使用 JSR 303 处理空值的 Spring MVC 控制器中的验证问题

Question

我对 Spring MVC 有如下问题：我使用 JSR 303 验证来确保 bean 的属性（请参阅下面的 PasswordInfo）既不为空也不为 null。

我也在检查业务逻辑规则，即两个密码是否相同。

问题在于，如果字符串字段（currentPassword 和 newPassword）之一为空，控制器仍会将其传递给服务层以检查业务逻辑规则，当然会引发 IllegalArgumentException ！

这是PasswordInfo bean：

@RooEquals
@RooJavaBean
public class PasswordInfo {

    @NotNull(groups = { ValidationGroups.PasswordModification.class })
    @NotEmpty(groups = { ValidationGroups.PasswordModification.class })
    private String currentPassword;

    @NotNull(groups = { ValidationGroups.PasswordModification.class, ValidationGroups.PasswordReset.class })
    @NotEmpty(groups = { ValidationGroups.PasswordModification.class, ValidationGroups.PasswordReset.class })       
    @Size(min = 6, groups = { ValidationGroups.PasswordModification.class, ValidationGroups.PasswordReset.class })
    private String newPassword;
...

这里是相关的控制器方法：

@RequestMapping(value = "/preference/password", method = RequestMethod.POST, produces = "text/html")
    public String modifyPassword(@ModelAttribute @Validated({ ValidationGroups.PasswordModification.class }) PasswordInfo passwordInfo,
            BindingResult bindingResult, Model model, @CurrentMember Member member) {
        if (!preferenceService.passwordsMatch(member.getPassword(), passwordInfo.getCurrentPassword())) {
            bindingResult.rejectValue("currentPassword", "controller.preference.wrong_current_password");
        }

        if (bindingResult.hasErrors()) {
            model.addAttribute("passwordInfo", passwordInfo);
            return "preference/password";
        }

        preferenceService.modifyPassword(member, passwordInfo.getNewPassword());
        return "redirect:/preference/password";
    }

下面是相关的服务层方法：

@Override
    public boolean passwordsMatch(String encrypted, String plain) {
        if (encrypted == null || encrypted.isEmpty() || plain == null || plain.isEmpty()) {
            throw new IllegalArgumentException("One argument is null or empty");
        }
        return passwordEncoder.matches(plain, encrypted);
    }

我担心的是避免放置另一个 bindingResults.hasErrors 块，例如：

if (bindingResult.hasErrors()) {
        model.addAttribute("passwordInfo", passwordInfo);
        return "preference/password";
    }

...在业务逻辑检查之前为了避免重复自己...

谁能提出一个干净的解决方案来解决这个问题？

Answer 1

这里的问题是，由于您提供了BindingResult 作为参数，Spring MVC 期望您在控制器方法中处理您的验证问题。它不会直接拒绝请求（即阻止调用您的控制器方法并引发异常。）您可能只需要重组您的方法以获得所需的结果：

@RequestMapping(value = "/preference/password", method = RequestMethod.POST, produces = "text/html")
public String modifyPassword(@ModelAttribute @Validated({ ValidationGroups.PasswordModification.class }) PasswordInfo passwordInfo,
                             BindingResult bindingResult, Model model, @CurrentMember Member member) {
    String view = "preference/password";
    if (!bindingResult.hasErrors()) {
        if (preferenceService.passwordsMatch(member.getPassword(), passwordInfo.getCurrentPassword())) {
            preferenceService.modifyPassword(member, passwordInfo.getNewPassword());
            view = "redirect:/preference/password";
        } else {
            bindingResult.rejectValue("currentPassword", "controller.preference.wrong_current_password");
        }
    }
    // NOTE: I have removed the call to model.addAttribute("passwordInfo", passwordInfo) because it should already exist in the model, no?
    return view;
}

Answer 2

我没有遵循您的整个示例，老实说，我不完全理解您的问题，但我想知道的一件事是您为什么不使用 Bean Validation 以及密码匹配约束？您可以为 PasswordInfo 编写自定义类约束。