3

I am pretty new in Spring MVC and I have imported a tutorial project related to server side validation and I have some doubt about how exactly it works.

So I have this login page named login.jsp that contain this login form:

<form:form action="${pageContext.request.contextPath}/login" commandName="user" method="post">

    <table>

        <tr>
            <td><label>Enter Username : </label></td>
            <td><form:input type="text" path="username" name="username" />
                <br> <form:errors path="username" style="color:red;"></form:errors>
            </td>
        </tr>

        <tr>
            <td><label>Enter Password : </label></td>
            <td><form:input type="password" path="password" name="password" />
                <br> <form:errors path="password" style="color:red;"></form:errors>
            </td>
        </tr>

        <tr>
            <td>&nbsp</td>
            <td align="center"><input type="submit" value="Login" /></td>
        </tr>

    </table>

</form:form>

that I think use the object specified by the commandName="user" attribute retrieved from the model (correct me if I am wrong) to store the username and password inserted by the user.

This commandName="user" is an instance of this User class:

import javax.validation.constraints.Size;
import org.hibernate.validator.constraints.NotBlank;

public class User {

    @NotBlank(message="Username can not be blank")
    private String username;
    
    @Size(min=6,message="Password must be atleast 6 characters long")
    private String password;
    
    private String gender;
    private String vehicle;
    private String country;
    private String image;

    ...............................................
    ...............................................
    GETTER AND SETTER METHODS
    ...............................................
    ...............................................
}

So as you can see there are the @NotBlank and @Size validation annotation declared on the username and password fields.

And here the first doubt: what exactly is the difference from the 2 used library javax.validation and org.hibernate.validator ?

Why in the tutorial use both? Can I do the same thing using only the hibernate validator library? (I think that I can specify the valid length of a string using the Hibernate validator, or not)?

So then when the login form is submitted it generate and HttpRequest toward the /login resource that is handled by this method declared into a controller class:

@RequestMapping(value="/login" , method=RequestMethod.POST)
public String do_login(HttpServletRequest req , Model md , HttpSession session , @Valid User user, BindingResult br)
{
    try
    {
        //System.out.println(br.getAllErrors().size());
        
        String username = req.getParameter("username");
        String password = req.getParameter("password");
        
        System.out.println("Username and pasword are : "+username +"  "+ password);
        if(br.getAllErrors().size() > 0){
            System.out.println("Server side validation takes place....");
        }
        else{
        Login_Model lm = new Login_Model();
        String message = lm.do_login_process(username, password);
        
        if(message.equals("login success"))
        {
            session.setAttribute("username", username);
            return "redirect:/myprofile";
        }
        else
        {
            md.addAttribute("error_msg", message);
        }
        }
        return "login";
    }
    catch(Exception e)
    {
        return "login";
    }
}

OK, and now I have the following doubts about this method:

  1. It take this object as input parameter: @Valid User user. Who pass to it? I think that it could depend by the fact that in the form I specified commandName="user" so Spring automatically do it. Is it correct?

  2. From what I have understand the @Valid annotation automatically call the validation process. How it happen? is something related to the AOP feature provided by Spring? or what? Why this @Valid annotation is related only to the javax.validation library and not also to the Hibernate validator (so this @Valid annotation validate also the field annotated with Hibernate validator annotation? why?)

  3. From what I have understand if the user insert wrong values into the login form I can obtain this error by the BindingResult br input parameter. Using the debugger I can see that this object contain the error message defined by the annotation defined into the User model object. How exactly does this work?

halfer
  • 19,824
  • 17
  • 99
  • 186
AndreaNobili
  • 40,955
  • 107
  • 324
  • 596
  • 1
    Some other implementations: http://stackoverflow.com/questions/1384968/is-there-an-implementation-of-jsr-303-bean-validation-available and the spec itself: http://beanvalidation.org/1.0/spec/ – zapl Oct 10 '15 at 12:19
  • http://stackoverflow.com/q/38716703/4723795 it looks to be well answered – xenteros Aug 11 '16 at 14:30

3 Answers3

5

And here the first doubt: what exactly is the difference between the 2 used libraries javax.validation and org.hibernate.validator?

javax.validation comes from the JSR-303 API. You can look at the API classes for instance in this Maven dependency.

Hibernate validator is one of the implementations of JSR 303 (reference implementation actually), so it implements all of the API, but adds its own extensions, for instance the @NotBlank annotation you mention. Other implementation of JSR 303 is for instance Apache BVal.

It takes this object as input parameter: @Valid User user. Who passes it to the handler method?

Values to handler methods in Spring MVC are provided by implementations of interface HandlerMethodArgumentResolver. In your case the implementation that will be called to resolve User parameter will probably be ServletModelAttributeMethodProcessor. You can view source code and JavaDocs of these classes to see how they work internally.

The @Valid annotation will automatically call the validation process. How does this happend? Does it use AOP? Why this @Valid annotation is related only to the javax.validation library and not also to the Hibernate validator (so this @Valid annotation validate also the field annotated with Hibernate validator annotation?)

