How to validate min, max password length before hashing?

Question

I want to validate the password field length before it's hashed.

Model class:

@Entity
@Table(name = "users")
public class UserInfo {

   /* other code */

   @NotBlank(message = "Password is required")
   @Size(min = 6, message = "Password should have min 6 characters")
   private String password;

   /* other code */    
}

Controller file simply calls the service method.

Service class:

@Component
public class UserInfoServiceImpl implements UserInfoService {

@Autowired
private UserInfoRepository userInfoRepository;

public UserInfo register(UserRegisterRequest request) {

    UserInfo user = new UserInfo();
    user.setFirstName(request.getFirstName());
    user.setLastName(request.getLastName());
    user.setEmail(request.getEmail());
    user.setPhone(request.getPhone());
    // Password hashing
    user.setPassword(new BCryptPasswordEncoder().encode(request.getPassword()));
    user.setIsActive(0);
    user.setStatus(1);

    return userInfoRepository.save(user);
  }
}

I suppose the password is validated after it's hashed in this line:

user.setPassword(new BCryptPasswordEncoder().encode(request.getPassword()));

How can I validate this password before hashing and saving?

Any help would be appreciated. Thanks in advance.

Answer 1

You can validate the input of any Spring bean. In order to to this, you use a combination of the @Validated and @Valid annotations, like this:

@Component
@Validated
public class UserInfoServiceImpl implements UserInfoService {

@Autowired
private UserInfoRepository userInfoRepository;

public UserInfo register(@Valid UserRegisterRequest request) {

    UserInfo user = new UserInfo();
    user.setFirstName(request.getFirstName());
    user.setLastName(request.getLastName());
    user.setEmail(request.getEmail());
    user.setPhone(request.getPhone());
    // Password hashing
    user.setPassword(new BCryptPasswordEncoder().encode(request.getPassword()));
    user.setIsActive(0);
    user.setStatus(1);

    return userInfoRepository.save(user);
  }
}

If you want a better control, you can validate programmatically:

@Component
public class UserInfoServiceImpl implements UserInfoService {

@Autowired
private UserInfoRepository userInfoRepository;

public UserInfo register(UserRegisterRequest request) {
    ValidatorFactory factory = Validation.buildDefaultValidatorFactory();
    Validator validator = factory.getValidator();
    Set<ConstraintViolation<UserRegisterRequest> violations = validator.validate(input);
    if (!violations.isEmpty()) {
        // Do something on invalid input;
    }
    UserInfo user = new UserInfo();
    user.setFirstName(request.getFirstName());
    user.setLastName(request.getLastName());
    user.setEmail(request.getEmail());
    user.setPhone(request.getPhone());
    // Password hashing
    user.setPassword(new BCryptPasswordEncoder().encode(request.getPassword()));
    user.setIsActive(0);
    user.setStatus(1);

    return userInfoRepository.save(user);
  }
}

Alternatively, a pre-configured validator instance can be injected like this:

@Autowired
Validator validator;

---

For these to work, you need spring-boot-starter-validation in your Maven/Gradle config file.