21

I'm building a REST webservice in Java using Spring, Jersey and Hibernate (JPA).

Now I'm trying to add support for validation in my resources. JSR-303 (Bean validation) naturally appeared as a suitable choice (I'm using Hibernate Validator which is the reference implementation of JSR-303). However, I'm trying to consolidate some concepts first.

It seems to me that there are at least two kinds of possible validations:

  • Regular validation on fields, e.g. check that a property isn't null, check if a String property is a valid e-mail, check if an Integer property is greater than 10, etc. This is working as expected. I've registered a JAX-RS ExceptionMapper which maps javax.validation.ConstraintViolationException's into proper HTTP responses.
  • Data Integrity Validation

I'll explain what I mean exactly by "Data Integrity Validation" with an example. This happens when there are relationships between two or more resources. Imagine two resources: a Product and a Category. A Product has a Category. When the client sends to the server the representation of the Product to create (a POST HTTP request), it must inform the Category of the product. The client must know the categories beforehand, of course. Imagine in JSON something like:

{
   "quantity": "10",
   "state": "PRODUCED",
   "category": {
      "id": "123"
   }
}

Well, the category with id 123 might not exist. If we try to insert this into the database, obviously we get a foreign key related exception. So I assume we have to validate these issues and return a proper message to the client, just as in regular property validations.

Now, my main questions are:

  1. Right now I'm performing the validation in the Data Access level, through JPA's integration with Bean Validation. Should the validations be done before/after serializations processes, before/after database operations or both?
  2. How to handle Data Integrity Validations? Manually? (i.e. explicitly consulting the database checking data integrity) Or should we just try to insert it anyway and then catch database (or DAO) exceptions? Bean Validation has nothing to do with this kind of validation, right?
  3. If you have any experience with JAX-RS/REST and Bean Validation I would be glad if you let me know. Using groups?

These questions are somewhat related to Java, but I was also hoping to get some new perspectives on these matters. Some technology independent ones. :) It would be great if you could provide your own solutions for these problems on your REST webservices.

4

4 回答 4

8

该解决方案最终成为JacksonJaxbJsonProvider实现 JAX-RSMessageBodyReaderMessageBodyWriter. 我受到了惊人的 dropwizard 方法的启发。在这个提供程序中,我们需要以某种方式注入一个 Validator 实例(我使用 Spring 进行注入,使用 Hibernate Validator 进行 JSR-303 实现)。如果您使用 Hibernate ORM,请不要忘记禁用实体验证,否则您将验证同一个实体两次。不过,这可能是我们想要的。

然后,在这个 subclassed中,我验证对象并使用来自验证器的错误MessageBodyReader抛出一个自定义。InvalidEntityException我还创建了一个 JAX-RS ExceptionMapper<InvalidEntityException>,它将每个映射InvalidEntityException到正确的 HTTP 响应。在我的例子中,我返回了一个错误请求和一个包含错误描述的 JSON 对象。

请注意,此 MessageBodyReader 检查@Valid@Validated注释。这意味着它正确地支持组。这很重要,因为我们可能不想在整个应用程序中进行相同类型的验证。一个例子是当我们想要进行部分更新(PUT)时。或者,例如,一个 id 属性在 POST 请求中必须为空,但在其他任何地方都非空。

数据完整性验证尚未完全处理。但是我计划捕获数据库异常并将它们转换为我自己的域异常(例如 a DataIntegrityException),因为它似乎更有效并且与我松散耦合。

更新:

从 JAX-RS 2 开始,推荐的方法是使用它的 Bean Validation 支持。在这里查看:https ://jersey.java.net/documentation/latest/bean-validation.html

于 2013-01-09T12:53:38.633 回答
6

您现在可以使用 Jersey 2.0 通过 JSR-303/JSR-349 验证资源参数。

https://jersey.java.net/documentation/latest/bean-validation.html#d0e9301

于 2013-06-21T10:01:46.647 回答
1

您可以使用jersey filters,您可以在其中对您的请求数据进行一些验证。

那么,id 为 123 的类别可能不存在。如果我们尝试将其插入数据库,显然我们会得到与外键相关的异常。

对于这种情况,可以依赖数据访问级别的验证。但是如果你想同步响应你的客户端,通常最好让这个业务逻辑通过一些服务 API 暴露出来。即你可能有一个类似的API isValidCategory(int id),它可以在比DAO更高的级别上查询,这样你就不必等到数据访问层遇到错误/异常。显然,这仍然意味着数据库查找(取决于您的系统),但是使用缓存或其他机制优化它以改善您的响应时间是完全不同的问题。

谈到 bean 验证器,您可以看一下Hibernate Validator,它是一个 JSR 303 实现。

于 2013-01-08T16:13:04.507 回答
0

Oval是评估对象的最佳包。生成单元测试断言和自动化测试非常有用。

于 2017-06-15T07:25:55.970 回答