- Published on
Mastering Data Validation with `@Valid` and `@Validated` Annotations in Spring
- Authors
-
-
- Name
-
Introduction
Data validation is a crucial part of any application. Incorrect or malformed data can lead to unexpected behavior, security vulnerabilities, and inaccurate calculations. Spring, one of the most popular frameworks for building Java applications, provides an excellent set of tools to ensure data integrity with
@Valid
and
@Validated
annotations. In this article, we'll delve deep into these annotations and understand how they can be effectively used to validate data.
@Valid
and
@Validated
Understanding
Both
@Valid
and
@Validated
are integral annotations in Spring when it comes to data validation. However, to harness their full potential, it's imperative to understand the nuances of each.
@Valid
-
Origin:
@Valid
is part of the Java Bean Validation specification (JSR 380) which Spring supports. Hence, it's not Spring-specific and can be used in other Java contexts too. -
Usage:
Primarily used to trigger validation on an object, especially on nested objects. When placed before a method argument, Spring’s validation mechanism inspects the object for any constraints (like
@NotNull
,@Size
, etc.) and ensures that they are satisfied.
Example:
public class UserProfile {
@Valid
private Address address;
In the above example, when a
UserProfile
object is validated, the nested
Address
object will also undergo validation.
-
Limitations:
While powerful,
@Valid
doesn't allow for group-based validation, i.e., applying specific validation rules under certain conditions.
@Validated
-
Origin:
Unlike
@Valid
,@Validated
is Spring-specific. It extends the functionality of@Valid
and provides more flexibility. -
Usage:
In addition to triggering validation just like
@Valid
,@Validated
provides the ability for group-based validation. This is particularly helpful when you want to have different validation rules for the same object based on different contexts (like create vs update operations).
Example:
public class User {
@NotBlank(groups = Creation.class)
private String username;
@Size(min = 8, groups = Update.class)
private String password;
public interface Creation {}
public interface Update {}
Now, when creating a user, only the
username
constraint is validated. When updating, only the
password
constraint is checked.
-
Advanced Use Cases:
Beyond its primary use in controllers,
@Validated
can be employed on Spring components, configurations, and services. For instance, when validating method parameters or even configuration properties.
Example:
@Service
@Validated
public class UserService {
public void registerUser(@Validated(Creation.class) User user) {
// business logic
In the above service, the
registerUser
method explicitly validates the
User
object based on the
Creation
group.
-
Limitations:
@Validated
cannot be used on nested fields within an object. For nested validation,@Valid
should still be used. Also, since@Validated
is Spring-specific, it might not be recognized outside of the Spring ecosystem.
Setting Up Data Validation
Before diving into annotations, ensure you have the necessary dependencies:
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-validator</artifactId>
<version>6.1.5.Final</version>
</dependency>
Creating Model with Constraints
Consider a simple
User
model:
import javax.validation.constraints.Email;
import javax.validation.constraints.NotBlank;
import javax.validation.constraints.Size;
public class User {
@NotBlank(message = "Name is mandatory")
private String name;
@Email(message = "Email should be valid")
private String email;
@Size(min = 6, message = "Password must be at least 6 characters long")
private String password;
// Getters, Setters, etc.
@Valid
in Controller
Using
Now, when you create a REST endpoint to accept the User object, use
@Valid
:
@RestController
@RequestMapping("/users")
public class UserController {
@PostMapping("/")
public ResponseEntity<String> createUser(@Valid @RequestBody User user) {
// Save user or perform some other operations
return ResponseEntity.ok("User created successfully");
If the
User
object does not satisfy the constraints, a
MethodArgumentNotValidException
will be thrown.
Handling Validation Errors
Ensuring data validation is only half the battle. The other half is gracefully handling the errors and communicating them back to the client. When validation rules are not met, Spring throws exceptions. Efficiently catching and processing these exceptions can greatly improve the user experience.
The Default Behavior
When a validation error occurs in a Spring application, a
MethodArgumentNotValidException
is thrown. By default, Spring returns a general error response with a 400 Bad Request status. This response contains detailed information about the errors, but it may be more verbose than needed and not always user-friendly.
Customizing the Error Response
Instead of relying on the default error structure, you can return a custom error message or object that fits the needs of your application or API consumers.
ExceptionHandler
Using
The
@ExceptionHandler
annotation can be used to define custom behavior when exceptions occur.
