- Getting Started 5:55
- Introducing Spring Data REST 6:03
- Entities and Repositories Review 9:28
- Abstract Classes 6:48
- Populating and Relationships 15:39
- Paging 7:12
- Exploring Your API With New Tools - Postman 7:55
- Exploring Your API With New Tools - HAL Browser 3:58
- Versioning 8:52
- Validation 8:31
- Adding Users 11:51
- Adding Authentication 10:35
- Authorizing Deletions 6:56
- Events 7:57
- Wrapping Up 1:18
Preview
Video Player
00:00
00:00
Validation
8:31Let's validate that data we get from our users is valid and set up our API so it returns legible errors.
Everyone needs a little validation, right?
0:00
Here, let me validate you.
0:02
You are doing great with
the Spring Data REST framework.
0:04
It's a lot to take in and
0:07
even though there's very few lines of code
that we have written, there is most likely
0:08
a boatload of new concepts that you've
been absorbing and that, that's a lot.
0:11
But here you are, nine videos deep and
you're still smiling.
0:16
It's weird right?
0:19
Sometimes it's almost more challenging
when the work gets done for you.
0:20
You spend time trying to find out what
the magic is that's happening behind
0:24
the scenes, but sincerely you?
0:28
You're doing great.
0:30
Do you feel validated?
0:30
I hope so because I meant it.
0:33
Okay now, let's ensure that we're
getting the data that we want, and
0:35
sending back clear error messages to
our clients when they misuse our API.
0:38
Let's do this.
0:42
If you watch the course Spring with Irony,
you've definitely seen this
0:44
annotation-based style of
validation that we're ready to do.
0:46
Basically what you do is,
0:50
you mark what a valid value on your
entity looks like by adding a constraint.
0:51
For instance let's open up course here.
0:56
Course and we want to make sure that
all these courses have a title, right?
1:01
So let's go ahead and
we'll add an annotation
1:07
on here that is a validation
constraint not null.
1:13
Yep.
1:18
So what this validation does,
1:22
is mark the entity as being not
valid if the title is null.
1:24
And therefore it won't be able to be saved
to the database when it's attempted.
1:29
But we want this to happen in
the lifecycle events of our application.
1:33
We want this to happen
before an entity is created.
1:37
Or saved, right?
1:40
And let the client know
that they made a mistake.
1:42
In order to do this we need to do a little
bit of configuration and it's not quite as
1:45
simple as we saw with the properties file
but it's still pretty straightforward.
1:48
So there's a handy little adapter
that is included that allows you
1:52
to optionally override some very
specific configuration options.
1:55
So let's do this.
1:59
Let's go into the core class here and
let's create a new class.
1:59
And we're going to call it RestConfig.
2:05
And we're going to make it extend
that adapter I was talking about.
2:07
So we're going to say extends and
the adapter is repository
2:13
RestCofigurerAdapter.
2:20
Okay.
2:25
And so right off the bat let's go
ahead and mark this as configuration.
2:25
[BLANK AUDIO] And
2:31
now, let's go ahead and
override one of the methods.
2:38
So we're going to choose generate and
we're going to override methods.
2:41
Okay, so we’re going to override.
2:45
And the one that we want
to override is this guy.
2:46
Configure validating
repository event listener.
2:50
Jeez.
2:55
Try to say that ten times fast.
2:55
Okay, so this is going to do the super
call to its parent like we saw by default.
2:58
We don't actually need that so
I'm gonna get rid of that line.
3:03
And I'm also going to get some
real estate because look at that.
3:06
Wow.
It doesn't even fit.
3:10
So, it gets passed of validating
repository of that listener.
3:13
And this is what we want to configure
actually, so what we're going to do
3:16
is we are going to get access
to our global validator first.
3:21
So, let's go ahead and
we need to get access to it.
3:25
So, we're going to say validator.
3:29
Validater and
we're going to get that by name and
3:32
again that's going to be auto wired.
3:35
And yes that is
the Spring Framework validator.
3:42
Yep.
3:46
And Auto wired is there.
3:46
There we go.
3:48
So, what we wanted to have happen was
we want, before things are created, so
3:49
this validating listener that is
passed in, is what we can configure.
