验证功能在Spring中是很常用的。你可以使用注解或自己的验证器并将其绑定到请求中。本文将重点介绍第一种解决方案。第一部分将介绍注解验证流程。在第二部分中,将介绍基本实现的组件。最后一部分将包含Spring初学者开发人员常见错误的解释:是否有必要直接在验证对象之后放置BindingResult。
使用@Valid注解在Spring中进行验证流程
要了解使用标准Java @Valid或特定Spring @Validated注解的验证过程,我们首先需要了解Spring如何解析使用了@ModelAttribute注解的对象。它们在controller的方法签名进行注解。@ModelAttribute注解用于将动态请求参数转换为Java注解中指定的对象。例如,观察代码@ModelAttribute(“article”)Article article ,Spring会尝试将所有请求参数匹配到Article类的字段中。现在,假设这个类有两个字段:title和content。如果请求包含title和content参数,它们将被用作Article的title和content的值(后面会对@ModelAttribute方面的源码做进一步的分析)。
当我们有对象需要进行验证时,@ModelAttribute注解的处理器(org.springframework.web.method.annotation.ModelAttributeMethodProcessor)会检查是否必须应用验证注解。注解验证必须以“Valid”这个字眼开头。接下来,对象通过org.springframework.validation.DataBinder类中的public void validate(Object … validationHints)进行验证。该方法遍历所有可用的验证器,并调用每个验证器的validate方法。验证器取自带有validatorID的bean。这样,它可以与annotation-driven的xml配置相关联:
<mvc:annotation-driven validator="validator" >
如果未指定验证器bean,则将使用默认验证器:org.springframework.validation.beanvalidation.LocalValidatorFactoryBean。
如何在Spring中处理验证?
我们已经了解了验证流程。现在,我们可以专注于验证过程本身,即验证器是如何知道一个字段不正确的。LocalValidatorFactoryBean继承自同一个包下的SpringValidatorAdapter,但不会覆盖其的validate()方法。这些方法用于检查验证字段是否正确。更准确地说,SpringValidatorAdapter包含一个目标验证器字段(Validator类型的targetValidator)。它将在validate()方法中使用来验证已验证对象的所有字段。
public class SpringValidatorAdapter implements SmartValidator, javax.validation.Validator {
private static final Set<String> internalAnnotationAttributes = new HashSet<>(3);
static {
internalAnnotationAttributes.add("message");
internalAnnotationAttributes.add("groups");
internalAnnotationAttributes.add("payload");
}
@Nullable
private javax.validation.Validator targetValidator;
/**
* Create a new SpringValidatorAdapter for the given JSR-303 Validator.
* @param targetValidator the JSR-303 Validator to wrap
*/
public SpringValidatorAdapter(javax.validation.Validator targetValidator) {
Assert.notNull(targetValidator, "Target Validator must not be null");
this.targetValidator = targetValidator;
}
SpringValidatorAdapter() {
}
void setTargetValidator(javax.validation.Validator targetValidator) {
this.targetValidator = targetValidator;
}
...
@Override
public void validate(@Nullable Object target, Errors errors) {
if (this.targetValidator != null) {
processConstraintViolations(this.targetValidator.validate(target), errors);
}
}
@Override
public void validate(@Nullable Object target, Errors errors, @Nullable Object... validationHints) {
if (this.targetValidator != null) {
Set<Class<?>> groups = new LinkedHashSet<>();
if (validationHints != null) {
for (Object hint : validationHints) {
if (hint instanceof Class) {
groups.add((Class<?>) hint);
}
}
}
processConstraintViolations(
this.targetValidator.validate(target, groups.toArray(new Class<?>[groups.size()])), errors);
}
}
此验证的结果是由在SpringValidatorAdapter内的protected void processConstraintViolations(Set<ConstraintViolation<Object>> violations, Errors errors)方法处理得到。它将错误从JSR-303验证器附加到给定的Spring的错误对象(觉得别扭请看下面方法上的英文注释)。
/**
* Process the given JSR-303 ConstraintViolations, adding corresponding errors to
* the provided Spring {@link Errors} object.
* @param violations the JSR-303 ConstraintViolation results
* @param errors the Spring errors object to register to
*/
protected void processConstraintViolations(Set<ConstraintViolation<Object>> violations, Errors errors) {
for (ConstraintViolation<Object> violation : violations) {
String field = determineField(violation);
FieldError fieldError = errors.getFieldError(field);
if (fieldError == null || !fieldError.isBindingFailure()) {
try {
ConstraintDescriptor<?> cd = violation.getConstraintDescriptor();
String errorCode = determineErrorCode(cd);
Object[] errorArgs = getArgumentsForConstraint(errors.getObjectName(), field, cd);
if (errors instanceof BindingResult) {
// Can do custom FieldError registration with invalid value from ConstraintViolation,
// as necessary for Hibernate Validator compatibility (non-indexed set path in field)
BindingResult bindingResult = (BindingResult) errors;
String nestedField = bindingResult.getNestedPath() + field;
if ("".equals(nestedField)) {
String[] errorCodes = bindingResult.resolveMessageCodes(errorCode);
bindingResult.addError(new ObjectError(
errors.getObjectName(), errorCodes, errorArgs, violation.getMessage()));
}
else {
Object rejectedValue = getRejectedValue(field, violation, bindingResult);
String[] errorCodes = bindingResult.resolveMessageCodes(errorCode, field);
bindingResult.addError(new FieldError(
errors.getObjectName(), nestedField, rejectedValue, false,
errorCodes, errorArgs, violation.getMessage()));
}
}
else {
// got no BindingResult - can only do standard rejectValue call
// with automatic extraction of the current field value
errors.rejectValue(field, errorCode, errorArgs, violation.getMessage());
}
}
catch (NotReadablePropertyException ex) {
throw new IllegalStateException("JSR-303 validated property '" + field +
"' does not have a corresponding accessor for Spring data binding - " +
"check your DataBinder's configuration (bean property versus direct field access)", ex);
}
}
}
}
验证错误直接附加到DataBinder的private AbstractPropertyBindingResult bindingResult字段。
public class DataBinder implements PropertyEditorRegistry, TypeConverter {
/** Default object name used for binding: "target" */
public static final String DEFAULT_OBJECT_NAME = "target";
/** Default limit for array and collection growing: 256 */
public static final int DEFAULT_AUTO_GROW_COLLECTION_LIMIT = 256;
/**
* We'll create a lot of DataBinder instances: Let's use a static logger.
