Add example of json input validation with meaningful error response

[mdhtr]

Required field validation + list all missing fields is response

[mdhtr]

This issue consists of two parts, the first part is to validate the input and throw an exception with validation results, the second is to catch that exception, and return it in a good format.

For the first part, there is several ways to do validation, I will elaborate in separate comments below.

For the second part, the Problem Details spec can come in handy: https://tools.ietf.org/html/rfc7807

Some references:

• A list of all Jackson Annotations
  • Examples
• A list of all configuration option for Jackson deserialization
• A request to add more basic field validations to Jackson (denied)
• A Stackoverflow question about Jackson bean validation
• Javax validation basics tutorial
• Hibernate Validator reference
  • Using validations
  • Bootstrapping
• Problem Details for HTTP APIs: Proposed standard
• An article about validation mentioning the separation between data and business rules validation
• A Stackoverflow question about running something immediately after the JSON mapping is done
• A library that is supposed to do validation during deserialization, but I couldn't make it work

[mdhtr]

Option A: custom setter

Tl;dr:

• custom exception class
• custom setters in the bean

Pros:

• no new dependencies
• easy to integrate if you already have setters

Cons:

• returns errors one by one as they are found

• need to have setter methods in the bean

  How-to:

  1. Write a custom setter for the field you want to validate and validate the data in it before setting the field.
  2. If the data is invalid, throw a custom exception that is capable of containing the validation results (eg. field name, allowed values, provided value, etc) in a way that it will be easy to extract in the exceptionmapper

[mdhtr]

Option B: custom deserializer

Tl;dr:

• custom exception class
• custom json deserializer

Pros:

• no new dependencies
• possibility to return all errors in a single response

Cons:

• you practically have to parse the json by hand which is tedious.

1. provide a custom deserializer to the bean

   @JsonDeserialize(using = TestValidationDtoDeserializer.class)
   public class TestValidationDto {
   ...

2. implement the deserializer

   public class TestValidationDtoDeserializer extends JsonDeserializer {
   @Override
   public TestValidationDto deserialize(JsonParser jsonParser, DeserializationContext deserializationContext) throws IOException, JsonProcessingException {
       JsonNode node = jsonParser.getCodec().readTree(jsonParser);
   
               ... // throw custom exception on validation error
   
       return new TestValidationDto( ... );
   }

[mdhtr]

Option C: JsonCreator

Tl;dr:

• custom constructor
• default Jackson exceptions (MismatchedInputException)

Pros:

• no new dependencies

Cons:

• very limited capacities: can only verify the presence of a field, it allows null value

  1. Add custom constructor

     @JsonCreator
     public TestValidationDto(
         @JsonProperty(value = "number", required = true) Integer number,
         @JsonProperty(value = "text", required = true) String text) {
     this.number = number;
     this.text = text;
     }

[mdhtr]

Option D: custom converter + javax.validation

Tl;dr:

• custom converter
• javax.validation annotations
• javax.validation exceptions or custom exceptions

Pros:

• cleaner code

Cons:

• new dependencies (if needed)

  1. in theory, these dependencies are necessary for the Javax Bean validation, however in this app, I didn't need to add explicitly any of them. Instead it was only jakarta.validation:jakarta.validation-api that maven marked as undeclared.

     <!-- VALIDATION -->
     <dependency>
         <groupId>javax.validation</groupId>
         <artifactId>validation-api</artifactId>
         <version>2.0.1.Final</version>
     </dependency>
     <dependency>
         <groupId>org.hibernate.validator</groupId>
         <artifactId>hibernate-validator</artifactId>
         <version>6.0.2.Final</version>
     </dependency>
     <dependency>
         <groupId>org.hibernate.validator</groupId>
         <artifactId>hibernate-validator-annotation-processor</artifactId>
         <version>6.0.2.Final</version>
     </dependency>
     <dependency>
         <groupId>javax.el</groupId>
         <artifactId>javax.el-api</artifactId>
         <version>3.0.0</version>
     </dependency>
     <dependency>
         <groupId>org.glassfish.web</groupId>
         <artifactId>javax.el</artifactId>
         <version>2.2.6</version>
     </dependency>

  2. Implement a generic validation class:

     public abstract class DataValidator<T> extends StdConverter<T, T> {
     @Override
     public T convert(T t) {
     ValidatorFactory validatorFactory = Validation.byDefaultProvider()
             .configure()
             .buildValidatorFactory();
     Validator validator = validatorFactory.getValidator();
     Set<ConstraintViolation<T>> violations = validator.validate(t);
     if (!violations.isEmpty()) {
         throw new ConstraintViolationException(violations);
     }
     return t;
     }
     }

  3. Implement type specific validation class and set it as a converter for JsonDeserialize:

     @JsonDeserialize(converter = TestValidationDto.Validator.class)
     public class TestValidationDto {
     ...
     static class Validator extends DataValidator<TestValidationDto> {}
     }

[mdhtr]

I chose option D: custom converter + javax.validation. The javax validation annotations make specifying validations easy, and the custom converter is highly reusable and easy to use.

[mdhtr]

A possible future improvement could be to return the validation errors is a machine parsable format, in an additional field.