Class ValidationUtils
The ValidationUtils
class supports two primary responsibilities:
- Object validation: Validates message payloads using a
Validator
, optionally applying validation groups specified viaValidateWith
annotations. - Authorization enforcement: Performs role-based access checks based on annotations such as
RequiresAnyRole
,ForbidsAnyRole
, andNoUserRequired
declared on classes, methods, or packages.
Validation
Validation is typically executed automatically by the ValidatingInterceptor
before invoking handler methods.
The default validator implementation is loaded via ServiceLoader
(e.g. Jsr380Validator
).
Methods like assertValid(Object, Class[])
and checkValidity(Object, Validator, Class[])
support recursive validation of collections and custom validation groups.
Authorization
The class also performs role-based security checks. Handler methods or message payloads can declare required roles,
which are evaluated against the current User
. If authorization fails, the utility throws either
UnauthenticatedException
or UnauthorizedException
.
Examples
ValidationUtils.assertValid(payload); // Validate a single object
boolean isValid = ValidationUtils.isValid(payload, MyGroup.class); // Validate with a group
User user = ...;
ValidationUtils.assertAuthorized(MyCommand.class, user); // Authorization check
- See Also:
-
Nested Class Summary
Nested Classes -
Field Summary
Fields -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionstatic boolean
assertAuthorized
(Class<?> payloadType, User user) Verifies whether the given user is authorized to issue the given payload, based on roles declared via annotations on the payload's class or package.static boolean
assertAuthorized
(Class<?> target, Executable method, User user) Checks if the given user is authorized to invoke the given method on the given target.protected static boolean
assertAuthorized
(String action, User user, ValidationUtils.RequiredRole[] requiredRoles) static void
assertValid
(Object object, Validator validator, Class<?>... groups) Asserts that the object is valid using the givenValidator
and validation groups.static void
assertValid
(Object object, Class<?>... groups) Asserts that the given object is valid, using the defaultValidator
.static Optional
<ValidationException> checkValidity
(Object object, Validator validator, Class<?>... groups) Checks whether the provided object is valid using the givenValidator
and validation groups.static Optional
<ValidationException> checkValidity
(Object object, Class<?>... groups) Checks whether the provided object is valid, using the defaultValidator
and validation groups.protected static ValidationUtils.RequiredRole[]
getRequiredRoles
(Collection<? extends Annotation> annotations) static boolean
ignoreSilently
(Class<?> payloadType, User user) Determines whether a particular operation on a payload type should be ignored without raising an exception.static boolean
ignoreSilently
(Class<?> target, Executable method, User user) Determines whether a specific method invocation on a target class by a given user should be ignored without raising an exception, based on the user's authorization.static boolean
Returnstrue
if the object is valid, using the givenValidator
and validation groups.static boolean
Returnstrue
if the given object is valid using the defaultValidator
and validation groups.
-
Field Details
-
defaultValidator
Returns the defaultValidator
used for message validation.This is resolved via Java's
ServiceLoader
mechanism. If no customValidator
is found, a default JSR 380 (Bean Validation) implementation is used.
-
-
Constructor Details
-
ValidationUtils
public ValidationUtils()
-
-
Method Details
-
checkValidity
Checks whether the provided object is valid, using the defaultValidator
and validation groups.- Parameters:
object
- the object to validategroups
- optional validation groups- Returns:
- an
Optional
containing aValidationException
if validation fails, or empty if valid
-
isValid
Returnstrue
if the given object is valid using the defaultValidator
and validation groups.- Parameters:
object
- the object to validategroups
- optional validation groups- Returns:
true
if valid,false
otherwise
-
assertValid
Asserts that the given object is valid, using the defaultValidator
.Throws a
ValidationException
if the object fails validation.- Parameters:
object
- the object to validategroups
- optional validation groups- Throws:
ValidationException
- if validation fails
-
checkValidity
public static Optional<ValidationException> checkValidity(Object object, Validator validator, Class<?>... groups) Checks whether the provided object is valid using the givenValidator
and validation groups.- Parameters:
object
- the object to validatevalidator
- the validator to usegroups
- optional validation groups- Returns:
- an
Optional
containing aValidationException
if invalid, or empty if valid
-
isValid
Returnstrue
if the object is valid, using the givenValidator
and validation groups.- Parameters:
object
- the object to validatevalidator
- the validator to usegroups
- optional validation groups- Returns:
true
if valid,false
otherwise
-
assertValid
Asserts that the object is valid using the givenValidator
and validation groups.Throws a
ValidationException
if validation fails.- Parameters:
object
- the object to validatevalidator
- the validator to usegroups
- optional validation groups- Throws:
ValidationException
- if validation fails
-
assertAuthorized
public static boolean assertAuthorized(Class<?> payloadType, @Nullable User user) throws UnauthenticatedException, UnauthorizedException Verifies whether the given user is authorized to issue the given payload, based on roles declared via annotations on the payload's class or package.Returns
true
if the user is authorized.If the user is not authorized, either
false
is returned or an exception is thrown. Which happens depends on the detected annotation.- Parameters:
payloadType
- the class of the payloaduser
- the authenticated user (may be null)- Returns:
true
if authorized,false
if authorization should fail quietly- Throws:
UnauthenticatedException
- if authentication is required but the user isnull
UnauthorizedException
- if the user lacks required roles
-
ignoreSilently
Determines whether a particular operation on a payload type should be ignored without raising an exception.Note: If the user is not authorized and an error occurs during the authorization check, the error is caught silently, and the method invocation is allowed to proceed.
- Parameters:
payloadType
- the class of the payload to be evaluateduser
- the user whose authorization is being evaluated; may be null for unauthenticated access- Returns:
true
if the operation should be ignored silently,false
otherwise
-
assertAuthorized
Checks if the given user is authorized to invoke the given method on the given target.Returns
true
if the user is authorized.If the user is not authorized, either
false
is returned or an exception is thrown. Which happens depends on the detected annotation.Role requirements may be defined via annotations on the method, class, or package.
- Parameters:
target
- the class declaring the methodmethod
- the method to checkuser
- the user to check- Returns:
true
if authorized,false
if authorization should fail quietly- Throws:
UnauthenticatedException
- if authentication is required but the user isnull
UnauthorizedException
- if the user lacks required roles
-
ignoreSilently
Determines whether a specific method invocation on a target class by a given user should be ignored without raising an exception, based on the user's authorization.Note: If the user is not authorized and an error occurs during the authorization check, the error is caught silently, and the method invocation is allowed to proceed.
- Parameters:
target
- the class declaring the method to be checkedmethod
- the executable method to be checkeduser
- the user whose authorization is being evaluated- Returns:
true
if the method invocation should be ignored without raising an exception,false
otherwise
-
assertAuthorized
protected static boolean assertAuthorized(String action, @Nullable User user, ValidationUtils.RequiredRole[] requiredRoles) -
getRequiredRoles
protected static ValidationUtils.RequiredRole[] getRequiredRoles(Collection<? extends Annotation> annotations)
-