Example:
@RestControllerAdvice
public class CustomExceptionHandler {
@ExceptionHandler(MethodArgumentNotValidException.class)
public ResponseEntity<Object> handleValidationExceptions(MethodArgumentNotValidException ex) {
Map<String, String> errors = new HashMap<>();
ex.getBindingResult().getAllErrors().forEach((error) -> {
String fieldName = ((FieldError) error).getField();
String errorMessage = error.getDefaultMessage();
errors.put(fieldName, errorMessage);
});
return ResponseEntity.badRequest().body(errors);
This handler captures the
MethodArgumentNotValidException
and returns a more concise map of field names and their associated validation error messages.
Providing More Context
For more comprehensive APIs, it might be useful to provide additional context in the error response.
Example:
public class ApiValidationError {
private String field;
private String message;
private Object rejectedValue;
// Constructors, Getters, Setters
Using the above class:
@ExceptionHandler(MethodArgumentNotValidException.class)
public ResponseEntity<List<ApiValidationError>> handleDetailedValidationExceptions(MethodArgumentNotValidException ex) {
List<ApiValidationError> errors = ex.getBindingResult()
.getFieldErrors()
.stream()
.map(err -> new ApiValidationError(err.getField(), err.getDefaultMessage(), err.getRejectedValue()))
.collect(Collectors.toList());
return ResponseEntity.badRequest().body(errors);
Now, the error response also includes the actual value that caused the validation error, providing more insight for API consumers.
Global vs Controller-specific Handlers
While
@RestControllerAdvice
provides a global exception handling mechanism, sometimes you might want specific behaviors for specific controllers. Using
@ExceptionHandler
within a
@RestController
ensures the handler is active only for that particular controller.
Consider User Experience
Always consider the end-user when crafting error messages. Ensure messages are clear and guide users on how to rectify the problem. For example, instead of “Size must be between 8 and 30”, a more user-friendly message might be “Your password should be between 8 and 30 characters.”
@Validated
Group-Based Validation with
While
@Valid
is perfect for standard validation, there are scenarios where you might want specific validations based on certain conditions. This is where
@Validated
shines.
Define groups:
public interface OnCreate {}
public interface OnUpdate {}
Adjust the
User
model for group-based validation:
public class User {
@NotBlank(message = "Name is mandatory", groups = OnCreate.class)
private String name;
@Email(message = "Email should be valid", groups = OnCreate.class)
private String email;
@Size(min = 6, message = "Password must be at least 6 characters long", groups = OnUpdate.class)
private String password;
// Getters, Setters, etc.
Now, in your controller:
@PostMapping("/")
public ResponseEntity<String> createUser(@Validated(OnCreate.class) @RequestBody User user) {
//...
@PutMapping("/{id}")
public ResponseEntity<String> updateUser(@PathVariable Long id, @Validated(OnUpdate.class) @RequestBody User user) {
//...
The
createUser
method will validate
name
and
email
, while
updateUser
will validate the
password
.
Validating Spring Service Beans
In a typical Spring application, validation often occurs at the controller layer. However, sometimes, it’s essential to enforce validation rules within the service layer to ensure data integrity and business rule compliance. This can be achieved using the powerful
@Validated
annotation even outside of controller classes.
Why Validate at the Service Layer?
First, let’s understand why one might consider validation at the service level:
- Reusability: Services might be called from various parts of the application, not just controllers. Ensuring validation at the service level guarantees data consistency, no matter where the service is invoked from.
- Decoupling: Moving validation from the controller to the service decouples validation logic from the web layer, making services more modular and independent.
- Fine-grained Control: Service layer validation allows developers to introduce nuanced validation logic, taking into account various business scenarios that may not be immediately evident at the controller level.
@Validated
Basic Validation with
Just as in controllers, the
@Validated
annotation can be used on Spring service beans.
Example:
@Service
@Validated
public class UserService {
public void registerUser(@Validated User user) {
// Handle user registration
In the above example, when
registerUser
is called, Spring will validate the
User
object. If validation fails, a constraint violation exception will be thrown.
Group-based Validation in Services
Group validation can also be seamlessly integrated into services. For instance, suppose you have different validation groups for creating and updating a user.
Example:
@Service
@Validated
public class UserService {
public void createUser(@Validated(OnCreate.class) User user) {
// Handle user creation
public void updateUser(@Validated(OnUpdate.class) User user) {
// Handle user update
Here,
createUser
method validates the
User
object based on the
OnCreate
group, and
updateUser
validates based on the
OnUpdate
group.
Handling Validation Exceptions in Services
While handling validation exceptions in controllers is common, handling them within services allows for more specific error handling and messaging. For instance, transforming a validation exception into a custom business exception that the service layer consumers can understand and handle.
Example:
@Service
@Validated
public class UserService {
public void createUser(@Validated(OnCreate.class) User user) {
try {
// Logic