概述
Spring MVC支持Bean Validation,通過這個驗證技術,可以通過注解方式,很方便的對輸入參數進行驗證,之前使用的校驗方式,都是基於Bean對象的,但是在@RequestParam中,沒有Bean對象,這樣使得校驗無法進行,可以通過使用@Validated注解,使得校驗可以進行。
校驗bean對象
一般校驗bean對象,為了可以自動的校驗屬性,可以通過兩步解決:
一、聲明對象
package com.github.yongzhizhan.draftbox.model;
import javax.validation.constraints.Size;
/**
* 帶驗證的對象
* @author zhanyongzhi
*/
public class Foo {
private String validString;
@Size(min = 1, max = 5)
public String getValidString() {
return validString;
}
public void setValidString(final String vValidString) {
validString = vValidString;
}
}
二、通過@Valid注解使用對象
@ResponseBody
@RequestMapping(value = "validObject", method = RequestMethod.POST)
@ResponseStatus(HttpStatus.OK)
public String validObject(
@RequestBody()
@Valid Foo vFoo, BindingResult vBindingResult){
return vFoo.getValidString();
}
校驗RequestParams
使用校驗bean的方式,沒有辦法校驗RequestParam的內容,一般在處理Get請求的時候,會使用下面這樣的代碼:
@ResponseBody
@RequestMapping(value = "validString", method = RequestMethod.GET)
@ResponseStatus(HttpStatus.OK)
public String validString(
@RequestParam(value = "str", defaultValue = "")
String vStr){
return vStr;
}
使用@Valid注解,對RequestParam對應的參數進行注解,是無效的,需要使用@Validated注解來使得驗證生效。操作步驟如下:
一、聲明錯誤處理類
package com.github.yongzhizhan.draftbox.controller;
import org.springframework.context.annotation.Bean;
import org.springframework.http.HttpStatus;
import org.springframework.stereotype.Component;
import org.springframework.validation.beanvalidation.MethodValidationPostProcessor;
import org.springframework.web.bind.annotation.ControllerAdvice;
import org.springframework.web.bind.annotation.ExceptionHandler;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.bind.annotation.ResponseStatus;
import javax.validation.ValidationException;
@ControllerAdvice
@Component
public class GlobalExceptionHandler {
@Bean
public MethodValidationPostProcessor methodValidationPostProcessor() {
return new MethodValidationPostProcessor();
}
@ExceptionHandler
@ResponseBody
@ResponseStatus(HttpStatus.BAD_REQUEST)
public String handle(ValidationException exception) {
System.out.println("bad request, " + exception.getMessage());
return "bad request, " + exception.getMessage();
}
}
二、聲明@Validated並加上校驗注解
package com.github.yongzhizhan.draftbox.controller;
import com.github.yongzhizhan.draftbox.model.Foo;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.http.HttpStatus;
import org.springframework.validation.BindingResult;
import org.springframework.validation.annotation.Validated;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.bind.annotation.ResponseStatus;
import org.springframework.web.bind.annotation.RestController;
import javax.validation.Valid;
import javax.validation.constraints.Size;
@RestController
@SuppressWarnings("UnusedDeclaration")
@Validated
public class IndexController {
@ResponseBody
@RequestMapping(value = "validString", method = RequestMethod.GET)
@ResponseStatus(HttpStatus.OK)
public String validString(
@RequestParam(value = "str", defaultValue = "")
@Size(min = 1, max = 3)
String vStr){
return vStr;
}
}
代碼
參考
Bean Validation 技術規范特性概述
Validation, Data Binding, and Type Conversion