springspring-bootmodel-view-controllerspring-validation

Network calls inside custom validations in spring boot


I need to validate a number of fields in my REST Api. Is there a specific pattern to do this ? My api is cluttered with these validation calls.

  1. Check auth token in the http request against another service to verify access permissions.

  2. Validate a number of fields in request body such as category, type etc by making calls to another service.

  3. Generic null & empty checks. Currently I'm using spring validation to do this.


Solution

  • Check auth token in the http request against another service to verify access permissions

    I would suggest validating the token in a filter before the request reaches the controller.

    Something like this

    1. Create a new token validation filter
        @Component
        public class TokenValidationFilter extends OncePerRequestFilter {
            private TokenValidationService tokenValidationService;
        
            @Override
            protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
                    throws ServletException, IOException {
        
                final String authorizationHeader = request.getHeader("Authorization");
                
              boolean isValid = tokenValidationService.validate(authorizationHeader);
                //do authentication here 
                chain.doFilter(request, response);
            }
        }
    

    Add the filter to http filters

    public class SecurityConfig extends WebSecurityConfigurerAdapter {
    
        @Override
        protected void configure(HttpSecurity http) throws Exception {
            http.addFilterBefore(jwtRequestFilter, UsernamePasswordAuthenticationFilter.class); // this just an example you might needed to added before a different filter 
        }
    }
    

    Validate a number of fields in request body such as category, type etc by making calls to another service.

    Spring allows creating custom constraints. See spring doc.

    Example: UniqueUsername interface

    @Documented
    @Constraint(validatedBy = UniqueUsernameValidator.class)
    @Target( { ElementType.METHOD, ElementType.FIELD,ElementType.TYPE })
    @Retention(RetentionPolicy.RUNTIME)
    public @interface UniqueUsername {
        String message() default "username is not unique";
        Class<?>[] groups() default {};
        Class<? extends Payload>[] payload() default {};
    }
    
    public class UniqueUsernameValidator implements ConstraintValidator<UniqueUsername, UserDto> {
        private final UserService usersService;
    
        @Override
        public void initialize(UniqueUsername constraintAnnotation) {
    
        }
    
        @Override
        public boolean isValid(UserDto value, ConstraintValidatorContext context) {
           return usersService.isUnique(value.getUsername());
        }
    
    }
    

    user dto:

    
    @UniqueUsername(message = "Username is used")
    public class UserDto {
        @DecimalMin(value = "0")
        private long id;
        @NotBlank(message = "Username can not be blank")
        private String username;
    }
    

    Note that the constraints could be class level like UniqueUsername or filed level like NotBlank.

    Generic null & empty checks. Currently I'm using spring validation to do this.

    spring validation/constraints is correct.