Spring 没有进入自定义验证器
Spring does not enter custom validator
我添加了 4 个自定义验证器以在我的控制器中进行一些检查。其中 3 个工作,但 ValidObjectIdentity 一个不工作。
这是我的约束-mapping.xml
<constraint-mappings xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://jboss.org/xml/ns/javax/validation/mapping validation-mapping-1.1.xsd"
xmlns="http://jboss.org/xml/ns/javax/validation/mapping" version="1.1">
<bean class="org.springframework.security.acls.domain.AccessControlEntryImpl" ignore-annotations="true">
<field name="sid">
<constraint annotation="javax.validation.constraints.NotNull"/>
<constraint annotation="package.validation.SidExists"/>
<constraint annotation="package.validation.NonMatchingSid"/>
</field>
<field name="acl">
<constraint annotation="javax.validation.constraints.NotNull"/>
</field>
</bean>
<bean class="org.springframework.security.acls.domain.AclImpl">
<field name="objectIdentity">
<constraint annotation="javax.validation.constraints.NotNull"/>
<constraint annotation="package.validation.ValidObjectIdentity"/>
</field>
</bean>
<bean class="package.AccessControlEntryController">
<method name="create">
<parameter type="org.springframework.security.acls.model.AccessControlEntry">
<constraint annotation="package.validation.ValidEntry"/>
</parameter>
</method>
</bean>
</constraint-mappings>
@RestController
@RequestMapping(value = "/acl")
@Validated
public class AccessControlEntryController {
@ResponseBody
@RequestMapping(value = "/entry", method = RequestMethod.POST)
@ResponseStatus(HttpStatus.CREATED)
public AccessControlEntry create(@Valid @RequestBody AccessControlEntry entry){
return aclService.createAccessControlEntry(entry);
}
}
为了参考,我将AccessControlEntryImpl和AclImpl
的结构放在这里
public class AccessControlEntryImpl implements AccessControlEntry, AuditableAccessControlEntry {
private final Acl acl;
private Permission permission;
private final Serializable id;
private final Sid sid;
private boolean auditFailure = false;
private boolean auditSuccess = false;
private final boolean granting;
}
public class AclImpl implements Acl, MutableAcl, AuditableAcl, OwnershipAcl {
private Acl parentAcl;
private transient AclAuthorizationStrategy aclAuthorizationStrategy;
private transient PermissionGrantingStrategy permissionGrantingStrategy;
private final List<AccessControlEntry> aces = new ArrayList<>();
private ObjectIdentity objectIdentity;
private Serializable id;
private Sid owner; // OwnershipAcl
private List<Sid> loadedSids = null;
}
我可以看到工作验证器与 AccessControlEntry 直接相关,但 ObjectIdentity 与 class Acl 相关。即使 AccessControlEntry 本身有 Acl class 它也不会进入验证程序。有没有办法像其他人一样验证 ObjectIdentity?
这里有一个验证器,你想看看
@Target(value = ElementType.FIELD)
@Retention(value = RetentionPolicy.RUNTIME)
@Constraint(validatedBy = ValidObjectIdentityValidator.class)
public @interface ValidObjectIdentity {
String message() default "{package.ValidObjectIdentity.message}";
Class<?>[] groups() default {};
Class<? extends Payload>[] payload() default {};
}
public class ValidObjectIdentityValidator implements ConstraintValidator<ValidObjectIdentity, ObjectIdentity> {
@Override
public boolean isValid(ObjectIdentity identity, ConstraintValidatorContext context) {
// Logic
}
}
我了解到您希望 ValidObjectIdentity 在验证 AccessControlEntryImpl 时触发?
默认情况下不会进行级联验证。您需要 AccessControlEntryImpl.acl 上的 @Valid 注释或相应 XML 映射的 <valid/> 节点:
<field name="acl">
<valid/>
</field>
我添加了 4 个自定义验证器以在我的控制器中进行一些检查。其中 3 个工作,但 ValidObjectIdentity 一个不工作。
这是我的约束-mapping.xml
<constraint-mappings xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://jboss.org/xml/ns/javax/validation/mapping validation-mapping-1.1.xsd"
xmlns="http://jboss.org/xml/ns/javax/validation/mapping" version="1.1">
<bean class="org.springframework.security.acls.domain.AccessControlEntryImpl" ignore-annotations="true">
<field name="sid">
<constraint annotation="javax.validation.constraints.NotNull"/>
<constraint annotation="package.validation.SidExists"/>
<constraint annotation="package.validation.NonMatchingSid"/>
</field>
<field name="acl">
<constraint annotation="javax.validation.constraints.NotNull"/>
</field>
</bean>
<bean class="org.springframework.security.acls.domain.AclImpl">
<field name="objectIdentity">
<constraint annotation="javax.validation.constraints.NotNull"/>
<constraint annotation="package.validation.ValidObjectIdentity"/>
</field>
</bean>
<bean class="package.AccessControlEntryController">
<method name="create">
<parameter type="org.springframework.security.acls.model.AccessControlEntry">
<constraint annotation="package.validation.ValidEntry"/>
</parameter>
</method>
</bean>
</constraint-mappings>
@RestController
@RequestMapping(value = "/acl")
@Validated
public class AccessControlEntryController {
@ResponseBody
@RequestMapping(value = "/entry", method = RequestMethod.POST)
@ResponseStatus(HttpStatus.CREATED)
public AccessControlEntry create(@Valid @RequestBody AccessControlEntry entry){
return aclService.createAccessControlEntry(entry);
}
}
为了参考,我将AccessControlEntryImpl和AclImpl
public class AccessControlEntryImpl implements AccessControlEntry, AuditableAccessControlEntry {
private final Acl acl;
private Permission permission;
private final Serializable id;
private final Sid sid;
private boolean auditFailure = false;
private boolean auditSuccess = false;
private final boolean granting;
}
public class AclImpl implements Acl, MutableAcl, AuditableAcl, OwnershipAcl {
private Acl parentAcl;
private transient AclAuthorizationStrategy aclAuthorizationStrategy;
private transient PermissionGrantingStrategy permissionGrantingStrategy;
private final List<AccessControlEntry> aces = new ArrayList<>();
private ObjectIdentity objectIdentity;
private Serializable id;
private Sid owner; // OwnershipAcl
private List<Sid> loadedSids = null;
}
我可以看到工作验证器与 AccessControlEntry 直接相关,但 ObjectIdentity 与 class Acl 相关。即使 AccessControlEntry 本身有 Acl class 它也不会进入验证程序。有没有办法像其他人一样验证 ObjectIdentity?
这里有一个验证器,你想看看
@Target(value = ElementType.FIELD)
@Retention(value = RetentionPolicy.RUNTIME)
@Constraint(validatedBy = ValidObjectIdentityValidator.class)
public @interface ValidObjectIdentity {
String message() default "{package.ValidObjectIdentity.message}";
Class<?>[] groups() default {};
Class<? extends Payload>[] payload() default {};
}
public class ValidObjectIdentityValidator implements ConstraintValidator<ValidObjectIdentity, ObjectIdentity> {
@Override
public boolean isValid(ObjectIdentity identity, ConstraintValidatorContext context) {
// Logic
}
}
我了解到您希望 ValidObjectIdentity 在验证 AccessControlEntryImpl 时触发?
默认情况下不会进行级联验证。您需要 AccessControlEntryImpl.acl 上的 @Valid 注释或相应 XML 映射的 <valid/> 节点:
<field name="acl">
<valid/>
</field>