我们在做Form表单提交的时候,只在前端做数据校验是不够安全的,所以有时候我们需要在后端同样做数据的校验。此处使用Valid接口的实现类做数据校验。
需要注意的是:@Valid要紧挨着JavaBean,要不然不会生效的。
完整示例代码:
maven:
<!--Valid校验-->
<dependency>
<groupId>javax.validation</groupId>
<artifactId>validation-api</artifactId>
<version>1.1.0.Final</version>
</dependency>
<dependency>
<groupId>org.apache.bval</groupId>
<artifactId>bval-jsr303</artifactId>
<version>0.5</version>
</dependency>
Validator校验:
import com.ytx.common.RegexUtils;
import com.ytx.inlife.buyer.address.Address;
import org.springframework.validation.Errors;
import org.springframework.validation.ValidationUtils;
import org.springframework.validation.Validator;
/**
* 新建收货地址校验器
*
* @author
**/
public class AddressRequestValidator implements Validator {
@Override
public boolean supports(Class<?> clazz) {
return Address.class.equals(clazz);
}
@Override
public void validate(Object target, Errors errors) {
ValidationUtils.rejectIfEmpty(errors, "provinceCode", null, "provinceCode 省份编码不能为空");
ValidationUtils.rejectIfEmpty(errors, "cityCode", null, "cityCode 城市编码不能为空");
ValidationUtils.rejectIfEmpty(errors, "areaCode", null, "areaCode 地区编码不能为空");
ValidationUtils.rejectIfEmpty(errors, "address", null,"address 地址不能为空");
ValidationUtils.rejectIfEmpty(errors, "doorNumber", null,"doorNumber 门牌号不能为空");
ValidationUtils.rejectIfEmpty(errors, "longitude", null,"longitude 经度不能为空");
ValidationUtils.rejectIfEmpty(errors, "latitude", null,"latitude 纬度不能为空");
ValidationUtils.rejectIfEmpty(errors, "consignee",null, "consignee 收货人姓名不能为空");
ValidationUtils.rejectIfEmpty(errors, "mobile", null,"mobile 手机号不能为空");
Address address = (Address) target;
if (!RegexUtils.checkMySqlDefaultSupportCharacter(address.getAddress())) {
errors.rejectValue("address",null,"地址存在非法字符,请重新输入");
}
if (address.getConsignee().length() > 20) {
errors.rejectValue("consignee",null, "收货人姓名过长,请重新输入");
}
if (!RegexUtils.checkMobile(address.getMobile())) {
errors.rejectValue("mobile", null, "非法手机号码,请重新输入");
}
}
}
controller层--->绑定校验:
@InitBinder
fun initBinder(binder: WebDataBinder) {
binder.addValidators(AddressRequestValidator())
}
mapping映射:
/**
* 保存 或者修改 买家收货地址
* @param account 用户信息
* @param address 地址信息
* @param isDefault 是否设为默认地址
*
* @return 结果集
*/
@PostMapping(value = ["/save"])
@ApiMethod(id = "save", summary = "save", description = "用户新建收货地址")
fun save(@AuthenticationPrincipal account: Account,
@ApiQueryParam(name = "address", description = "地址对象") @RequestBody @Valid address: Address,
bindingResult: BindingResult,
@ApiQueryParam(name = "isDefault", description = "是否设为默认地址", required = false) @RequestParam(value = "isDefault", required = false)
isDefault: Boolean?): YTXResponse {
val result = YTXResponse.success()
//校验
for (objectError in bindingResult.allErrors) {
//result.message = objectError.getDefaultMessage()
result.message = objectError.defaultMessage
result.success = YTXResponse.SuccessFlag.FALSE.toString()
return result
}
if (address.id != null) {
val oldAddress = addressManager.findOne(address.id!!)
if (oldAddress != null && oldAddress.accountId != account.id) {
logger.error(mobileErrors.message("Y12282-004"))
result.message = "用户验证失败"
result.success = YTXResponse.SuccessFlag.FALSE.toString()
return result
}
}
....