Spring 不输入自定义验证器

Question

我添加了 4 个自定义验证器来在我的控制器中进行一些检查。其中 3 个工作，但 ValidObjectIdentity 一个不工作。

这是我的约束映射.xml

<constraint-mappings xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                     xsi:schemaLocation="http://jboss.org/xml/ns/javax/validation/mapping validation-mapping-1.1.xsd"
                     xmlns="http://jboss.org/xml/ns/javax/validation/mapping" version="1.1">

    <bean class="org.springframework.security.acls.domain.AccessControlEntryImpl" ignore-annotations="true">
        <field name="sid">
            <constraint annotation="javax.validation.constraints.NotNull"/>
            <constraint annotation="package.validation.SidExists"/>
            <constraint annotation="package.validation.NonMatchingSid"/>
        </field>
        <field name="acl">
            <constraint annotation="javax.validation.constraints.NotNull"/>
        </field>
    </bean>

    <bean class="org.springframework.security.acls.domain.AclImpl">
        <field name="objectIdentity">
            <constraint annotation="javax.validation.constraints.NotNull"/>
            <constraint annotation="package.validation.ValidObjectIdentity"/>
        </field>
    </bean>

    <bean class="package.AccessControlEntryController">
        <method name="create">
            <parameter type="org.springframework.security.acls.model.AccessControlEntry">
                <constraint annotation="package.validation.ValidEntry"/>
            </parameter>
        </method>
    </bean>
</constraint-mappings>

@RestController
@RequestMapping(value = "/acl")
@Validated
public class AccessControlEntryController {

    @ResponseBody
    @RequestMapping(value = "/entry", method = RequestMethod.POST)
    @ResponseStatus(HttpStatus.CREATED)
    public AccessControlEntry create(@Valid @RequestBody AccessControlEntry entry){
        return aclService.createAccessControlEntry(entry);
    }
}

作为参考，我将AccessControlEntryImpl和AclImpl的结构放在这里

public class AccessControlEntryImpl implements AccessControlEntry, AuditableAccessControlEntry {

    private final Acl acl;
    private Permission permission;
    private final Serializable id;
    private final Sid sid;
    private boolean auditFailure = false;
    private boolean auditSuccess = false;
    private final boolean granting;

}

public class AclImpl implements Acl, MutableAcl, AuditableAcl, OwnershipAcl {
    private Acl parentAcl;
    private transient AclAuthorizationStrategy aclAuthorizationStrategy;
    private transient PermissionGrantingStrategy permissionGrantingStrategy;
    private final List<AccessControlEntry> aces = new ArrayList<>();
    private ObjectIdentity objectIdentity;
    private Serializable id;
    private Sid owner; // OwnershipAcl
    private List<Sid> loadedSids = null;
}

我可以看到工作验证器与 AccessControlEntry 直接相关，但 ObjectIdentity 与类 Acl 相关。即使AccessControlEntry 本身有Acl 类，它也不会成为验证器。有没有办法像其他人一样验证ObjectIdentity？

这是你想看的验证器

@Target(value = ElementType.FIELD)
@Retention(value = RetentionPolicy.RUNTIME)
@Constraint(validatedBy = ValidObjectIdentityValidator.class)
public @interface ValidObjectIdentity {

    String message() default "{package.ValidObjectIdentity.message}";

    Class<?>[] groups() default {};

    Class<? extends Payload>[] payload() default {};
}

public class ValidObjectIdentityValidator implements ConstraintValidator<ValidObjectIdentity, ObjectIdentity> {

    @Override
    public boolean isValid(ObjectIdentity identity, ConstraintValidatorContext context) {
      // Logic
    }
}

Answer 1

我了解到您希望在验证 AccessControlEntryImpl 时触发 ValidObjectIdentity？

默认情况下不会发生级联验证。您需要在 AccessControlEntryImpl.acl 或 <valid/> 节点上添加 @Valid 注释以进行相应的 XML 映射：

<field name="acl">
    <valid/>
</field>