我的应用程序中有一个使用 cookie (request.getCookies) 来验证验证码的验证。
我想为此验证码验证创建一个 ConstraintValidator,因此它与其他 bean 的属性一起被验证 - 正如 JSR-303 Bean Validation 所指定的那样。
有没有办法在 ConstraintValidator 中检索 HttpServletRequest?
【问题讨论】:
标签: java spring validation
假设(由于存在标签)您使用的是 Spring,最新版本是一个 (>=2.5.1),这应该很简单
package org.yourapp.controller.validation;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.context.support.SpringBeanAutowiringSupport;
import javax.servlet.http.HttpServletRequest;
import javax.validation.ConstraintValidator;
import javax.validation.ConstraintValidatorContext;
public class YourValidator implements ConstraintValidator<YourValidatorAnnotaion, String> {
// here should be autowired a proxy to currently undergoing request
@Autowired
private HttpServletRequest request;
@Override
public void initialize(YourValidatorAnnotaion constraintAnnotation) {
// this should autowire all dependencies of this class using
// current application context
SpringBeanAutowiringSupport.processInjectionBasedOnCurrentContext(this);
}
@Override
public boolean isValid(String value, ConstraintValidatorContext context) {
// here goes your custom logic for validation, like matching
// captcha challenge to captcha response, but i am not doing
// this for you, as i don't know what it supposed to be, so
// i simply test presence of cookies.
return request.getCookies().length > 0;
}
}
为了完整起见,这里是一个示例@YourValidatorAnnotaion 实现:
package org.yourapp.controller.validation;
import javax.validation.Constraint;
import javax.validation.Payload;
import java.lang.annotation.Retention;
import java.lang.annotation.Target;
import static java.lang.annotation.ElementType.*;
import static java.lang.annotation.RetentionPolicy.RUNTIME;
@Constraint(validatedBy = YourValidator.class)
@Target({ METHOD, FIELD, ANNOTATION_TYPE, CONSTRUCTOR, PARAMETER })
@Retention(RUNTIME)
public @interface YourValidatorAnnotaion {
String message() default "No cookies - no validation";
Class<?>[] groups() default {};
Class<? extends Payload>[] payload() default {};
}
就是这样。现在,如果您使用 @YourValidatorAnnotaion 注释您的 DTO 字段,那么只要在请求标头中没有 cookie 的情况下调用具有此类 @Valid @RequestBody 参数的控制器时,您就会收到错误消息。
【讨论】:
ConstraintValidator 的实现必须是线程安全的,因为它们可以重复使用。这似乎不可能是线程安全的。谢谢。
Could not autowire. No beans of 'HttpServletRequest' type found. 但代码以某种方式工作。我在调试模式下检查。这是为什么呢?