介绍
前端请求后端接口传输参数,是在controller中校验还是在Service中校验?
答案是都需要校验,只是分工不同。
Contoller中校验请求参数的合法性,包括:必填项校验,数据格式校验,比如:是否是符合一定的日期格式,等。
Service中要校验的是业务规则相关的内容,比如:课程已经审核通过所以提交失败。
Service中根据业务规则去校验不方便写成通用代码,Controller中则可以将校验的代码写成通用代码。
早在JavaEE6规范中就定义了参数校验的规范,它就是JSR-303,它定义了Bean Validation,即对bean属性进行校验。
SpringBoot提供了JSR-303的支持,它就是spring-boot-starter-validation,它的底层使用Hibernate Validator,Hibernate Validator是Bean Validation 的参考实现。
依赖
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-validation</artifactId>
</dependency>
注解校验
在javax.validation.constraints包下有很多这样的校验注解,直接使用注解定义校验规则即可。
例:
@Data
@ApiModel(value="AddCourseDto", description="新增课程基本信息")
public class AddCourseDto {
@NotEmpty(message = "课程名称不能为空")
@ApiModelProperty(value = "课程名称", required = true)
private String name;
@NotEmpty(message = "适用人群不能为空")
@Size(message = "适用人群内容过少",min = 10)
@ApiModelProperty(value = "适用人群", required = true)
private String users;
@ApiModelProperty(value = "课程标签")
private String tags;
@NotEmpty(message = "课程分类不能为空")
@ApiModelProperty(value = "大分类", required = true)
private String mt;
@NotEmpty(message = "课程分类不能为空")
@ApiModelProperty(value = "小分类", required = true)
private String st;
@NotEmpty(message = "课程等级不能为空")
@ApiModelProperty(value = "课程等级", required = true)
private String grade;
@ApiModelProperty(value = "教学模式(普通,录播,直播等)", required = true)
private String teachmode;
@ApiModelProperty(value = "课程介绍")
private String description;
@ApiModelProperty(value = "课程图片", required = true)
private String pic;
@NotEmpty(message = "收费规则不能为空")
@ApiModelProperty(value = "收费规则,对应数据字典", required = true)
private String charge;
@ApiModelProperty(value = "价格")
private Float price;
@ApiModelProperty(value = "原价")
private Float originalPrice;
@ApiModelProperty(value = "qq")
private String qq;
@ApiModelProperty(value = "微信")
private String wechat;
@ApiModelProperty(value = "电话")
private String phone;
@ApiModelProperty(value = "有效期")
private Integer validDays;
}
开启校验
定义好校验规则还需要开启校验,在controller方法中添加@Validated注解,
@ApiOperation("新增课程基础信息")
@PostMapping("/course")
public CourseBaseDto createCourseBase(@RequestBody @Validated AddCourseDto addCourseDto){
//todo,机构id未完善
CourseBaseDto courseBaseDto = courseBaseService.createCourseBase(2L, addCourseDto);
return courseBaseDto;
}
检验失败的异常处理
如果校验出错Spring会抛出MethodArgumentNotValidException异常
我们可以在全局异常处理器中拦截这个异常。
@ResponseBody
@ExceptionHandler(MethodArgumentNotValidException.class)
@ResponseStatus(HttpStatus.INTERNAL_SERVER_ERROR)
public RestErrorResponse methodArgumentNotValidException(MethodArgumentNotValidException e) {
//获取jsr303框架抛出的异常信息
BindingResult bindingResult = e.getBindingResult();
//准备一个字符串List,将异常信息进行存储
List<String> msgList = new ArrayList<>();
//注意获取出来的异常信息不止一个,获取得到的是一个list
List<FieldError> fieldErrors = bindingResult.getFieldErrors();
//使用stream流进行遍历
fieldErrors.stream().forEach(item->{
msgList.add(item.getDefaultMessage());
});
//拼接错误信息
String msg = StringUtils.join(msgList, ",");
log.error("【系统异常】{}",msg);
return new RestErrorResponse(msg);
}
分组校验
在模型类上加校验规则时,有一个问题在不同的接口中如果使用同一个模型类来接收参数,且接口的业务校验规则也不同,那么直接在模型类上加上校验规则是不是就出现问题了。
解决方式:
可以定义一个分组类,在该类中定义几个组
/**
* 校验分组
*/
public class ValidationGroups {
public interface Insert{};
public interface Update{};
public interface Delete{};
}
在添加校验规则时 加上校验规则的组别
@Data
@ApiModel(value="AddCourseDto", description="新增课程基本信息")
public class AddCourseDto {
@NotEmpty(groups = {ValidationGroups.Insert.class},message = "课程名称不能为空")
@ApiModelProperty(value = "课程名称", required = true)
private String name;
@NotEmpty(groups = {ValidationGroups.Insert.class},message = "适用人群不能为空")
@Size(groups = {ValidationGroups.Insert.class},message = "适用人群内容过少",min = 10)
@ApiModelProperty(value = "适用人群", required = true)
private String users;
@ApiModelProperty(value = "课程标签")
private String tags;
@NotEmpty(groups = {ValidationGroups.Insert.class},message = "课程分类不能为空")
@ApiModelProperty(value = "大分类", required = true)
private String mt;
@NotEmpty(groups = {ValidationGroups.Insert.class},message = "课程分类不能为空")
@ApiModelProperty(value = "小分类", required = true)
private String st;
@NotEmpty(groups = {ValidationGroups.Insert.class},message = "课程等级不能为空")
@ApiModelProperty(value = "课程等级", required = true)
private String grade;
@ApiModelProperty(value = "教学模式(普通,录播,直播等)", required = true)
private String teachmode;
@ApiModelProperty(value = "课程介绍")
private String description;
@ApiModelProperty(value = "课程图片", required = true)
private String pic;
@NotEmpty(groups = {ValidationGroups.Insert.class},message = "收费规则不能为空")
@ApiModelProperty(value = "收费规则,对应数据字典", required = true)
private String charge;
@ApiModelProperty(value = "价格")
private Float price;
@ApiModelProperty(value = "原价")
private Float originalPrice;
@ApiModelProperty(value = "qq")
private String qq;
@ApiModelProperty(value = "微信")
private String wechat;
@ApiModelProperty(value = "电话")
private String phone;
@ApiModelProperty(value = "有效期")
private Integer validDays;
}
最终在对应的接口上标明组别
@ApiOperation("新增课程基础信息")
@PostMapping("/course")
public CourseBaseDto createCourseBase(@RequestBody @Validated({ValidationGroups.Insert.class}) AddCourseDto addCourseDto){
//todo,机构id未完善
CourseBaseDto courseBaseDto = courseBaseService.createCourseBase(2L, addCourseDto);
return courseBaseDto;
}
校验规则不满足?
如果javax.validation.constraints包下的校验规则满足不了需求怎么办?
1、手写校验代码 。
2、自定义校验规则注解。