SmartValidator which supports JSR-303 validation groups [SPR-15483]

[spring-projects-issues]

Eric Deandrea opened SPR-15483 and commented

I've had this feature in my own codebase for quite some time & I'm looking to potentially contribute it back to Spring. I wanted to start this discussion first before I go through all the "hoops" of submitting a pull request to see if it would be wanted. This is the javadoc from the code:

/**
 * Extend this to create a Spring MVC {@link org.springframework.validation.Validator Validator} class which is capable of doing partial validations,
 * using the <a href="http://beanvalidation.org/1.0/spec/#constraintdeclarationvalidationprocess-groupsequence">JSR 303 specification for groups</a>.
 * <p>
 * Custom validation methods must be declared as public void and can be given any name (other than <code>validate</code> or <code>supports</code>.
 * They must take in two parameters: first a target instance of type &lt;T&gt;, followed by an {@link Errors} object. They can then optionally be assigned to a specific {@link ValidationGroup}.
 * <p>
 * Find below a variation of the {@link org.springframework.validation.Validator Validator} class's javadoc example where the userName and password properties can be validated in different actions of your <code>Controller</code>.
 *
 * <pre><code>
 public class UserLoginValidator extends GroupedValidator&lt;UserLogin&gt; {
 	private static final int MINIMUM_PASSWORD_LENGTH = 6;

 	public interface Identity {
 	}

 	public interface Secret {
 	}

	&#064;ValidationGroup(Identity.class)
	public void validateUserName(UserLogin login, Errors errors) {
		ValidationUtils.rejectIfEmptyOrWhitespace(errors, &quot;userName&quot;, &quot;field.required&quot;);
	}

	&#064;ValidationGroup(Secret.class)
	public void validatePassword(UserLogin login, Errors errors) {
		ValidationUtils.rejectIfEmptyOrWhitespace(errors, &quot;password&quot;, &quot;field.required&quot;);

		if (login.getPassword() != null &amp;&amp; login.getPassword().trim().length() &lt; MINIMUM_PASSWORD_LENGTH) {
			errors.rejectValue(&quot;password&quot;, &quot;field.min.length&quot;, new Object[] { Integer.valueOf(MINIMUM_PASSWORD_LENGTH) },
				&quot;The password must be at least [&quot; + MINIMUM_PASSWORD_LENGTH + &quot;] characters in length.&quot;);
		}
	}
}</code></pre>
<p>You would then &quot;run&quot; a group by using Spring's {@link org.springframework.validation.annotation.Validated Validated} annotation in your controller action method, similar to this (in a standard {@link org.springframework.stereotype.Controller Controller}):
<pre><code>
	&#064;PostMapping("/identity")
	public void postIdentity(&#064;Validated(Identity.class) &#064;ModelAttribute UserLogin login)
</code></pre>
<p>or this (in a {@link org.springframework.web.bind.annotation.RestController RestController}):
<pre><code>
	&#064;PostMapping("/identity")
	public void postIdentity(&#064;Validated(Identity.class) &#064;RequestBody UserLogin login)
</code></pre>
 */

---

No further details from SPR-15483

[spring-projects-issues]

Feliks Khantsis commented

what are you talking about? Validation groups have been supported since forever.

public class Book {
@NotNull(groups={Edit.class})
@Null(groups={Registration.class})
private int id;

@NotNull
private String title;

}

[spring-projects-issues]

Eric Deandrea commented

Yes Validation groups have been supported for a long time. My enhancement allows taking the concept of groups and applying it to a class that implements the Validator interface rather than using the JSR-303 annotations. The problem with the annotations is that it doesn't allow you to do cross-attribute validation (i.e. a class has 4 attributes and one of them is required, but it doesn't matter which so long as 1 of them isn't null - or the validation rules of some attributes on a class depend on the value(s) of other attributes). In these cases you can't use the JSR-303 annotations because the annotations only apply to a single attribute.

My enhancement would allow the Validator interface itself to look like it was not build prior to JDK 1.5 (by supporting generics and removing the need for the implementer to have to implement the supports method and having to cast Object to their model object type.

It would also allow for defining Validator methods and tagging them with groups - similar to how you would define groups using the JSR-303 annotations.

If we look at the Javadocs for the Validator interface and look at that example - with my enhancement that example could look like this:

public class UserLoginValidator extends GroupedValidator<UserLogin> {
 	private static final int MINIMUM_PASSWORD_LENGTH = 6;
 
 	public interface Identity {
 	}
 
 	public interface Secret {
 	}
 
	@ValidationGroup(Identity.class)
	public void validateUserName(UserLogin login, Errors errors) {
		ValidationUtils.rejectIfEmptyOrWhitespace(errors, "userName", "field.required");
	}
 
	@ValidationGroup(Secret.class)
	public void validatePassword(UserLogin login, Errors errors) {
		ValidationUtils.rejectIfEmptyOrWhitespace(errors, "password", "field.required");
 
		if (login.getPassword() != null && login.getPassword().trim().length() < MINIMUM_PASSWORD_LENGTH) {
			errors.rejectValue("password", "field.min.length", new Object[] { Integer.valueOf(MINIMUM_PASSWORD_LENGTH) },
				"The password must be at least [" + MINIMUM_PASSWORD_LENGTH + "] characters in length.");
		}
	}
}

In your controller you would invoke the validator by doing something like

@PostMapping("/identity")
public void doPost(@Validated(Identity.class) @ModelAttribute UserLogin userLogin, BindingResult userLoginBindingResult) {
  
}

or

@PostMapping(value = "/identity", accepts = { MediaType.APPLICATION_JSON_VALUE, MediaType.APPLICATION_XML_VALUE })
public void doPost(@Validated(Identity.class) @RequestBody UserLogin userLogin) {

}

[edeandrea]

Circling back to this - does the Spring team feel this would be a useful contribution? The big thing this enhancement provides is the ability for writing Validators that can do cross-attribute validation using the JSR-303 group concept.

[jhoeller]

After introducing some typed factory methods for programmatic Validator implementations in #30341, I don't see us extending this to validation groups through annotation-based dispatching. However, we could consider a convenient mechanism for Class-based differentiation in a programmatic validator implementation.

Generally speaking, Validator serves in an SPI role (which is where the supports method comes from) as well as a programmatic role these days. While we do not mean to turn this into a full-fledged user programming model, there is certainly room for further improvement in that direction.