Logo
Published on

Mastering Data Validation with `@Valid` and `@Validated` Annotations in Spring

Authors
  • Name
    Twitter

Introduction

Data validation is a crucial part of any application. Incorrect or malformed data can lead to unexpected behavior, security vulnerabilities, and inaccurate calculations. Spring, one of the most popular frameworks for building Java applications, provides an excellent set of tools to ensure data integrity with @Valid and @Validated annotations. In this article, we'll delve deep into these annotations and understand how they can be effectively used to validate data.

Understanding @Valid and @Validated

Both @Valid and @Validated are integral annotations in Spring when it comes to data validation. However, to harness their full potential, it's imperative to understand the nuances of each.

@Valid

  • Origin: @Valid is part of the Java Bean Validation specification (JSR 380) which Spring supports. Hence, it's not Spring-specific and can be used in other Java contexts too.
  • Usage: Primarily used to trigger validation on an object, especially on nested objects. When placed before a method argument, Spring’s validation mechanism inspects the object for any constraints (like @NotNull, @Size, etc.) and ensures that they are satisfied.

Example:

public class UserProfile {  
    @Valid  
    private Address address;  
}

In the above example, when a UserProfile object is validated, the nested Address object will also undergo validation.

  • Limitations: While powerful, @Valid doesn't allow for group-based validation, i.e., applying specific validation rules under certain conditions.

@Validated

  • Origin: Unlike @Valid, @Validated is Spring-specific. It extends the functionality of @Valid and provides more flexibility.
  • Usage: In addition to triggering validation just like @Valid, @Validated provides the ability for group-based validation. This is particularly helpful when you want to have different validation rules for the same object based on different contexts (like create vs update operations).

Example:

public class User {  
  
    @NotBlank(groups = Creation.class)  
    private String username;  
  
    @Size(min = 8, groups = Update.class)  
    private String password;  
}  
  
public interface Creation {}  
public interface Update {}

Now, when creating a user, only the username constraint is validated. When updating, only the password constraint is checked.

  • Advanced Use Cases: Beyond its primary use in controllers, @Validated can be employed on Spring components, configurations, and services. For instance, when validating method parameters or even configuration properties.

Example:

@Service  
@Validated  
public class UserService {  
    public void registerUser(@Validated(Creation.class) User user) {  
        // business logic  
    }  
}

In the above service, the registerUser method explicitly validates the User object based on the Creation group.

  • Limitations: @Validated cannot be used on nested fields within an object. For nested validation, @Valid should still be used. Also, since @Validated is Spring-specific, it might not be recognized outside of the Spring ecosystem.

Setting Up Data Validation

Before diving into annotations, ensure you have the necessary dependencies:

<dependency>  
    <groupId>org.springframework.boot</groupId>  
    <artifactId>spring-boot-starter-web</artifactId>  
</dependency>  
<dependency>  
    <groupId>org.hibernate</groupId>  
    <artifactId>hibernate-validator</artifactId>  
    <version>6.1.5.Final</version>  
</dependency>

Creating Model with Constraints

Consider a simple User model:

import javax.validation.constraints.Email;  
import javax.validation.constraints.NotBlank;  
import javax.validation.constraints.Size;  
  
public class User {  
      
    @NotBlank(message = "Name is mandatory")  
    private String name;  
  
    @Email(message = "Email should be valid")  
    private String email;  
  
    @Size(min = 6, message = "Password must be at least 6 characters long")  
    private String password;  
  
    // Getters, Setters, etc.  
}

Using @Valid in Controller

Now, when you create a REST endpoint to accept the User object, use @Valid:

@RestController  
@RequestMapping("/users")  
public class UserController {  
  
    @PostMapping("/")  
    public ResponseEntity<String> createUser(@Valid @RequestBody User user) {  
        // Save user or perform some other operations  
        return ResponseEntity.ok("User created successfully");  
    }  
}

If the User object does not satisfy the constraints, a MethodArgumentNotValidException will be thrown.

Handling Validation Errors

Ensuring data validation is only half the battle. The other half is gracefully handling the errors and communicating them back to the client. When validation rules are not met, Spring throws exceptions. Efficiently catching and processing these exceptions can greatly improve the user experience.

The Default Behavior

When a validation error occurs in a Spring application, a MethodArgumentNotValidException is thrown. By default, Spring returns a general error response with a 400 Bad Request status. This response contains detailed information about the errors, but it may be more verbose than needed and not always user-friendly.

Customizing the Error Response

Instead of relying on the default error structure, you can return a custom error message or object that fits the needs of your application or API consumers.

Using ExceptionHandler

The @ExceptionHandler annotation can be used to define custom behavior when exceptions occur.

Example:

@RestControllerAdvice  
public class CustomExceptionHandler {  
  
    @ExceptionHandler(MethodArgumentNotValidException.class)  
    public ResponseEntity<Object> handleValidationExceptions(MethodArgumentNotValidException ex) {  
        Map<String, String> errors = new HashMap<>();  
        ex.getBindingResult().getAllErrors().forEach((error) -> {  
            String fieldName = ((FieldError) error).getField();  
            String errorMessage = error.getDefaultMessage();  
            errors.put(fieldName, errorMessage);  
        });  
        return ResponseEntity.badRequest().body(errors);  
    }  
}

This handler captures the MethodArgumentNotValidException and returns a more concise map of field names and their associated validation error messages.

