ValidationException vs ConstraintViolationException for validation - spring-boot

I am trying to figure out which Exception (ConstraintViolationException or ValidationException) i have to used on #ControllerAdvice,
.
My controller is
#RequestMapping(value="/myUrl",method = RequestMethod.POST)
public String getMyData( #Valid #RequestBody MyObject myObject,BindingResult bindingResult ) {
And this is my ControllerAdvice class and i am not sure which exception to use.
#ControllerAdvice
public class ValidationAdviceClass{
#ExceptionHandler(ValidationException.class or ConstraintViolationException.class )
public ResponseEntity handleValidtionErrors(ValidationException ex or ConstraintViolationException) {
// mycode
}
Searching i found someone saying use MethodArgumentNotValidException
I am confused with which type of exception to use.

No exception is automatically thrown unless an error happened during the process of validation, for example (then a ValidationException would be thrown).
Any validation errors in your RequestBody would be passed to the BindingResult that you also have as a parameter of your function. Then it's up to you to decide if you want to throw an exception.
I suggest you read this Spring Tutorial about Validating Form Input to better understand how you can achieve what you want.

Related

Ignoring Jackson InvalidFormatException to use #ExceptionHandler for #Valid #RequestBody

Basically, I'm trying to validate inputs from the #RequestBody of a REST controller using an #ExceptionHandler to catch MethodArgumentNotValidException constraints.
#PostMapping(value = "/createbaseline")
public ResponseEntity<?> createBaseline(#Valid #RequestPart Baseline baseline){
//...
return ResponseEntity.ok("...");
}
Before I can do that Jackson is throwing an InvalidFormatException when it fails to parse a string to a Date, thus preventing my #ExceptionHandler from validating the remaining inputs. Here is my #ExceptionHandler method that I want to use for validating inputs.
#ExceptionHandler(MethodArgumentNotValidException.class)
protected final ResponseEntity<Object> handleMethodArgumentNotValid(MethodArgumentNotValidException ex){
Map<String, String> errors = new HashMap<>();
ex.getBindingResult().getAllErrors().forEach(error -> {
String[] mapping = error.getDefaultMessage().split(":");
errors.put(mapping[0], mapping[1]);
});
return new ResponseEntity<>(errors, HttpStatus.BAD_REQUEST);
}
I've considered just changing the Date property of the object to a String, but I know that's against best practices. The reason why I want to use the handleMethodArgumentNotValid is because I have custom constraint annotations on fields in my objects that specify a key that I can access via MethodArgumentNotValidException.getBindingResult() like so:
#RequiredFieldConstraint(key = "label")
private String label;
The client can then use those keys to determine which input field will show an error. If I used the method below to catch the InvalidFormatException then I don't have access to those keys specified by the field annotations.
#ExceptionHandler(value = {InvalidFormatException.class})
protected ResponseEntity<Object> handleException(Exception e){
//can't access annotation keys in this method body
return ResponseEntity.badRequest().body("bad");
}
I need to be able to validate ALL inputs sent in the #ResponseBody in order to send the appropriate error message back to the client but I'd still like to utilize deserializing the #RequestBody directly into an object. Does anyone have ideas on how to approach or work around this?
I found a work around for this by implementing a custom deserializer for Dates so that it catches the InvalidFormatException but still returns a new Date() with .setTime(-1) that I can check for in my handleMethodArgumentNotValid method along with all the other inputs.

#ExceptionHandler not working in a Service class

The below is a service class
#Service
class Test {
public Object findEmployees1(String id, String dbId) {
return employeeRepo.findByDatabaseIdAndIdentifier(dbId, id);
}
public Object findEmployees2(String name, String dbId) {
Object records = employeeRepo.findByNameAndDatabaseId(name, dbId);
}
#ExceptionHandler(Exception.class)
public void internalErrorExceptionHandler(Exception ex) {
LOGGER.error("Log the exception here");
throw new InternalErrorException(ex.getMessage());
}
}
I want if any exception(eg some SQLException) comes in any of the method in the class test , it gets caught by the #ExceptionHandler and is logged there and re thrown
I cannot use #ExceptionHandler with #ControllerAdvice as I don't have any class with #Controller annotation on it . I am writing just a common module to get data from the database.
When I execute the code , the log under #ExceptionHandler is not printed as it never gets called.
The requirement is to log and rethrow a common exception if any exception comes in any of the service class methods without having individual try catch statements in each method.
As suggested, you can use spring aop to handle such exceptions. Instead of duplicating I will link to the existing question I have tried to answer here.
The other way is, if you are using ByteBuddy, you can use following annotation on the method which is expected to throw exception.
#Advice.OnMethodExit(onThrowable = RuntimeException.class)

