我在我的应用程序中使用 cookie (request.getCookies) 来验证验证码。
我想为这个验证码验证创建一个 ConstraintValidator,因此它与其他 bean 的属性一起被验证 - 正如 JSR-303 Bean Validation 所指定的那样。
有没有办法在 ConstraintValidator 中检索 HttpServletRequest?
最佳答案
假设(由于存在标签)您使用的是 Spring,最新版本 (>=2.5.1),这应该很简单
package org.yourapp.controller.validation;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.context.support.SpringBeanAutowiringSupport;
import javax.servlet.http.HttpServletRequest;
import javax.validation.ConstraintValidator;
import javax.validation.ConstraintValidatorContext;
public class YourValidator implements ConstraintValidator<YourValidatorAnnotaion, String> {
// here should be autowired a proxy to currently undergoing request
@Autowired
private HttpServletRequest request;
@Override
public void initialize(YourValidatorAnnotaion constraintAnnotation) {
// this should autowire all dependencies of this class using
// current application context
SpringBeanAutowiringSupport.processInjectionBasedOnCurrentContext(this);
}
@Override
public boolean isValid(String value, ConstraintValidatorContext context) {
// here goes your custom logic for validation, like matching
// captcha challenge to captcha response, but i am not doing
// this for you, as i don't know what it supposed to be, so
// i simply test presence of cookies.
return request.getCookies().length > 0;
}
}
为了完整起见,这里有一个示例 @YourValidatorAnnotaion 实现:
package org.yourapp.controller.validation;
import javax.validation.Constraint;
import javax.validation.Payload;
import java.lang.annotation.Retention;
import java.lang.annotation.Target;
import static java.lang.annotation.ElementType.*;
import static java.lang.annotation.RetentionPolicy.RUNTIME;
@Constraint(validatedBy = YourValidator.class)
@Target({ METHOD, FIELD, ANNOTATION_TYPE, CONSTRUCTOR, PARAMETER })
@Retention(RUNTIME)
public @interface YourValidatorAnnotaion {
String message() default "No cookies - no validation";
Class<?>[] groups() default {};
Class<? extends Payload>[] payload() default {};
}
就是这样。现在,如果您使用 @YourValidatorAnnotaion 注释您的 DTO 字段,只要在请求 header 中没有 cookie 的情况下调用具有此类 @Valid @RequestBody 参数的 Controller ,您应该会收到错误消息。
关于java - 在 JSR-303 Bean 验证中获取 HttpServletRequest,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/28950142/