3:53
And what we're going to add
on that is a validator.
3:58
It's just so happen gonna be the global
validator that we're setting up.
4:00
So we're going to say here,
the event is called beforeCreate.
4:04
We'll take a look at
these here in a second.
4:07
And so that's before creation happens and
we also want to do it for an update.
4:11
So I'm gonna go ahead and
I'm gonna a duplicate that line.
4:15
And this is beforeSave.
4:17
So like I said we'll explore those
events here in a bit but for
4:22
now we should have a working
config that will cause our
4:26
validation to send back clean
error messages on create and save.
4:29
Okay, so lets pop back over.
4:34
I'm gonna go ahead and
restart my server here.
4:36
Let's make sure everything goes You
form an pop over to post man here and
4:43
let's go ahead and
do a new post, two courses and
4:51
we'll set the body left or
last one in there so
4:56
what we'll do is we'll
just not have a title.
5:01
Gotta quit doing the save early,
save often habit.
5:09
All right.
So let's do it.
5:12
Let's submit it.
5:13
So it's raw.
5:14
We got the right header in there.
5:15
It's application json.
5:16
Set courses, and
we're gonna click send, and boom.
5:18
We got back a 400 Bad Request.
5:22
And what I want you to note here is that
this is an array, it's errors and it says
5:25
course and it says title may not be null
and the value that was passed was null.
5:29
How awesome is that,
an automatic error message and
5:34
on top of it of course those
messages can also be configured.
5:38
You can actually do it right there in
the validator, you just put in message and
5:41
whatever you want
the message to be amazing.
5:45
But you know what?
5:48
Thinking like a hacker, what happens
if we just submit an empty string.
5:49
Let's see.
5:53
Let's go back to what
we had posted before.
5:54
And let's go ahead and we're gonna.
5:57
This isn't going to be null.
6:00
Right?
An empty string's not null.
6:01
Did we hack?
6:03
Did we do it?
6:04
We did.
6:06
So we're gonna need another validation,
right.
6:07
Now you can stack validators, right.
6:10
You can just add another one.
6:12
So let's go ahead.
6:13
Let's go back to our course here.
6:14
And we can stack ' right.
6:23
So we want NotNull, and
we also want the size of it let's see.
6:24
We definitely want a minimum size, so
let's, two characters seems fair, right?
6:29
Cuz you could have a course on c or
a course on go, right?
6:36
But I don't know what the length
of how long it should be?
6:39
Why don't I ask my
product owner real quick.
6:42
So let's see.
6:46
Got slack open here.
6:48
And I'll say hey Hannah, how long
should we allow the title field to be?
6:50
And this is very common practice,
right, so I'm gonna be developing and
6:58
ask this question.
7:02
And let's see, hopefully Hannah's online,
look, she's typing.
7:02
So 140 character seems legit for
Twitter follow suit.
7:09
Sounds good I'm going to go ahead and let
her know with a, she send a money sign.
7:13
I give her a thumbs up I guess.
7:20
I collect money mouth face.
7:24
So now that I know that Hannah thinks
140 is fine, I'm just gonna go and
7:27
update things.
7:31
Over here, so max equals 140.
7:32
All right, awesome.
7:35
So let's go ahead and reboot.
7:36
And move off over here.
7:42
Let's look at what we had done before, and
7:46
I'm gonna leave the title there of
nothing still and see what happens.
7:48
And we got a 400 bad requests and it says,
size must be between two and 140 and
7:53
the invalid value was basically dead.
7:58
Awesome, right?
8:00
Out of the box and
it's using existing standards incredible.
8:01
I've got some links in the teacher's
notes about more validators that
8:04
are available out of the box.
8:07
And you can also build your own and
hook and other life cycle events.
8:08
As you can imagine we want to
litter our API with them and
8:11
just make sure that we're getting
the data that our application expects.
8:14
But first let's just keep on moving
through this frameworks amazing offering.
8:18
Now one thing that I wanted to show
off is how we hook up with security
8:22
authentication and all that jazz.
8:25
But before we do that we need
to get some users in place.
8:27
Let's do that,
8:30