This document discusses request validation for Spring REST controllers. It explains that request validation is important to ensure client requests are well-formed. It demonstrates how to enable validation on request beans using the @Valid annotation and implement both simple and complex validation rules. Simple validations use annotations like @NotNull while complex validations require a custom validator class. The validator is registered globally so it can validate requests for all controllers. Exceptions are handled by a global exception handler to return standardized error responses.

1. REQUEST
VALIDATION:SPRING
REST
Presented By Sabir Khan

2. Background
 Spring REST is not a standardized JAX-RS implementation and there doesn’t seem
an attempt to move to that direction either
 RESTeasy, Restlet, Jersey and ApacheCXF implement JAX-RS to different extents but
not Spring REST because of its background in Spring MVC
 Spring REST is a tweaked version of Spring MVC
 This presentation is about request bean validation at a @RestController

3. Why we need it?
 For a REST End Point – Its not guaranteed that client will always send a well formed
request
 Request Bean could be malformed in various ways like being empty string, null value
or not passable value to a particular type
 REST Entry Point need not to proceed if request is invalid and data sent is improper
 If request is invalid, REST Entry Point need to return an error response automatically
and service developers need not be tweaking service logic for data invalidity
 Validation needs to be segregated system component for maintainable flow and
readable code

4. What is Bean Validation?
 Bean validation is about validating a POJO’s fields for particular values
 Details about bean validation can be found at - http://beanvalidation.org/
 Its basically about specifying constraints on POJO fields
 At home page, its written – “Constrain once, validate everywhere”
 This validation might be needed in JavaSE or JavaEE
 Above link is simply a specification, its implementation needs to be provided and
specification is JSR-303, later improved to JSR-349
 One such implementation is provided by Apache, another by Hibernate and so on so
forth
 http://bval.apache.org/ & http://hibernate.org/validator/

5. Getting Started : Coding…Dependency
 First you need to include validation API implementations in your REST application. I have
not specified versions so it will get latest versions.
<dependency>
<groupId>javax.validation</groupId>
<artifactId>validation-api</artifactId>
</dependency>
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-validator</artifactId>
</dependency>

6. Coding…Enable Validation at Entry Point
 After including dependencies in application, you need to enable validation for your request bean at your entry point
 This can be achieved either by @Valid or @Validated annotation as shown below,
@RestController
@RequestMapping("/baseURL")
public class MyController {
@Autowired private Service service;
@RequestMapping(method = RequestMethod.POST, value = "/entryURL" , consumes=MediaType.APPLICATION_JSON_VALUE, produces
=MediaType.APPLICATION_JSON_VALUE )
public ResponseBean<...> getResponse( @Valid @RequestBody RequestBean request) {
/* Control comes here only if request satisfies all of your validations since @Valid is palced there */
/* service is a service instance that you would use to build a successful response */
}
}
@Valid is - import javax.validation.Valid;

7. Coding…Simple Validations
 After previous step, bean validation is enabled for POJO – RequestBean if a hit is made to that entry
point
 Now, you can go to RequestBean class and apply simple validations from either of the two dependencies
included in the project
 Most commonly used annotations are - @NotEmpty, @NotNull, @Email
 In these annotations ,you can specify custom messages for validator failures
 You can find many such annotations in - org.hibernate.validator.constraints package ( for hibernate jar ) &
javax.validation.constraints package ( for javax jar )
 Since you have applied , @Valid to @RequestBody at entry point, now your bean will automatically be
validated against these rules/annotations
 Control will go inside of entry point method if validation passes
 If validation fails, an exception be thrown–
org.springframework.web.bind.MethodArgumentNotValidException or

8. Coding…Exception Handler
 Since, you have enabled validation so exception – MethodArgumentNotValidException might be thrown for invalid requests
 System might have multiple services / End Points and developer shouldn’t be required to construct a response for each of these failure in
every service so you can have a Spring’s global application handler like below – Its just a sample , you can send a response as per your
need
@ControllerAdvice(value=“*.controller") -> this is basically controller package location
@Component
public class ApplicationExceptionHandler {
@ExceptionHandler
@ResponseBody
@ResponseStatus(HttpStatus.BAD_REQUEST)
public ResponseBean handle(MethodArgumentNotValidException exception){
StringBuilder messages = new StringBuilder();
ResponseBean response = new ResponseBean();
int count = 1;
for(ObjectError error:exception.getBindingResult().getAllErrors()){
messages.append(" "+count+"."+error.getDefaultMessage());
++count;
}
response.setResponse(“FAILURE”);
response.setErrorcode(400);
response.setMessage(messages.toString());

9. Coding…Complex Validations
 Sometimes, a simple validation rule or rules for each of the bean fields might not be enough i.e.
validation for each of the fields might not be independent from each other. Like – if you need any of the
25 fields to be @NotNull etc.
 For such situations, Spring gives you an option to write your own validator by implementing interface-
org.springframework.validation.Validator
public class MyValidator implements Validator {
@Override
public boolean supports(Class<?> clazz) {
return RequestBean.class.isAssignableFrom(clazz);
}
@Override
public void validate(Object target, Errors errors) {}
/* Write all your custom validations here */
/* For all validations, do specify messages to be passed on to user in errors
object*/
}

10. Coding…Complex Validations…Contd
 Abstract class - org.springframework.validation.ValidationUtils can be used to write validations like ,
ValidationUtils.rejectIfEmptyOrWhitespace(errors, “FIELD-1", "field.required"," FIELD-1 field is missing in
request body");
etc
 You can write complex validations using Java Reflection or By Using getters on RequestBean
 Java Reflection is flexible and you will not be required to change validator for bean field addition and
removal
 In validator, you might choose to log error messages on server side if errors.hasErrors() is true

11. Coding…Complex Validations…Contd
 Plugin Your validator to System : You have defined a custom validator but Spring doesn’t know about it
 You can write a global application initializer like below to tell framework about it i.e. register it ,
@ControllerAdvice(value=“*.controller") -> This is controller package
@Component
public class GlobalApplicationInitializer {
@InitBinder
public void globalInitBinder(WebDataBinder binder) {
binder.addValidators(new MyValidator());
}
}
Alternatively, you can define a validator @Bean in @Configuration and can use @Autowired instance in
addValidators method
Now your simple as well as custom validation both can be used on same bean.

12. @Valid Vs @Validated
There is another annotation @Validated provided by Spring -
org.springframework.validation.annotation.Validated that can be used other than -
javax.validation.Valid
@Validated supports validation groups and that is useful in multi step validations usually not useful for a
REST End Point but for a Web Form
So @Valid is standardized JEE annotation while @Validated is not.

13. Thank You !!
Thank You !!