1. Overview
This article covers a basic introduction to Spring Data REST Validators. If you need to first go over the basics of Spring Data REST, definitely visit this article to brush up on the basics.
这篇文章涵盖了对Spring Data REST验证器的基本介绍。如果你需要首先了解Spring Data REST的基础知识,一定要访问这篇文章,以了解基础知识。
Simply put, with Spring Data REST, we can simply add a new entry into the database through the REST API, but we of course also need to make sure the data is valid before actually persisting it.
简单地说,通过Spring Data REST,我们可以简单地通过REST API向数据库添加一个新条目,但我们当然也需要在实际持久化之前确保数据是有效的。
This article continues on an existing article and we will reuse the existing project we set up there.
And, if you’re looking to first get started with Spring Data REST – here’s a good way to hit the ground running:
而且,如果你想首先开始使用Spring Data REST–这里有一个很好的方法,可以让你一蹴而就。
2. Using Validators
Starting with Spring 3, the framework features the Validator interface – which can be used to validate objects.
从Spring 3开始,框架具有Validator接口–可用于验证对象。
2.1. Motivation
In the previous article, we defined our entity having two properties – name and email.
And so, to create a new resource, we simply need to run:
curl -i -X POST -H "Content-Type:application/json" -d
'{ "name" : "Test", "email" : "test@test.com" }'
This POST request will save the provided JSON object into our database, and the operation will return:
"name" : "Test",
"email" : "test@test.com",
"_links" : {
"self" : {
"href" : "http://localhost:8080/users/1"
"websiteUser" : {
"href" : "http://localhost:8080/users/1"
A positive outcome was expected since we provided valid data. But, what will happen if we remove the property name, or just set the value to an empty String?
To test the first scenario, we will run modified command from before where we will set empty string as a value for property name:
curl -i -X POST -H "Content-Type:application/json" -d
'{ "name" : "", "email" : "Baggins" }' http://localhost:8080/users
With that command we’ll get the following response:
"name" : "",
"email" : "Baggins",
"_links" : {
"self" : {
"href" : "http://localhost:8080/users/1"
"websiteUser" : {
"href" : "http://localhost:8080/users/1"
For the second scenario, we will remove property name from request:
curl -i -X POST -H "Content-Type:application/json" -d
'{ "email" : "Baggins" }' http://localhost:8080/users
For that command we will get this response:
"name" : null,
"email" : "Baggins",
"_links" : {
"self" : {
"href" : "http://localhost:8080/users/2"
"websiteUser" : {
"href" : "http://localhost:8080/users/2"
As we can see, both requests were OK and we can confirm that with 201 status code and API link to our object.
This behavior is not acceptable since we want to avoid inserting partial data into a database.
2.2. Spring Data REST Events
2.2.Spring Data REST事件
During every call on Spring Data REST API, Spring Data REST exporter generates various events which are listed here:
在每次调用Spring Data REST API期间,Spring Data REST导出器都会产生各种事件,这里列出了这些事件。
- BeforeCreateEvent
- AfterCreateEvent
- BeforeSaveEvent
- AfterSaveEvent
- BeforeLinkSaveEvent
- AfterLinkSaveEvent
- BeforeDeleteEvent
- AfterDeleteEvent
Since all events are handled in a similar way, we will only show how to handle beforeCreateEvent which is generated before a new object is saved into the database.
2.3. Defining a Validator
To create our own validator, we need to implement the org.springframework.validation.Validator interface with the supports and validate methods.
Supports checks if the validator supports provided requests, while validate method validates provided data in requests.
Let’s define a WebsiteUserValidator class:
public class WebsiteUserValidator implements Validator {
public boolean supports(Class<?> clazz) {
return WebsiteUser.class.equals(clazz);
public void validate(Object obj, Errors errors) {
WebsiteUser user = (WebsiteUser) obj;
if (checkInputString(user.getName())) {
errors.rejectValue("name", "name.empty");
if (checkInputString(user.getEmail())) {
errors.rejectValue("email", "email.empty");
private boolean checkInputString(String input) {
return (input == null || input.trim().length() == 0);
Errors object is a special class designed to contain all errors provided in validate method. Later in this article, we’ll show how you can use provided messages contained in Errors object.
To add new error message, we have to call errors.rejectValue(nameOfField, errorMessage).
