I am planning to use Spring 3 validations in my Web Application. I was considering that since I already have the properties of my JPA entities annotated with some standard validations like nullable="false" or length="50". Is there any way I could reuse JPA validations in Spring 3 Backing forms?
I feel a better idea would be to recode the validations on the Spring form as we can have more helpful error messages. What do you think -
Is it possible in a clean way to reuse JPA validations in Spring forms?
What is a better design - reimplement the validations or reuse the basic ones and code more specific validations separately?
In my experience, as soon as you write a custom Validator you're responsible for validating all fields regarding Spring's WebDataBinder. Validation constraint annotations still throw exceptions though if violated.
Related
I have a project using Kotlin in Spring Boot. The tables have the standard audit fields 'createdBy', 'createdDt'. Is there a way to handle setting these fields in some way that doesn't involve passing these fields around? Ideally I'd like to intercept every transaction before commit and just set the fields on the entities.
Using JPA and Hibernate, an AuditAware bean could be used to pass the current Principal along with using annotations. Is there a similar integration available or easily implemented? I've looked at the EntityHooks class and don't see an easy way to change data.
I'd like to disable Hibernate validation for a single entity in my application, which I validate manually. The rest of entites should continue to use the standard Hibernate validation on persist.
The standard solution is to disable all validation via javax.persistence.validation.mode: none but this doesn't apply here as I just want to bypass it for a single entity.
So far the solutions appear to be:
Add Hibernate groups to every single annotation on the entity - this is error prone and cumbersome as the entity has 50+ annotations on it.
Replace or override BeanValidationEventListener to skip validation for my entity - there doesn't appear to be a clean way to override this listener with Spring Boot 2.0.
Are there other, simpler ways to do this with Hibernate and Spring?
I have been working on a system that does user input validation only on the JSF Managed Beans. Theoretically, on the college bench, we are told to always replicate the validation on the business layer (or when it is not possible, on the persistence layer: through Bean Validation API or Hibernate Listeners).
However, after some research, I concluded that there is no security breach on that because JSF does not allow direct access to nothing "bellow" it. But I really want to be proven wrong.
It may not be a security breach when you are only using JSF. In general I think it's best to have your validation and authorization as close to your data storage as possible. If you for example would decide to add a REST service to your application, your validation and authorization is already taken care of.
If you are using javax.validation, there is no need to replicate the validation in JSF when you are using a component library like PrimeFaces. In PrimeFaces you can simply use bean validation based on your javax.validation annotations.
Spring MVC offers form validation through both annotations on the forms (for example #NotNull) to do a simple check of the value of a field, and custom Validators, which help you do cross-field validations (verifying two password fields contain the same value, etc).
I am looking for the recommended way to do validations that go a bit further, however. For example verify if a username is not used already, which requires a call to the database. I assume I can simply inject my PersonRepository into the custom validator (which is an #Component) after all, but I doubt it'll be transactionally safe..or very clean.
What is the recommended way to do this, that requires the least amount of duplicated code? Or should I simply write my own validation layer, that throws some ValidationException with a list of validationmessages, which I have to map to the bindingresult?
To just clearify: Spring MVC don't offers form validation by itself. It integrates with Java Bean validation vendors (like Hibernate Validator).
You're right: If you configure LocalValidatorFactoryBean as a bean in your application context, you benefit from dependency management in your custom validators. In my opinion there is no need to implement a custom validation layer within your setup, since you already have a powerful and generic abstraction of validation which even conforms to Java standards.
If you worry about whether calling your repository in validator is transaction safe or not see http://docs.spring.io/spring-data/jpa/docs/1.8.2.RELEASE/reference/html/#transactions for details. CRUD operations are transactional by default. If you need a more sophisticated validation logic with needs a transaction context, you could either make your isValid(...) method transactional by annotating it, or you could autowire a business service with likely is transactional by itself. This perfectly integrate with the concepts of Spring.
Use the same business transaction
If you need to handle validation and business logic (check whether a user name is already used and insert a new if not) in the same transaction you could think about restricting those validations in Controller layer to the basic ones (#NotNull for example). This will ensure, that only syntactic correct requests make their way to your service layer.
In the service you will use an autowired validator and trigger the entire validation constraints manually. If you have a combination Hibernate as JPA vendor and Hibernate as Validation vendor you could even make use of the integration of both (pre persit and pre update events) which will cause the validation to occur automatically before the changes are written to the database.
However you decide, you will likely use validation groups to split the constraints into two groups 'syntactic' and 'semantic' for example. If you call the validator manually you can pass the groups you want to take into account. If you use integrated validation with Hibernate you can control the groups for the different events by specifying the following properties:
javax.persistence.validation.group.pre-persist
javax.persistence.validation.group.pre-update
If you decide for this way you will simply call your transactional business service method from your controller. Business logic and validation will participate in the same transaction this way.
I have an Java Server Faces web application and I am unsure how to handle the validation.
In my opinion the validation should be done in the bussiness logic tier. The business logic layer is used inside the web presentation (jsf) and REST-API.
At the moment i am doing also the validation inside the jsf layer with the provided validators. I think that is in the most cases only duplication of code. Is there any way to avoid this code duplication? Is java server faces able to use the validation exceptions that i am throwing inside the business logic layer?
Bean Validation has been invented for exactly this case.
You annotate your entities with constraints, and these constraints will be honoured by both your business logic (via EJB, CDI and/or JPA) as well as by JSF.
For the small amount of validations that you can't express via Bean Validation but are truly business associated; yes, throw an exception, catch it in your backing bean and set a corresponding Faces message (hint: use OmniFaces' Messages to make this easier). Equally, for the small amount of validations that you can't express with Bean Validation and which are strongly view oriented; use JSF native validators.