Spring Web MVC - 验证个人请求参数 [英] Spring Web MVC - validate individual request params

问题描述

我正在Spring Web MVC 3.0中运行一个webapp，我有许多控制器方法，其签名大致如下：

I'm running a webapp in Spring Web MVC 3.0 and I have a number of controller methods whose signatures are roughly as follows:

@RequestMapping(value = "/{level1}/{level2}/foo", method = RequestMethod.POST)
public ModelAndView createFoo(@PathVariable long level1,
        @PathVariable long level2,
        @RequestParam("foo_name") String fooname,
        @RequestParam(value = "description", required = false) String description);

我想添加一些验证 - 例如， description 应限制在一定长度或 fooname 应仅包含某些字符。如果此验证失败，我想向用户返回一条消息，而不是仅仅抛出一些未经检查的异常（如果我让数据渗透到DAO层，那么无论如何都会发生这种情况）。我知道JSR303但没有使用它，并且不太了解如何在Spring上下文中应用它。

I'd like to add some validation - for example, description should be limited to a certain length or fooname should only contain certain characters. If this validation fails, I want to return a message to the user rather than just throw some unchecked exception (which would happen anyway if I let the data percolate down to the DAO layer). I'm aware of JSR303 but have not worked with it and don't quite understand how to apply it in a Spring context.

根据我的理解，另一种选择是将 @RequestBody 绑定到整个域对象并在那里添加验证约束，但是目前我的代码设置为接受如上所示的各个参数。

From what I understand, another option would be to bind the @RequestBody to an entire domain object and add validation constraints there, but currently my code is set up to accept individual parameters as shown above.

使用这种方法对输入参数应用验证的最简单方法是什么？

What is the most straightforward way to apply validation to input parameters using this approach?

推荐答案

没有内置的功能，不是 还是。对于当前发行版本，如果需要自动验证，仍需要使用WebDataBinder将参数绑定到对象上。如果您正在使用SpringMVC，即使它不是您执行此任务的首选，也值得学习。

There's nothing built in to do that, not yet anyway. With the current release versions you will still need to use the WebDataBinder to bind your parameters onto an object if you want automagic validation. It's worth learning to do if you're using SpringMVC, even if it's not your first choice for this task.

它看起来像这样：

public ModelAndView createFoo(@PathVariable long level1,
        @PathVariable long level2,
        @Valid @ModelAttribute() FooWrapper fooWrapper,
        BindingResult errors) {
  if (errors.hasErrors() {
     //handle errors, can just return if using Spring form:error tags.
  }
}

public static class FooWrapper {
  @NotNull
  @Size(max=32)
  private String fooName;
  private String description;
//getset
}

如果你的类路径上有Hibernate Validator 4或更高版本并使用默认调度程序设置它应该正常工作。

If you have Hibernate Validator 4 or later on your classpath and use the default dispatcher setup it should "Just work."

编辑，因为评论有点大：

Editing since the comments were getting kind of large:

您的方法签名中的任何对象都不是预期的那些Spring知道如何注入，比如 HttpRequest ， ModelMap 等，会得到数据绑定。这只是通过将请求参数名称与bean属性名称和调用setter匹配来实现的。 @ModelAttribute 只有个人风格的东西，在这种情况下它没有做任何事情。 JSR-303与方法参数上的@Valid集成通过 WebDataBinder 连接。如果你使用 @RequestBody ，你将使用一个对象编组器，它基于spring为请求体确定的内容类型（通常只来自http头）。调度程序servlet（ AnnotationMethodHandlerAdapter 真的）没有办法为任意编组器翻转验证开关。它只是将Web请求内容传递给消息转换器并获取一个Object。没有生成BindingResult对象，因此无论如何都无法设置错误。

Any Object that's in your method signature that's not one of the 'expected' ones Spring knows how to inject, such as HttpRequest, ModelMap, etc, will get data bound. This is accomplished for simple cases just by matching the request param names against bean property names and calling setters. The @ModelAttribute there is just a personal style thing, in this case it isn't doing anything. The JSR-303 integration with the @Valid on a method parameter wires in through the WebDataBinder. If you use @RequestBody, you're using an object marshaller based on the content type spring determines for the request body (usually just from the http header.) The dispatcher servlet (AnnotationMethodHandlerAdapter really) doesn't have a way to 'flip the validation switch' for any arbitrary marshaller. It just passes the web request content along to the message converter and gets back a Object. No BindingResult object is generated, so there's nowhere to set the Errors anyway.

您仍然可以将验证器注入控制器并在您获得的对象上运行它，它只是没有与填充 BindingResult 的请求参数上的 @Valid 进行魔术集成。

You can still just inject your validator into the controller and run it on the object you get, it just doesn't have the magic integration with the @Valid on the request parameter populating the BindingResult for you.

这篇关于Spring Web MVC - 验证个人请求参数的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！