.测试结果:
1)传入-1
2)不传
可以在aop中打印日志啥的
二.对象类型参数校验
1.在javaBean中添加注解,对一些特殊字段进行分组,如id,插入数据时,不需要校验可以为null,而查询,删除,更新等操作必须校验
1 @NotNull(message = "uid不能为null",groups = {Query.class,Update.class,Delete.class}) 2 @Min(value = 1,message = "uid不合法") 3 private Integer uid; 4
5 @NotBlank(message = "姓名不能为空") 6 @Size(max = 20,message = "姓名最大长度为50个字符") 7 private String userName; 8
9 @NotBlank(message = "性别不能为空") 10 @Size(max = 20,message = "性别最大长度位20个字符") 11 private String sex; 12
13 @NotNull 14 @Max(value = 70,message = "最大年龄为70岁") 15 private Integer age; 16
17 @NotNull 18 private Integer departmentId; 19
20 @Value(value = "1") 21 private Integer state;
分组只是个标记,用接口定义就好
1 public interface Query { 2
3 }
2.在参数前添加@Valited注解,该注解支持分组,@Valid不支持,如果你选择的校验位置与上面定义的aop拦截的位置相同,那就会出问题了,
你的代码会走aop的逻辑然后去用你校验单个参数的校验器去进行校验,这样无法校验出问题,因此推荐放在controller层
1 @RequestMapping("/insertUser") 2 public @ResponseBody String insertUser(@Validated @RequestBody User user) { 3 Integer count = userService.insertUser(user); 4 return count ==1 ? "成功增加1条记录" : "增加" + user + "失败"; 5 }
校验指定分组
3.抛出的异常会走上面贴出的全局异常处理器的代码
4.测试
1)正常情况,注意没有id
2)丢失userName