Providing More Context

For more comprehensive APIs, it might be useful to provide additional context in the error response.

Example:

public class ApiValidationError {  
    private String field;  
    private String message;  
    private Object rejectedValue;  
  
    // Constructors, Getters, Setters  
}

Using the above class:

@ExceptionHandler(MethodArgumentNotValidException.class)  
public ResponseEntity<List<ApiValidationError>> handleDetailedValidationExceptions(MethodArgumentNotValidException ex) {  
    List<ApiValidationError> errors = ex.getBindingResult()  
        .getFieldErrors()  
        .stream()  
        .map(err -> new ApiValidationError(err.getField(), err.getDefaultMessage(), err.getRejectedValue()))  
        .collect(Collectors.toList());  
      
    return ResponseEntity.badRequest().body(errors);  
}

Now, the error response also includes the actual value that caused the validation error, providing more insight for API consumers.

Global vs Controller-specific Handlers

While @RestControllerAdvice provides a global exception handling mechanism, sometimes you might want specific behaviors for specific controllers. Using @ExceptionHandler within a @RestController ensures the handler is active only for that particular controller.

Consider User Experience

Always consider the end-user when crafting error messages. Ensure messages are clear and guide users on how to rectify the problem. For example, instead of “Size must be between 8 and 30”, a more user-friendly message might be “Your password should be between 8 and 30 characters.”

Group-Based Validation with @Validated

While @Valid is perfect for standard validation, there are scenarios where you might want specific validations based on certain conditions. This is where @Validated shines.

Define groups:

public interface OnCreate {}  
public interface OnUpdate {}

Adjust the User model for group-based validation:

public class User {  
      
    @NotBlank(message = "Name is mandatory", groups = OnCreate.class)  
    private String name;  
  
    @Email(message = "Email should be valid", groups = OnCreate.class)  
    private String email;  
  
    @Size(min = 6, message = "Password must be at least 6 characters long", groups = OnUpdate.class)  
    private String password;  
  
    // Getters, Setters, etc.  
}

Now, in your controller:

@PostMapping("/")  
public ResponseEntity<String> createUser(@Validated(OnCreate.class) @RequestBody User user) {  
    //...  
}  
  
@PutMapping("/{id}")  
public ResponseEntity<String> updateUser(@PathVariable Long id, @Validated(OnUpdate.class) @RequestBody User user) {  
    //...  
}

The createUser method will validate name and email, while updateUser will validate the password.

Validating Spring Service Beans

In a typical Spring application, validation often occurs at the controller layer. However, sometimes, it’s essential to enforce validation rules within the service layer to ensure data integrity and business rule compliance. This can be achieved using the powerful @Validated annotation even outside of controller classes.

Why Validate at the Service Layer?

First, let’s understand why one might consider validation at the service level:

  • Reusability: Services might be called from various parts of the application, not just controllers. Ensuring validation at the service level guarantees data consistency, no matter where the service is invoked from.
  • Decoupling: Moving validation from the controller to the service decouples validation logic from the web layer, making services more modular and independent.
  • Fine-grained Control: Service layer validation allows developers to introduce nuanced validation logic, taking into account various business scenarios that may not be immediately evident at the controller level.

Basic Validation with @Validated

Just as in controllers, the @Validated annotation can be used on Spring service beans.

Example:

@Service  
@Validated  
public class UserService {  
  
    public void registerUser(@Validated User user) {  
        // Handle user registration  
    }  
}

In the above example, when registerUser is called, Spring will validate the User object. If validation fails, a constraint violation exception will be thrown.

Group-based Validation in Services

Group validation can also be seamlessly integrated into services. For instance, suppose you have different validation groups for creating and updating a user.

Example:

@Service  
@Validated  
public class UserService {  
  
    public void createUser(@Validated(OnCreate.class) User user) {  
        // Handle user creation  
    }  
  
    public void updateUser(@Validated(OnUpdate.class) User user) {  
        // Handle user update  
    }  
}

Here, createUser method validates the User object based on the OnCreate group, and updateUser validates based on the OnUpdate group.

Handling Validation Exceptions in Services

While handling validation exceptions in controllers is common, handling them within services allows for more specific error handling and messaging. For instance, transforming a validation exception into a custom business exception that the service layer consumers can understand and handle.

Example:

@Service  
@Validated  
public class UserService {  
  
    public void createUser(@Validated(OnCreate.class) User user) {  
        try {  
            // Logic  
        } catch (ConstraintViolationException e) {  
            throw new CustomBusinessException("User data is not valid.", e);  
        }  
    }  
}

Integrating with Other Components

Service validation isn’t just for domain entities. You can also validate method parameters, configuration properties, and more. This ensures that any data processed by the service, no matter its source, is correct and compliant.

Conclusion

Spring offers powerful tools for data validation, ensuring data integrity throughout your application. By mastering the use of @Valid and @Validated, developers can easily impose data constraints, handle errors gracefully, and even introduce group-based validation rules. Incorporating these annotations ensures a strong and resilient application, safeguarding against erroneous data inputs.

  1. Spring Framework Validation
  2. Spring Boot Validation Starter
  3. Hibernate Validator Documentation