0

I currently have the openApiSpec for a spring type of

 ExistingPaymentMethodRequest:
  additionalProperties: false
  type: object
  required:
    - tokenId
    - transactionId
  properties:
    tokenId:
      type: string
      example: '8ac7a4a2869f37d50186a210aac05eb6'
      pattern: '^[a-zA-Z0-9-]*$'
      minLength: 1
      maxLength: 200
    transactionId:
      type: string
      format: uuid
      example: 'b79cb3ba-745e-5d9a-8903-4a02327a7e09'
      pattern: '^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$'
      minLength: 36
      maxLength: 36

This produces a pojo via openApiGenerate of

data class ExistingPaymentMethodRequest(

@get:Pattern(regexp="^[a-zA-Z0-9-]*$")
@get:Size(min=1,max=200)
@get:JsonProperty("tokenId", required = true) val tokenId: kotlin.String,

@get:Pattern(regexp="^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$")
@get:Size(min=36,max=36)
@get:JsonProperty("transactionId", required = true) val transactionId: java.util.UUID

)

Which throws an exception when I send a request

jakarta.validation.UnexpectedTypeException: HV000030: No validator could be found for constraint 'jakarta.validation.constraints.Size' validating type 'java.util.UUID'. Check configuration for 'transactionId'

Which seems fairly reasonable given UUIDs have a fixed size. However removing the size/pattern restraints makes it fail the openApi audit by https://42crunch.com/

A string schema does not specify the maximum length for the accepted strings.

For more details, see the OpenAPI Specification.

What is the correct way to deal with this? Is there a way to make spring handle @Size and @Pattern on UUIDs? Or to force openapigenrator not to produce @Size and @Pattern on UUIDs?

Tom Squires
  • 8,848
  • 12
  • 46
  • 72

1 Answers1

0

Bottom Line Up Front

According to JSR-380, @Size only applies to String, Collection, Map, and Array objects. The Java specification confirms this in the Size Interface javadoc. in fact, even the swagger documentation states that "String length can be restricted using minLength and maxLength".

If you want to validate a uuid, you can declare your own custom validator and annotate it appropriately. Here is a very simple validator example on Stack overflow.

I assume the main issue here is with Crunch42.

Crunch42

I'm not entirely familiar with Crunch42, however it appears that they are forcing validation based on the type and not the format. This is likely because UUID is technically not a supported format for JSON or openapi. While it is commonly used, it is not defined in the swagger specification for data types. That means there is not requirement for spring or any other validation tool to include it in its validators. However, it is common enough that the openapi-generator will support the creation of a UUID object if it is defined in the format of the String. You have to keep in mind that the UUID is not a String, and the minLength and maxLength keywords do not apply to it. Remember, the generator isn't smart enough to know not to apply the annotations. It assumes that you know what you are doing, and if you apply those keywords to your specification, than it will apply the appropriate annotations to the generated models.

If 42crunch is requiring the keywords be defined, but you don't want them added to the resulting pojo, then you can limit this behavior via the use of vendor extensions and mustache templates. The specific template you would need to override would be beanValidationCore.mustache. You can simply add your vendor extension here to only generate with the extension does not exist.

tbatch
  • 1,398
  • 10
  • 21