Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

javax.validation.constraints.Email matching invalid email address

I have a User entity having email property annotated with @Email

@Email
private String email;

I am using @Valid (javax.validation.Valid) annotation on my Controller class. The issue is that the controller validator is passing the invalid emails. Example:
pusp@1 - obviously this is an invalid email address
pusp@fake
The pattern I noticed is, the @Email only want sometext@text, it don't care for the extensions(.com/org etc). Is it the expected behaviour? Do I need to pass my own regex implementation for @Email(regex="")

like image 949
Puspender Avatar asked May 25 '18 18:05

Puspender


People also ask

What annotation should you use if you want validate proper email address in a field?

I'm using the @Email annotation to validate an e-mail address. The issue I'm having is that it's accepting things like ask@stackoverflow as a valid e-mail address.

How do you check the email ID is valid or not in Java?

Given a string, find if the given string is a valid email or not. Input : email = "[email protected]" Output : Yes Input : email = "contribute@geeksforgeeks.. org" Output : No Explanation : There is an extra dot(.)


1 Answers

A email without . may be considered as valid according to the validators.
In a general way, validator implementations (here it is probably the Hibernate Validator) are not very restrictive about emails.
For example the org.hibernate.validator.internal.constraintvalidators.AbstractEmailValidator javadoc states :

The specification of a valid email can be found in RFC 2822 and one can come up with a regular expression matching all valid email addresses as per specification. However, as this article discusses it is not necessarily practical to implement a 100% compliant email validator. This implementation is a trade-off trying to match most email while ignoring for example emails with double quotes or comments.

And as a side note, I noticed similarly things with HTML Validator for emails.

So I think that the behavior that you encounter actually is which one expected.
And about your question :

Do I need to pass my own regex implementation for @Email(regex="")

Indeed. You don't have any other choice if you want to make the validation more restrictive.
As alternative, this answer creating its own validator via a constraints composition is really interesting as it is DRY (you can reuse your custom ConstraintValidator without specified at each time the pattern as it will be included in) and it reuses the "good part" of the @Email ConstraintValidator :

@Email(message="Please provide a valid email address")
@Pattern(regexp=".+@.+\\..+", message="Please provide a valid email address")
@Target( { METHOD, FIELD, ANNOTATION_TYPE })
@Retention(RUNTIME)
@Constraint(validatedBy = {})
@Documented
public @interface ExtendedEmailValidator {
    String message() default "Please provide a valid email address";
    Class<?>[] groups() default {};
    Class<? extends Payload>[] payload() default {};
}
like image 111
davidxxx Avatar answered Oct 04 '22 04:10

davidxxx