前言:
开发SpringBoot项目时,除了前端对用户输入表单进行校验外,往往后端也需要对传入的参数进行校验防止他人使用Postman一类工具进行恶意传参,但使用多个if进行校验显得代码十分臃肿,但引入JSR相关注解后即可优雅校验参数。本文基于JSR注解设计一个模块,用户通过配置文件配置相关验证规范后,在添加对应注解即可完成参数校验,并通过全局异常处理对错误传参进行处理。
本章项目源码如下:
wlf728050719/SpringCloudPro2-1
https://github.com/wlf728050719/SpringCloudPro2-1以及本专栏会持续更新微服务项目,每一章的项目都会基于前一章项目进行功能的完善,欢迎小伙伴们关注!同时如果只是对单章感兴趣也不用从头看,只需下载前一章项目即可,每一章都会有前置项目准备部分,跟着操作就能实现上一章的最终效果,当然如果是一直跟着做可以直接跳过这一部分。专栏目录链接如下,其中Base篇为基础微服务搭建,Pro篇为复杂模块实现。
从零搭建微服务项目(全)-优快云博客https://blog.youkuaiyun.com/wlf2030/article/details/145799620
一、依赖导入
pom文件内容如下:
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>3.4.3</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<groupId>cn.bit</groupId>
<artifactId>Pro2_1</artifactId>
<version>0.0.1-SNAPSHOT</version>
<name>JSR</name>
<description>JSR</description>
<dependencies>
<!-- Test -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<!-- Web -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<!-- lombok -->
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
</dependency>
<!-- JSR -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-validation</artifactId>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project>
二、JSR自定义注解
1.定义正则表达式枚举,其中prefix表示对应配置文件前缀。
package cn.bit.jsr.core.constant.enums;
import lombok.AllArgsConstructor;
import lombok.Getter;
@AllArgsConstructor
@Getter
public enum RegexEnum {
ANY("any-regex"),
PHONE_REGEX("phone-regex"),
EMAIL_REGEX("email-regex");
public final String prefix;
}
2.定义配置文件,从配置文件中获取正则表达式,如果配置文件未定义对应前缀返回.*匹配一切字符串并日志警告。
package cn.bit.jsr.core.config;
import cn.bit.jsr.core.constant.enums.RegexEnum;
import lombok.Data;
import lombok.extern.slf4j.Slf4j;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.context.annotation.Configuration;
import java.util.Map;
@Slf4j
@Configuration
@ConfigurationProperties(prefix = "jsr")
@Data
public class JSRConfig {
private Map<String,String> regexMap;
public String getRegex(RegexEnum regexEnum) {
String result = regexMap.get(regexEnum.getPrefix());
if(result == null) {
log.warn("{} is null,use default regex: .*", regexEnum.name());
return ".*";
}
return result;
}
}
3.配置文件内容
spring:
application:
name: JSR
jsr:
regex-map:
phone-regex: "^1[3-9]\\d{9}$"
email-regex: "^[a-zA-Z0-9_+&*-]+(?:\\.[a-zA-Z0-9_+&*-]+)*@(?:[a-zA-Z0-9-]+\\.)+[a-zA-Z]{2,7}$"
4.自定义注解,默认value为正则表达式,也可通过枚举设置表达式(其实@Pattern+@Value能实现类似效果,此处仅为示意如何自定义注解)
package cn.bit.jsr.core.annotation;
import cn.bit.jsr.core.constant.enums.RegexEnum;
import cn.bit.jsr.core.validator.PatternValidator;
import jakarta.validation.Constraint;
import jakarta.validation.Payload;
import java.lang.annotation.Documented;
import java.lang.annotation.Retention;
import java.lang.annotation.Target;
import static java.lang.annotation.ElementType.FIELD;
import static java.lang.annotation.ElementType.PARAMETER;
import static java.lang.annotation.RetentionPolicy.RUNTIME;
@Target({FIELD,PARAMETER})
@Retention(RUNTIME)
@Documented
@Constraint(validatedBy = PatternValidator.class)
public @interface Regex {
RegexEnum regexEnum() default RegexEnum.ANY;
String value() default ".*";
String message() default "格式匹配错误";
Class<?>[] groups() default {};
Class<? extends Payload>[] payload() default {};
}
5.定义验证类
package cn.bit.jsr.core.validator;
import cn.bit.jsr.core.annotation.Regex;
import cn.bit.jsr.core.config.JSRConfig;
import cn.bit.jsr.core.constant.enums.RegexEnum;
import jakarta.validation.ConstraintValidator;
import jakarta.validation.ConstraintValidatorContext;
import lombok.NonNull;
import lombok.RequiredArgsConstructor;
import org.springframework.stereotype.Component;
import java.util.regex.Pattern;
@Component
@RequiredArgsConstructor
public class PatternValidator implements ConstraintValidator<Regex, String> {
@NonNull
private JSRConfig jsrConfig;
private Pattern pattern;
@Override
public void initialize(Regex constraintAnnotation) {
String regex = constraintAnnotation.value();