Migrating from SimpleFormController based implementation in Spring 2.5 to annotation based Controllers in Spring 4

I am facing an issue while migrating from spring 2.5 to 4. Earlier my code was using implementations of SpringForController and since they are deprecated, I need to switch to annotation based controller configuration. These are some of the overridden methods used in spring 2.5 :
protected Map referenceData(HttpServletRequest request, Object command,
Errors errors) throws Exception {
//custom code
}
protected ModelAndView onSubmit(HttpServletRequest request,
HttpServletResponse response, Object command, BindException errors)
throws Exception {
MyObject obj = (MyObject) command;
// custom code
}
protected void initBinder(HttpServletRequest request,
ServletRequestDataBinder binder) {
super.initBinder(request, binder);
//custom code
}
protected void onBindAndValidate(HttpServletRequest request,
Object command, BindException error) throws Exception {
super.onBindAndValidate(request, command, error);
// custom code
}
protected Object formBackingObject(HttpServletRequest request)
throws Exception {
//custom code
}
I have annotated the referenceData method using getMapping and tweaked the code for it to render a form. The same goes for InitBinder method as well. As for the post method(onSubmit method), I have done the following :
#RequestMapping(value = "myCustomUrl", method = RequestMethod.POST)
protected ModelAndView onSubmit(HttpServletRequest request, #ModelAttribute("command")
EmployeeForm employeeForm)
throws Exception {
//custom code
}
The issue I am facing is with the binding of data. The object EmployeeForm contains a lot more fields that doesn't have corresponding fields in the form being submitted. And because of this those values are being set to the default values(null if it is an object and 0 if it is a number). These fields in EmployeeForm may be populated through separate requests. But when I submit the above form, all the fields in EmployeeForm that are not in the form request will be taken as null(or their default values depending on the type of data). This was handled in spring 2.5 using the formBackingObject by which the fields in the command Object is bound to. Is there a way to do the same than getting the respective entity from the database and setting each field submitted by the form manually in to the entity?
As for the logic written in onBindAndValidate, should I use annotations with custom validator in the model class for validating or is there any other way to make it work as there are many custom code in it other than that deals with validation.

Databinding in the controller using spring throws exception

I have a controller with method parameter as model say
public Response create(Customer customer){
}
Customer model :customer model looks like
#JsonTypeInfo( use = JsonTypeInfo.Id.NAME,property = "type")
#JsonSubTypes({#Type(value = Config.class, name = "IPC")})
public class Customer(){
private String type; }
From swagger UI if i send type as IPC its works fine, but any other value than IPC throws an 400 exception while binding.How can i catch this exception inside controller
try to use the #ExceptionHandler annotation
The documentation of Spring 4 (http://docs.spring.io/spring/docs/current/spring-framework-reference/htmlsingle/#mvc-ann-exceptionhandler) states that
The HandlerExceptionResolver interface and the
SimpleMappingExceptionResolver implementations allow you to map
Exceptions to specific views declaratively along with some optional
Java logic before forwarding to those views. However, in some cases,
especially when relying on #ResponseBody methods rather than on view
resolution, it may be more convenient to directly set the status of
the response and optionally write error content to the body of the
response.
You can do that with #ExceptionHandler methods. When declared within a
controller such methods apply to exceptions raised by #RequestMapping
methods of that controller (or any of its sub-classes). You can also
declare an #ExceptionHandler method within an #ControllerAdvice class
in which case it handles exceptions from #RequestMapping methods from
many controllers. Below is an example of a controller-local
#ExceptionHandler method:
So, in your controller you can have a method like this
#ExceptionHandler(MethodArgumentNotValidException.class)
public String handleArgumentNotValid(MethodArgumentNotValidException e, ModelMap map, HttpServletRequest request) {
List<ObjectError> errors = e.getBindingResult() .getAllErrors();
//you can get the exception e,
//you can get the request
//handle whatever you want the then return to view
return "your view that you will handle the exception";
}

