Open jaggaer-c-adepasca opened 5 months ago
Sorry for the delay here, These are good points, IIRC there were some earlier non-compliant SCIM servers (from a large player or two) that were not fully spec compliant, I could be miss remembering that though.
Either way, this is something that should be handled in SCIMple
I've been kicking a few things around in the back of my head related to this for a while. The big one was validation via Jakarta Validation.
There are a few annotations present on some of the resources, but it's minimal.
My thought was we should be able to process validations based on the @ScimAttribute
annotation.
This is possible, but it's probably overkill... There were a few options:
Mix concerns/implementations, and turn @ScimAttribute
into a valid Jakarta validation annotation.
This added additional fields to the annotation, which I didn't think belonged there, it increased the complexity of that annotation, and I think it makes it more difficult for a user.
Define Validation in XML
I created an Annotation processor that created a constraints XML file that configures the basic @NotNull
and @Size(min=1)
annotations.
Usage wise, this is probably the cleanest, we could make it just work.
The downside is, this would a bunch of code for probably little value. ~1000 loc (with my poorly tested prototype) All that to save us (and any custom extensions) from needing to add a couple of extra annotations
Add more Jakarta Validation Annotations
We could add the few missing Jakarta Validation annotations, e.g. anywhere @ScimAttribute(required = true, ...)
The real question I should ask... Does anyone truly need support for Jakarta Validation? If so how complex, does your support need to be?
I'm trying scim-server-spring-boot example and everything is working fine. But i noticed that SCIMple library doesn't do any kind of validation on JSON request provided. For example If i create user using below JSON request naming userName__ field instead of userName (by standard User standard Schema the correct name to be userName) i get 201 created instead of 400 bad request. The same result if i remove userName field although it is mandatory. Why? Is there something I'm not configuring well or that needs to be implemented by me? Please let me know.
Thanks