java.lang.Object
io.fluxcapacitor.javaclient.tracking.handling.validation.ValidationUtils

public class ValidationUtils extends Object
Utility class providing common validation and authorization routines for message payloads such as commands, queries, and web requests.

The ValidationUtils class supports two primary responsibilities:

  1. Object validation: Validates message payloads using a Validator, optionally applying validation groups specified via ValidateWith annotations.
  2. Authorization enforcement: Performs role-based access checks based on annotations such as RequiresAnyRole, ForbidsAnyRole, and NoUserRequired declared on classes, methods, or packages.

Validation

Validation is typically executed automatically by the ValidatingInterceptor before invoking handler methods. The default validator implementation is loaded via ServiceLoader (e.g. Jsr380Validator).

Methods like assertValid(Object, Class[]) and checkValidity(Object, Validator, Class[]) support recursive validation of collections and custom validation groups.

Authorization

The class also performs role-based security checks. Handler methods or message payloads can declare required roles, which are evaluated against the current User. If authorization fails, the utility throws either UnauthenticatedException or UnauthorizedException.

Examples


 ValidationUtils.assertValid(payload); // Validate a single object
 boolean isValid = ValidationUtils.isValid(payload, MyGroup.class); // Validate with a group

 User user = ...;
 ValidationUtils.assertAuthorized(MyCommand.class, user); // Authorization check
 
See Also:
  • Field Details

    • defaultValidator

      public static final Validator defaultValidator
      Returns the default Validator used for message validation.

      This is resolved via Java's ServiceLoader mechanism. If no custom Validator is found, a default JSR 380 (Bean Validation) implementation is used.

  • Constructor Details

    • ValidationUtils

      public ValidationUtils()
  • Method Details

    • checkValidity

      public static Optional<ValidationException> checkValidity(Object object, Class<?>... groups)
      Checks whether the provided object is valid, using the default Validator and validation groups.
      Parameters:
      object - the object to validate
      groups - optional validation groups
      Returns:
      an Optional containing a ValidationException if validation fails, or empty if valid
    • isValid

      public static boolean isValid(Object object, Class<?>... groups)
      Returns true if the given object is valid using the default Validator and validation groups.
      Parameters:
      object - the object to validate
      groups - optional validation groups
      Returns:
      true if valid, false otherwise
    • assertValid

      public static void assertValid(Object object, Class<?>... groups)
      Asserts that the given object is valid, using the default Validator.

      Throws a ValidationException if the object fails validation.

      Parameters:
      object - the object to validate
      groups - optional validation groups
      Throws:
      ValidationException - if validation fails
    • checkValidity

      public static Optional<ValidationException> checkValidity(Object object, Validator validator, Class<?>... groups)
      Checks whether the provided object is valid using the given Validator and validation groups.
      Parameters:
      object - the object to validate
      validator - the validator to use
      groups - optional validation groups
      Returns:
      an Optional containing a ValidationException if invalid, or empty if valid
    • isValid

      public static boolean isValid(Object object, Validator validator, Class<?>... groups)
      Returns true if the object is valid, using the given Validator and validation groups.
      Parameters:
      object - the object to validate
      validator - the validator to use
      groups - optional validation groups
      Returns:
      true if valid, false otherwise
    • assertValid

      public static void assertValid(Object object, Validator validator, Class<?>... groups)
      Asserts that the object is valid using the given Validator and validation groups.

      Throws a ValidationException if validation fails.

      Parameters:
      object - the object to validate
      validator - the validator to use
      groups - optional validation groups
      Throws:
      ValidationException - if validation fails
    • assertAuthorized

      public static boolean assertAuthorized(Class<?> payloadType, @Nullable User user) throws UnauthenticatedException, UnauthorizedException
      Verifies whether the given user is authorized to issue the given payload, based on roles declared via annotations on the payload's class or package.

      Returns true if the user is authorized.

      If the user is not authorized, either false is returned or an exception is thrown. Which happens depends on the detected annotation.

      Parameters:
      payloadType - the class of the payload
      user - the authenticated user (may be null)
      Returns:
      true if authorized, false if authorization should fail quietly
      Throws:
      UnauthenticatedException - if authentication is required but the user is null
      UnauthorizedException - if the user lacks required roles
    • ignoreSilently

      public static boolean ignoreSilently(Class<?> payloadType, @Nullable User user)
      Determines whether a particular operation on a payload type should be ignored without raising an exception.

      Note: If the user is not authorized and an error occurs during the authorization check, the error is caught silently, and the method invocation is allowed to proceed.

      Parameters:
      payloadType - the class of the payload to be evaluated
      user - the user whose authorization is being evaluated; may be null for unauthenticated access
      Returns:
      true if the operation should be ignored silently, false otherwise
    • assertAuthorized

      public static boolean assertAuthorized(Class<?> target, Executable method, @Nullable User user)
      Checks if the given user is authorized to invoke the given method on the given target.

      Returns true if the user is authorized.

      If the user is not authorized, either false is returned or an exception is thrown. Which happens depends on the detected annotation.

      Role requirements may be defined via annotations on the method, class, or package.

      Parameters:
      target - the class declaring the method
      method - the method to check
      user - the user to check
      Returns:
      true if authorized, false if authorization should fail quietly
      Throws:
      UnauthenticatedException - if authentication is required but the user is null
      UnauthorizedException - if the user lacks required roles
    • ignoreSilently

      public static boolean ignoreSilently(Class<?> target, Executable method, @Nullable User user)
      Determines whether a specific method invocation on a target class by a given user should be ignored without raising an exception, based on the user's authorization.

      Note: If the user is not authorized and an error occurs during the authorization check, the error is caught silently, and the method invocation is allowed to proceed.

      Parameters:
      target - the class declaring the method to be checked
      method - the executable method to be checked
      user - the user whose authorization is being evaluated
      Returns:
      true if the method invocation should be ignored without raising an exception, false otherwise
    • assertAuthorized

      protected static boolean assertAuthorized(String action, @Nullable User user, ValidationUtils.RequiredRole[] requiredRoles)
    • getRequiredRoles

      protected static ValidationUtils.RequiredRole[] getRequiredRoles(Collection<? extends Annotation> annotations)