Spring validation keeps validating the wrong argument

I have a controller with a web method that looks like this:
public Response registerDevice(
#Valid final Device device,
#RequestBody final Tokens tokens
) {...}
And a validator that looks like this:
public class DeviceValidator implements Validator {
#Override
public boolean supports(Class<?> clazz) {
return Device.class.isAssignableFrom(clazz);
}
#Override
public void validate(Object target, Errors errors) {
// Do magic
}
}
}
I'm trying to get Spring to validate the Device argument which is being generated by an interceptor. But every time I try, it validates the tokens argument instead.
I've tried using #InitBinder to specify the validator, #Validated instead of #Validand registering MethodValidationPostProcessor classes. So far with no luck.
Either the validator is not called at all, or tokens argument is validated when I was the Device argument validated.
I'm using Spring 4.1.6 and Hibernate validator 5.1.3.
Can anyone offer any clues as to what I'm doing wrong? I've searched the web all afternoon trying to sort this out. Can't believe that the validation area of spring is still as messed up as it was 5 years ago :-(
Ok. Have now solved it after two days of messing about with all sorts of variations. If there is one thing Spring's validation lets you do - it's come up with an incredible array of things that don't work! But back to my solution.
Basically what I needed was a way to manually create request mapping arguments, validate them and then ensure that no matter whether it was a success or failure, that the caller always received a custom JSON response. Doing this proved a lot harder than I thought because despite the number of blog posts and stackoverflow answers, I never found a complete solution. So I've endeavoured to outline each piece of the puzzle needed to achieve what I wanted.
Note: in the following code samples, I've generalised the names of things to help clarify whats custom and whats not.
Configuration
Although several blog posts I read talked about various classes such as the MethodValidationPostProcessor, in the end I found I didn't need anything setup beyond the #EnableWebMvc annotation. The default resolvers etc proved to be what I needed.
Request Mapping
My final request mapping signatures looked like this:
#RequestMapping(...)
public MyMsgObject handleRequest (
#Valid final MyHeaderObj myHeaderObj,
#RequestBody final MyRequestPayload myRequestPayload
) {...}
You will note here that unlike just about every blog post and sample I found, I have two objects being passed to the method. The first is an object that I want to dynamically generate from the headers. The second is a deserialised object from the JSON payload. Other objects could just as easily be included such as path arguments etc. Try something like this without the code below and you will get a wide variety of weird and wonderful errors.
The tricky part that caused me all the pain was that I wanted to validate the myHeaderObj instance, and NOT validate the myRequestPayload instance. This caused quite a headache to resolve.
Also note the MyMsgObject result object. Here I want to return an object that will be serialised out to JSON. Including when exceptions occur as this class contains error fields that need to be populated in addition to the HttpStatus code.
Controller Advice
Next I created an ControllerAdvice class which contained the binding for validation and a general error trap.
#ControllerAdvice
public class MyControllerAdvice {
#Autowired
private MyCustomValidator customValidator;
#InitBinder
protected void initBinder(WebDataBinder binder) {
if (binder.getTarget() == null) {
// Plain arguments have a null target.
return;
}
if (MyHeaderObj.class.isAssignableFrom(binder.getTarget().getClass())) {
binder.addValidators(this.customValidator);
}
}
#ExceptionHandler(Exception.class)
#ResponseStatus(value=HttpStatus.INTERNAL_SERVER_ERROR)
#ResponseBody
public MyMsgObject handleException(Exception e) {
MyMsgObject myMsgObject = new MyMsgObject();
myMsgObject.setStatus(MyStatus.Failure);
myMsgObject.setMessage(e.getMessage());
return myMsgObject;
}
}
Two things going on here. The first is registering the validator. Note that we have to check the type of the argument. This is because #InitBinder is called for each argument to the #RequestMapping and we only want the validator on the MyHeaderObj argument. If we don't do this, exceptions will be thrown when Spring attempts to apply the validator to arguments it's not valid for.