RegexEnum regexEnum = constraintAnnotation.regexEnum();
if(regexEnum!=RegexEnum.ANY)
regex = jsrConfig.getRegex(regexEnum);
pattern = Pattern.compile(regex);
}
@Override
public boolean isValid(String str, ConstraintValidatorContext context) {
return pattern.matcher(str).matches();
}
}
四、自定义注解使用
1.使用注解限定字段
package cn.bit.jsr.entity;
import cn.bit.jsr.core.annotation.Regex;
import cn.bit.jsr.core.constant.enums.RegexEnum;
import jakarta.validation.constraints.NotEmpty;
import lombok.AllArgsConstructor;
import lombok.Data;
import lombok.NoArgsConstructor;
import org.hibernate.validator.constraints.Length;
@Data
@AllArgsConstructor
@NoArgsConstructor
public class User {
@NotEmpty(message = "用户编号不能为空")
private String id;
@Length(min = 6, max = 15, message = "用户名长度是6-15位")
private String pwd;
@Regex(regexEnum = RegexEnum.PHONE_REGEX)
private String phone;
@Regex(regexEnum = RegexEnum.EMAIL_REGEX)
private String email;
}2.@Validated+@Valid开启参数校验
package cn.bit.jsr.controller;
import cn.bit.jsr.entity.User;
import jakarta.validation.Valid;
import org.springframework.validation.annotation.Validated;
import org.springframework.web.bind.annotation.*;
@RestController
@RequestMapping("/jsr")
@Validated
public class JSRTestController {
//给数据添加服务端校验
@PostMapping("/valiAdd")
public String valiAdd(@RequestBody @Valid User user) {
return "error";
}
}
四、全局异常处理
@RestControllerAdvice+@ExceptionHandler实现,个人认为相较于拦截器或aop实现异常处理更加简洁。
package cn.bit.jsr.handler;
import lombok.extern.slf4j.Slf4j;
import org.springframework.http.HttpStatus;
import org.springframework.validation.BindException;
import org.springframework.validation.FieldError;
import org.springframework.web.bind.MethodArgumentNotValidException;
import org.springframework.web.bind.annotation.ExceptionHandler;
import org.springframework.web.bind.annotation.ResponseStatus;
import org.springframework.web.bind.annotation.RestControllerAdvice;
import java.nio.file.AccessDeniedException;
import java.util.List;
@Slf4j
@RestControllerAdvice
public class GlobalExceptionHandler {
/**
* 全局异常.
* @param e the e
* @return R
*/
@ExceptionHandler(Exception.class)
@ResponseStatus(HttpStatus.INTERNAL_SERVER_ERROR)
public String handleGlobalException(Exception e) {
log.error("全局异常信息 ex={}", e.getMessage(), e);
return e.getLocalizedMessage();
}
/**
* AccessDeniedException
* @param e the e
* @return R
*/
@ExceptionHandler(AccessDeniedException.class)
@ResponseStatus(HttpStatus.FORBIDDEN)
public String handleAccessDeniedException(AccessDeniedException e) {
log.error("拒绝授权异常信息 ex={}", e.getLocalizedMessage(),e);
return e.getLocalizedMessage();
}
/**
* validation Exception
* @param e the e
* @return R
*/
@ExceptionHandler({ MethodArgumentNotValidException.class})
@ResponseStatus(HttpStatus.BAD_REQUEST)
public String handleBodyValidException(MethodArgumentNotValidException e) {
List<FieldError> fieldErrors = e.getBindingResult().getFieldErrors();
StringBuilder errorMsg = new StringBuilder();
fieldErrors.forEach(fieldError -> {errorMsg.append(fieldError.getField()).append(":").append(fieldError.getDefaultMessage()).append("\n");});
log.warn("参数绑定异常,ex = {}",errorMsg);
return errorMsg.toString();
}
/**
* validation Exception (以form-data形式传参)
* @param e the e
* @return R
*/
@ExceptionHandler({ BindException.class})
@ResponseStatus(HttpStatus.BAD_REQUEST)
public String bindExceptionHandler(BindException e) {
List<FieldError> fieldErrors = e.getBindingResult().getFieldErrors();
StringBuilder errorMsg = new StringBuilder();
fieldErrors.forEach(fieldError -> {errorMsg.append(fieldError.getField()).append(":").append(fieldError.getDefaultMessage()).append("\n");});
log.warn("参数绑定异常(form-data),ex = {}",errorMsg);
return errorMsg.toString();
}
}
五、测试结果
最后:
不得不说SpringBoot确实有很多实用的注解,能极大简化开发,也难怪叫面向注解开发。在网上看了其他博客的jsr303自定义注解,但一直无法生效,最后也可算倒腾出来了。后续会将该模块整合至本专栏微服务项目中,还请多多支持!
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