要添加新的错误信息,我们必须调用errors.rejectValue(nameOfield, errorMessage)/em>。
After we’ve defined the validator, we need to map it to a specific event which is generated after the request is accepted.
For example, in our case, beforeCreateEvent is generated because we want to insert a new object into our database. But since we want to validate object in a request, we need to define our validator first.
This can be done in three ways:
- Add Component annotation with name “beforeCreateWebsiteUserValidator“. Spring Boot will recognize prefix beforeCreate which determines the event we want to catch, and it will also recognize WebsiteUser class from Component name.
@Component("beforeCreateWebsiteUserValidator") public class WebsiteUserValidator implements Validator { ... }
- Create Bean in Application Context with @Bean annotation:
@Bean public WebsiteUserValidator beforeCreateWebsiteUserValidator() { return new WebsiteUserValidator(); }
- Manual registration:
@SpringBootApplication public class SpringDataRestApplication implements RepositoryRestConfigurer { public static void main(String[] args) { SpringApplication.run(SpringDataRestApplication.class, args); } @Override public void configureValidatingRepositoryEventListener( ValidatingRepositoryEventListener v) { v.addValidator("beforeCreate", new WebsiteUserValidator()); } }
- For this case, you don’t need any annotations on WebsiteUserValidator class.
2.4. Event Discovery Bug
At the moment, a bug exists in Spring Data REST – which affects events discovery.
目前,Spring Data REST中存在一个bug–它影响了事件发现。
If we call POST request which generates the beforeCreate event, our application will not call validator because the event will not be discovered, due to this bug.
A simple workaround for this problem is to insert all events into Spring Data REST ValidatingRepositoryEventListener class:
解决这个问题的简单方法是将所有事件插入Spring Data REST ValidatingRepositoryEventListener类。
public class ValidatorEventRegister implements InitializingBean {
ValidatingRepositoryEventListener validatingRepositoryEventListener;
private Map<String, Validator> validators;
public void afterPropertiesSet() throws Exception {
List<String> events = Arrays.asList("beforeCreate");
for (Map.Entry<String, Validator> entry : validators.entrySet()) {
.filter(p -> entry.getKey().startsWith(p))
p -> validatingRepositoryEventListener
.addValidator(p, entry.getValue()));
3. Testing
In Section 2.1. we showed that, without a validator, we can add objects without name property into our database which is not desired behavior because we don’t check data integrity.
If we want to add the same object without name property but with provided validator, we will get this error:
curl -i -X POST -H "Content-Type:application/json" -d
'{ "email" : "test@test.com" }' http://localhost:8080/users
"error":"Not Acceptable",
"message":"Validation failed",
As we can see, missing data from request was detected and an object was not saved into the database. Our request was returned with 500 HTTP code and message for an internal error.
The error message doesn’t say anything about the problem in our request. If we want to make it more informational, we will have to modify response object.
In the Exception Handling in Spring article, we showed how to handle exceptions generated by the framework, so that’s definitely a good read at this point.
在Exception Handling in Spring一文中,我们展示了如何处理框架产生的异常,所以在这一点上,这绝对是一个好的阅读。
Since our application generates a RepositoryConstraintViolationException exception we will create a handler for this particular exception which will modify response message.
This is ours RestResponseEntityExceptionHandler class:
public class RestResponseEntityExceptionHandler extends
ResponseEntityExceptionHandler {
@ExceptionHandler({ RepositoryConstraintViolationException.class })
public ResponseEntity<Object> handleAccessDeniedException(
Exception ex, WebRequest request) {
RepositoryConstraintViolationException nevEx =
(RepositoryConstraintViolationException) ex;
String errors = nevEx.getErrors().getAllErrors().stream()
.map(p -> p.toString()).collect(Collectors.joining("\n"));
return new ResponseEntity<Object>(errors, new HttpHeaders(),
With this custom handler, our return object will have information about all detected errors.
4. Conclusion
In this article, we showed that validators are essential for every Spring Data REST API which provides an extra layer of security for data insertion.
在这篇文章中,我们展示了验证器对于每个Spring Data REST API都是必不可少的,它为数据插入提供了额外的安全层。
We also illustrated how simple is to create new validator with annotations.
As always, the code for this application can be found in the GitHub project.