2019独角兽企业重金招聘Python工程师标准>>>
前言:
Web开发中,最为常见的场景就是前端表单数据、Json数据与后端实体类的绑定,即使JS能校验并阻止大部分的必填漏填的风险,但并不能防止恶意破坏者修改脚本。因此后端参数校验必不可少,但如果针对每一个请求都写硬代码校验,必然会增加许多重复、冗长的代码。
解决:
使用SpringMVC + Hibernate-Validator 进行参数校验,并反馈校验信息给前端。
实现:
maven依赖:
<properties><hibernate-version>4.3.1.Final</hibernate-version><spring-version>4.3.7.RELEASE</spring-version><jackson-version>2.7.4</jackson-version></properties><dependencies><!--Hibernate注解--><dependency><groupId>org.hibernate</groupId><artifactId>hibernate-validator</artifactId><version>${hibernate-version}</version></dependency><!--Spring--><dependency><groupId>org.springframework</groupId><artifactId>spring-context</artifactId><version>${spring-version}</version></dependency><dependency><groupId>org.springframework</groupId><artifactId>spring-beans</artifactId><version>${spring-version}</version></dependency><dependency><groupId>org.springframework</groupId><artifactId>spring-core</artifactId><version>${spring-version}</version></dependency><dependency><groupId>org.springframework</groupId><artifactId>spring-webmvc</artifactId><version>${spring-version}</version></dependency><dependency><groupId>org.springframework</groupId><artifactId>spring-web</artifactId><version>${spring-version}</version></dependency><!--支持@ResponseBody注解返回Json--><dependency><groupId>com.fasterxml.jackson.core</groupId><artifactId>jackson-databind</artifactId><version>${jackson-version}</version></dependency><dependency><groupId>com.fasterxml.jackson.core</groupId><artifactId>jackson-core</artifactId><version>${jackson-version}</version></dependency></dependencies>
实体类:
/*** 功能描述:用户实体类** @author menghao* @date 2017/8/30*/
public class User {@NotBlank(message = "用户名必填")private String name;@NotNull(message = "年龄必填")private Integer age;public String getName() {return name;}public void setName(String name) {this.name = name;}public Integer getAge() {return age;}public void setAge(Integer age) {this.age = age;}
}
spring-mvc.xml:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xmlns:context="http://www.springframework.org/schema/context"xmlns:mvc="http://www.springframework.org/schema/mvc"xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsdhttp://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsdhttp://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd"><context:component-scan base-package="com.menghao.validator.controller"/><mvc:annotation-driven validator="validator" /><bean id="validator" class="org.springframework.validation.beanvalidation.LocalValidatorFactoryBean"><property name="providerClass" value="org.hibernate.validator.HibernateValidator"/></bean>
</beans>
场景——Js对象请求:
controller:
/*** 功能描述:UserController** @author menghao* @date 2017/8/30*/
@Controller
@RequestMapping("user")
public class UserController {@PostMapping@ResponseBodypublic Result user(@Validated User user, BindingResult bindingResult) {if (bindingResult.hasErrors()) {List<String> errMsg = new ArrayList<String>(bindingResult.getFieldErrorCount());for (FieldError error : bindingResult.getFieldErrors()) {errMsg.add(error.getDefaultMessage());}return new Result(false, errMsg);}return new Result(true, "参数正确");}
}
测试结果:
//请求
var param = {name : "11",age : 11
};
$.ajax({url : '/user',data : param,type : 'POST'
});//响应
{"success": true, "data": "参数正确"
}//请求
$.ajax({url : '/user',type : 'POST'
});//响应
{"success": false, "data": ["用户名必填", "年龄必填"]
}
场景——Json格式请求:
controller:
/*** 功能描述:UserController** @author menghao* @date 2017/8/30*/
@Controller
@RequestMapping("user")
public class UserController {@PostMapping@ResponseBodypublic Result user(@RequestBody @Validated User user) {return new Result(true, "参数正确");}/*** 当Controller中方法抛出异常时会进入该方法** @param e 捕获异常* @return Result 校验信息*/@ExceptionHandler(MethodArgumentNotValidException.class)@ResponseBodypublic Result catchException(MethodArgumentNotValidException e) {BindingResult bindingResult = e.getBindingResult();List<String> errMsg = new ArrayList<String>(bindingResult.getFieldErrorCount());for (FieldError error : bindingResult.getFieldErrors()) {errMsg.add(error.getDefaultMessage());}return new Result(false, errMsg);}}
测试结果:
//请求
{"name" : "menghao"
}//响应
{"success": false,"data": ["年龄必填"]
}//请求
{"name" : "menghao","age" : 22
}//响应
{"success": true,"data": "参数正确"
}
总结:
如果请求参数为Json格式,需要对参数添加@RequestBody,否则无法将数据绑定到对象(值为null)。因此如果继续使用 @Validated User user, BindingResult bindingResult ,会造成请求失败,无法进入对应方法。
但是仍然需要返回校验信息的话,就需要采用异常处理的方式了。在参数校验失败时会抛出MethodArgumentNotValidException异常,这里采用了@ExceptionHandler来处理。其他常用的处理方式还有:
<1>实现HandlerExceptionResolver类,在resolveException方法中处理逻辑,不过局限在于返回的类型为ModelAndView。
<2>自定义类,使用@controlleradvice注解标记类,并自定义方法来处理捕获异常逻辑,仍然使用@ExceptionHandler注解来标记方法,并在注解value属性中指明捕获的异常类型。