In which tier should the validation be in a Spring Boot Rest API. I have some models, endpoints and DTOs. I added some @NotNull
and @Size
annotations in the DTO. I added the @Valid
annotation in the endpoint along with the @RequestParam
annotation.
But now I'm wondering if I should put validation in the @Entity
classes as well? I feel like it would be a duplication of code. But I read that a tier should never rely on another one.
Simple Spring MVC Validation If our REST API is using @RequestParam or @PathVaraible, Spring provides out of the box support for validating it. Here is a simple use case for validating REST data using Spring This is the simplest validation provided by Spring MVC. It will validate incoming request.
Let's see how to validate a request. Step 1: Open the UserResource.java file. Step 2: Add @Valid annotation. It is a Javax validation API. Its default classpath is spring-boot-starter-web.
And you should validate the DTOs. The difference lies in what happens when invalid data is encountered. If invalid data is passed to an Entity's methods, or you try to initialize a new entity with invalid state, the Entity itself should throw exceptions.
It is important to validate incoming data in the REST web services that can cause trouble in the business process or logic. Read our previous article, for understanding basics of building REST API using Spring. When building REST API, we expect RESTful service to have a certain structure or format.
It's ironic how many people truly believe that validation should be something we partake upon in our controllers or the value objects which they exchange with business code and at no other place should there be concern for state validation.
We should always strive to perform validation at multiple stages of any application.
Consider for the moment a controller that accepts a value object that you intend to use to change a business entity in some service and that value object contains only a subset of fields that you intend to manipulate in a larger entity. You validate the value object in your presentation tier and pass that to your service which fetches the entity, takes the values from the value object and sets them on the appropriate entity. Perhaps that service method manipulates other fields too.
What guarantee do we have that the state of that entity is valid?
While we validated the value object was valid, we only validated those inputs within the context of the subset of fields which were supplied. We didn't validate that those values in conjunction with the other existing state of the entity were still valid.
It's also important to try and guard against developer mistakes too. Test cases only get you so far and we all can agree we don't validate the validity of every combination of values in our tests. We often target very specific cases and scenarios and draw conclusions from there.
By applying validation not only to our presentation value objects but to our entities, you not only allow your test cases to focus on broad feature validation but you guarantee that your data store state is never compromised by the application.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With