I am looking for best practices regarding server-side validation and handling of validation errors on the server side.
My business logic is about updating a Curriculum entity. The browser consumes a Spring MVC REST webservice method which is given below.
I have implemented client-side javascript validation but I also need server-side validation for security reasons (someone could for example use a REST client in order to send arbitrary data to my webservice method).
@RequestMapping(value = "/{id}", method = PUT, produces = "application/json")
public Curriculum updateCurriculum(@PathVariable("id") Long curriculumId, @RequestBody @Validated({ ValidationGroups.CurriculumUpdate.class }) Curriculum curriculum,
BindingResult bindingResult, HttpServletResponse response, @CurrentMember Member member) {
if (bindingResult.hasErrors()) {
return curriculum;
}
return curriculumService.updateCurriculum(member, curriculumId, curriculum);
}
- My first question is what do I return to the client - if anything - should there be server-side validation errors picked up by my JSR 303 implementation (such as a missing datum in the curriculum object for example). As of now I return the Curriculum object as it was received by the server from the client.
- My second question is what HTTP status should I return to the client (in the response) in case of server side errors?
- And more broadly, does the above code follow REST best practices as far as dealing with data received by the server? Can it be improved?