The second thing is the exception handler. We have to use #ResponseBody to ensure that Spring treats the returned object as something to be serialised out. Otherwise we will just get the standard HTML exception report.
Validator
Here we use a pretty standard validator implementation.
#Component
public class MyCustomValidator implements Validator {
#Override
public boolean supports(Class<?> clazz) {
return MyHeaderObj.class.isAssignableFrom(clazz);
}
#Override
public void validate(Object target, Errors errors) {
...
errors.rejectValue("fieldName", "ErrorCode", "Invalid ...");
}
}
One thing that I still don't really get with this is the supports(Class<?> clazz) method. I would have thought that Spring uses this method to test arguments to decide if this validator should apply. But it doesn't. Hence all the code in the #InitBinder to decide when to apply this validator.
The Argument Handler
This is the biggest piece of code. Here we need to generate the MyHeaderObj object to be passed to the #RequestMapping. Spring will auto detect this class.
public class MyHeaderObjArgumentHandler implements HandlerMethodArgumentResolver {
#Override
public boolean supportsParameter(MethodParameter parameter) {
return MyHeaderObj.class.isAssignableFrom(parameter.getParameterType());
}
#Override
public Object resolveArgument(
MethodParameter parameter,
ModelAndViewContainer mavContainer,
NativeWebRequest webRequest,
WebDataBinderFactory binderFactory) throws Exception {
// Code to generate the instance of MyHeaderObj!
MyHeaderObj myHeaderObj = ...;
// Call validators if the argument has validation annotations.
WebDataBinder binder = binderFactory.createBinder(webRequest, myHeaderObj, parameter.getParameterName());
this.validateIfApplicable(binder, parameter);
if (binder.getBindingResult().hasErrors()) {
throw new MyCustomException(myHeaderObj);
}
return myHeaderObj;
}
protected void validateIfApplicable(WebDataBinder binder, MethodParameter methodParam) {
Annotation[] annotations = methodParam.getParameterAnnotations();
for (Annotation ann : annotations) {
Validated validatedAnn = AnnotationUtils.getAnnotation(ann, Validated.class);
if (validatedAnn != null || ann.annotationType().getSimpleName().startsWith("Valid")) {
Object hints = (validatedAnn != null ? validatedAnn.value() : AnnotationUtils.getValue(ann));
Object[] validationHints = (hints instanceof Object[] ? (Object[]) hints : new Object[] { hints });
binder.validate(validationHints);
break;
}
}
}
}
The main job of this class is to use whatever means it requires to build the argument (myHeaderObj). Once built it then proceeds to call the Spring validators to check this instance. If there is a problem (as detected by checking the returned errors), it then throws an exception that the #ExceptionHandler's can detect and process.
Note the validateIfApplicable(WebDataBinder binder, MethodParameter methodParam) method. This is code I found in a number of Spring's classes. It's job is to detect if any argument has a #Validated or #Valid annotation and if so, call the associated validators. By default, Spring does not do this for custom argument handlers like this one, so it's up to us to add this functionality. Seriously Spring ???? No AbstractSomething ????
The last piece, explicit Exception catches
Lastly I also needed to catch more explicit exceptions. For example the MyCustomException thrown above. So here I created a second #ControllerAdvise.
#ControllerAdvice
#Order(Ordered.HIGHEST_PRECEDENCE) // Make sure we get the highest priority.
public class MyCustomExceptionHandler {
#ExceptionHandler
#ResponseStatus(value = HttpStatus.BAD_REQUEST)
#ResponseBody
public Response handleException(MyCustomException e) {
MyMsgObject myMsgObject = new MyMsgObject();
myMsgObject.setStatus(MyStatus.Failure);
myMsgObject.setMessage(e.getMessage());
return myMsgObject;
}
}
Although superficially the similar to the general exception handler. There is one different. We need to specify the #Order(Ordered.HIGHEST_PRECEDENCE) annotation. Without this, Spring will just execute the first exception handler that matches the thrown exception. Regardless of whether there is a better matching handler or not. So we use this annotation to ensure that this exception handler is given precedence over the general one.
Summary
This solution works well for me. I'm not sure that I've got the best solution and there may be Spring classes which I've not found which can help. I hope this helps anyone with the same or similar problems.

Resources