*/
protected static final Log logger = LogFactory.getLog(DataBinder.class);
@Nullable
private final Object target;
private final String objectName;
@Nullable
private AbstractPropertyBindingResult bindingResult;
@Nullable
private SimpleTypeConverter typeConverter;
此时它的值会在ModelAttributeMethodProcessor中检索:
if (binder.getBindingResult().hasErrors()) {
if (isBindExceptionRequired(binder, parameter)) {
throw new BindException(binder.getBindingResult());
}
}
controller方法内获取BindingResult
需要注意的是,要在控制器的方法中检索BindingResult,必须将BindingResult实例直接放在经过验证的对象之后。具体请看public String addArticle(@ModelAttribute(“article”) @Valid Article article, BindingResult result),BindingResult的实例将包含所有的验证错误。这时,如果你在Article和BindingResult实例之间放置另一个对象(例如:HttpServletRequest request),将抛出如下异常:
An Errors/BindingResult argument is expected to be declared immediately after the model attribute, the @RequestBody or the @RequestPart arguments to which they apply.
此错误消息的内容可以在org.springframework.web.method.annotation.ErrorsMethodArgumentResolver类中找到。此类用于从方法签名中解析错误实例。如果问为什么用ErrorsMethodArgumentResolver来解析BindingResults?简单来说,这是由于BindingResult接口扩展了Errors接口的缘故。所以,两者都可以用相同的参数解析器解决。
/**
* Resolves {@link Errors} method arguments.
*
* <p>An {@code Errors} method argument is expected to appear immediately after
* the model attribute in the method signature. It is resolved by expecting the
* last two attributes added to the model to be the model attribute and its
* {@link BindingResult}.
*
* @author Rossen Stoyanchev
* @since 3.1
*/
public class ErrorsMethodArgumentResolver implements HandlerMethodArgumentResolver {
@Override
public boolean supportsParameter(MethodParameter parameter) {
Class<?> paramType = parameter.getParameterType();
return Errors.class.isAssignableFrom(paramType);
}
@Override
public Object resolveArgument(MethodParameter parameter, @Nullable ModelAndViewContainer mavContainer,
NativeWebRequest webRequest, @Nullable WebDataBinderFactory binderFactory) throws Exception {
Assert.state(mavContainer != null, "Errors/BindingResult argument only supported on regular handler methods");
ModelMap model = mavContainer.getModel();
if (model.size() > 0) {
int lastIndex = model.size()-1;
String lastKey = new ArrayList<>(model.keySet()).get(lastIndex);
if (lastKey.startsWith(BindingResult.MODEL_KEY_PREFIX)) {
return model.get(lastKey);
}
}
throw new IllegalStateException(
"An Errors/BindingResult argument is expected to be declared immediately after the model attribute, " +
"the @RequestBody or the @RequestPart arguments to which they apply: " + parameter.getMethod());
}
}
从上面代码可以看出,由于BindingResult的放置的位置 不正确,而导致验证过程失败的方法其实很简单:
ModelMap model = mavContainer.getModel();
if (model.size() > 0) {
int lastIndex = model.size()-1;
String lastKey = new ArrayList<String>(model.keySet()).get(lastIndex);
if (lastKey.startsWith(BindingResult.MODEL_KEY_PREFIX)) {
return model.get(lastKey);
}
}
可以看到,它获得用于构建视图部分的模型数据的ModelMap。所要验证对象和BindingResult如果放置正确,那么所要打印的日志应该如下:
odel equals to {article=Article {text = }, org.springframework.validation.BindingResult.article=org.springframework.validation.BeanPropertyBindingResult: 1 errors
Field error in object 'article' on field 'text': rejected value []; codes [NotEmpty.article.text,NotEmpty.text,NotEmpty.java.lang.String,NotEmpty]; arguments [org.springframework.context.support.DefaultMessageSourceResolvable: codes [article.text,text]; arguments []; default message [text]]; default message [Text can't be empty]}
之后,将值放在ArrayList中,并获取最后一个 entry key。然后,检查此键是否以org.springframework.validation.BindingResult开头(BindingResult 接口的常量值)。如果是,该方法返回发现的Errors实例。否则,将抛出一个IllegalStateException异常。
public interface BindingResult extends Errors {
/**
* Prefix for the name of the BindingResult instance in a model,
* followed by the object name.
*/
String MODEL_KEY_PREFIX = BindingResult.class.getName() + ".";
/**
* Return the wrapped target object, which may be a bean, an object with
* public fields, a Map - depending on the concrete binding strategy.
*/
@Nullable
Object getTarget();
这篇文章讲了Spring 验证的一些过程细节。它的第一部分介绍了验证流程,从@ModelAttribute开始,并以验证器集合结束。第二部分看了看基本的Spring验证器。在最后,我们看到一个非常常见的bug,基于直接在验证对象之后放置BindingResult实例,并解释了其中的原理所在。
原文:Spring5源码解析-使用@Valid进行Spring验证
极乐科技:知乎专栏