The validation process is invoked by ModelAttributeMethodProcessor, which is what previously mentioned class ServletModelAttributeMethodProcessor inherits from. It contains following method:

protected void validateIfApplicable(WebDataBinder binder, MethodParameter parameter) {
    Annotation[] annotations = parameter.getParameterAnnotations();
    for (Annotation ann : annotations) {
        if (ann.annotationType().getSimpleName().startsWith("Valid")) {
            Object hints = AnnotationUtils.getValue(ann);
            binder.validate(hints instanceof Object[] ? (Object[]) hints : new Object[] {hints});
            break;
        }
    }
}

If you look closely, you will see condition for the following expression:

ann.annotationType().getSimpleName().startsWith("Valid")

This means that Spring will invoke the validation if the parameter has any annotation which starts with Valid. It might be JSR 303's @Valid or Spring's @Validated which supports validation groups. It could even be your custom annotation, as long as its name starts with Valid.

From what I have understand if the user inserts wrong values into the login form I can obtain this error from the BindingResult handler parameter. Using the debugger I can see that this object contain the error message defined by the annotation defined into the User model object. How exactly works?

Let's go back to the ModelAttributeMethodProcessor class. There is following code in its resolveArgument method:

WebDataBinder binder = binderFactory.createBinder(webRequest, attribute, name);

This creates instance of WebDataBinder on which the validation is invoked in the previously mentioned validateIfApplicable method. The validation itself populates the BindingResult which is then provided to the controller handler method via ErrorsMethodArgumentResolver class, which once again implements HandlerMethodArgumentResolver.

TLDR: A lot of the thing you ask about in this question can be traced to various implementation of HandlerMethodArgumentResolver. I suggest to go through these classes and step through them using debugger to gain better understanding of them.

Bohuslav Burghardt
  • 33,626
  • 7
  • 114
  • 109
  • Tnx so much. Perfect explaination. Only another question. Where can I found deep framework explaination as this? Are there some valid book in addition to the official online documentation? – AndreaNobili Oct 11 '15 at 09:06
  • 1
    @AndreaNobili I'm afraid the the official documentation does not contain deep explanation of these low level concepts. The way I learn it is by going through the framework code (either "statically" or stepping through it using debugger) and reading the JavaDocs of the components. – Bohuslav Burghardt Oct 11 '15 at 09:13
  • So I think that I will follow your suggestion...in my spare time...because at work I am always to busy to can do something like this :-( – AndreaNobili Oct 11 '15 at 09:14
2

what exactly is the difference from the 2 used library javax.validation and org.hibernate.validator?

Bean Validation is a Java specification which lets you express constraints on object models via annotations, lets you write custom constraints in an extensible way. It's just a specification with no implementation at all. Hibernate Validator is an implementation of this specification. Hibernate Validator implements Bean Validation completely, also it has some features that's unique to hibernate. Put simply, javax.validation is the spec part and org.hibernate.validator are the hibernate unique features.

Can I do the same thing using only the hibernate validator library? (I think that I can specify the valid lenght of a string using the Hibernate validator, or not)?

Yes, you can but it's better to stick with javax.validation namespace and only use the unique features by vendor specific namespace such as org.hibernate.validator. The benefit of this approach is that you can switch Bean Validation implementation form Hibernate Validator to something else with minimum change.

Why in the tutorial use both?

Because @NotBlank constraint is not availalbe in Bean Validation spec and only provided by Hibernate Validator.

It take this object as input parameter: @Valid User user. Who pass to it? I think that it could depend by the fact that in the form I specified commandName="user" so Spring automatically do it. Is it correct?

Probably you have GET controller for login url which returns an empty User object, that in turn binds with spring tags such as <form:input type="text" path="username" name="username" />. When a user fills the form and submit it, spring collects those tag values and create an instance of User and passes it to controller.

Why this @Valid annotation is related only to the javax.validation library and not also to the Hibernate validator (so this @Valid annotation validate also the field annotated with Hibernate validator annotation? why?)

Already explained, Spec/Impl story!

Ali Dehghani
  • 46,221
  • 15
  • 164
  • 151
2
  1. Correct, called properties binding

  2. Spring 3+ supports JSR303Bean validation via @Validannotation, if any JSR 303 validator framework on the classpath. Hibernate Validator is one of the JSR 303 reference implementation

  3. Any constraint violations will be exposed as errors in the BindingResult object, thus you've to can check for the violations in the controller’s method like what you have

    if(br.getAllErrors().size() > 0){ System.out.println("Server side validation takes place...."); }

Summary, Spring MVC will validate the model object annotated by the @Valid annotation after binding its propertieswith inputs from JSP form that uses Spring’s form tags. Any constraint violations will be exposed as errors in the BindingResult object here is a good post

iamiddy
  • 3,015
  • 3
  • 30
  • 33