0

We are using SpringBoot version 2.7.9, in which I am trying to switch off the automatic validation of the DTOs. However, this does not seem to work correctly in my case. We have defined the whole interface in OpenApi 3 and let it generate the DTOs and the interfaces for Spring. This all works very well and as desired. So far so good.

Now we have defined the following max and min values in the specification:

UserDTO1:
  type: object
  properties:
    ia_subject:
      type: string
      description: Subject of the user.
      example: c2f3fb56-4194-4af6-a007-9fe403a2abeb
      maxLength: 36
      minLength: 36
    email:
      type: string
      example: john.doe@example.com
      maxLength: 255
    firstname:
      type: string
      example: John
      maxLength: 255
    lastname:
      type: string
      example: Doe
      maxLength: 255
    accounts:
      type: array
      items:
        "$ref": "#/components/schemas/AccountDTO1"

This generates the following annotations on the DTO in Java:

...
import javax.validation.constraints.Size;
...
/**
  * Subject of the user.
  * @return iaSubject
*/
@Size(min = 36, max = 36) 
public String getIaSubject() {
  return iaSubject;
}

This also works without any problems. The fields in the body / in the DTOs are validated correctly and Spring returns a generic error. Now I don't want this Spring error, but our own implementation. Spring should not care whether the fields are valid according to the specification or not. I want to switch this off and validate the DTOs myself like with the Hibernate Validator:

...
ValidatorFactory factory = Validation.buildDefaultValidatorFactory();
Validator validator = factory.getValidator();
Set<ConstraintViolation<Object>> validate = validator.validate(dto);
....

The problem now is, I can't disable SpringBoot validation. I found the following questions and properties:

How to disable Hibernate validation in a Spring Boot project

I set:

spring.jpa.properties.javax.persistence.validation.mode=none

in my application.properties but it is still validated and the generic error response from spring remains. (All other settings in application.properties work without problems.)

Actually it is not the JPA validation but a kind of DTO validation.

  • Is my approach a good idea?
  • Is there a better solution?
    • (I don't want to use filters because at this point the body is still a string and has not yet been processed by Jackson).

We found out that we can remove the @Valid annotations in the generated interface. This way, the DTO is no longer validated and Spring no longer returns the generic answer. But we would have to do this with a post-processing script or in bash after generation.

Unfortunately I can't find any good and further information on this.

Can someone point me in the right direction?

Thank you and kind regards.

NeXT405
  • 55
  • 5
  • Spring Boot validation is already doing exactly what you are doig it is using hibernate validator for this. If you want custom messages provide them (based on the message codes that are generated). There is no such thing as Spring Boot validation it just delegates to the Java Validation API (and thus the Hibernate Validation). So effectivly if you could disable it, you would do exactl the same as Spring already does). – M. Deinum May 17 '23 at 13:08
  • Lets break your problem into two parts - One is disabling the javax api validations and the second to run custom validations. Lets try to debug first one and fix it - Could you please check if intended bean/class using the property [spring.jpa.properties.javax.persistence.validation.mode] . I would suggest you to debug it in https://mvnrepository.com/artifact/javax.validation/validation-api . May be open library in javad compiler and do a little postmortem on the library to figure out the exact bean and usage of config you are setting . – Codified May 17 '23 at 13:08
  • M.Deinum; Yes I understand. The validation it self is not the problem. But SpringBoot returns a generic answer if one or more fields are not valid. Our code is not even executed at this point. The response looks like this: [Response](https://gist.github.com/NeXT405/bddb8dafd80eb1803d693928c8d191be#file-response-json) I think we will remove all @Valid annotations from the generated code. This way we can validate it ourselves and implement our own response. The response for validation errors is clearly defined according to company specifications. – NeXT405 May 17 '23 at 13:32
  • 1
    Then write your own exception handler which handles vaidation errors and returns the response you want. What you see is the error translation from the default error handling, replace that with what you need. Don't disable the validation and do everyting in your controller. – M. Deinum May 17 '23 at 13:36

0 Answers0