Validation8:31 with Craig Dennis
Let's validate that data we get from our users is valid and set up our API so it returns legible errors.
Note about newer versions
- If you are using the Gradle Boot plugin > 1.3 (Which I am using in this video), you might encounter an issue on startup. To resolve simply add the
@Lazyannotation to the validator declaration like so:
@Autowired @Lazy private Validator validator;
Everyone needs a little validation, right? 0:00 Here, let me validate you. 0:02 You are doing great with the Spring Data REST framework. 0:04 It's a lot to take in and 0:07 even though there's very few lines of code that we have written, there is most likely 0:08 a boatload of new concepts that you've been absorbing and that, that's a lot. 0:11 But here you are, nine videos deep and you're still smiling. 0:16 It's weird right? 0:19 Sometimes it's almost more challenging when the work gets done for you. 0:20 You spend time trying to find out what the magic is that's happening behind 0:24 the scenes, but sincerely you? 0:28 You're doing great. 0:30 Do you feel validated? 0:30 I hope so because I meant it. 0:33 Okay now, let's ensure that we're getting the data that we want, and 0:35 sending back clear error messages to our clients when they misuse our API. 0:38 Let's do this. 0:42 If you watch the course Spring with Irony, you've definitely seen this 0:44 annotation-based style of validation that we're ready to do. 0:46 Basically what you do is, 0:50 you mark what a valid value on your entity looks like by adding a constraint. 0:51 For instance let's open up course here. 0:56 Course and we want to make sure that all these courses have a title, right? 1:01 So let's go ahead and we'll add an annotation 1:07 on here that is a validation constraint not null. 1:13 Yep. 1:18 So what this validation does, 1:22 is mark the entity as being not valid if the title is null. 1:24 And therefore it won't be able to be saved to the database when it's attempted. 1:29 But we want this to happen in the lifecycle events of our application. 1:33 We want this to happen before an entity is created. 1:37 Or saved, right? 1:40 And let the client know that they made a mistake. 1:42 In order to do this we need to do a little bit of configuration and it's not quite as 1:45 simple as we saw with the properties file but it's still pretty straightforward. 1:48 So there's a handy little adapter that is included that allows you 1:52 to optionally override some very specific configuration options. 1:55 So let's do this. 1:59 Let's go into the core class here and let's create a new class. 1:59 And we're going to call it RestConfig. 2:05 And we're going to make it extend that adapter I was talking about. 2:07 So we're going to say extends and the adapter is repository 2:13 RestCofigurerAdapter. 2:20 Okay. 2:25 And so right off the bat let's go ahead and mark this as configuration. 2:25 [BLANK AUDIO] And 2:31 now, let's go ahead and override one of the methods. 2:38 So we're going to choose generate and we're going to override methods. 2:41 Okay, so we’re going to override. 2:45 And the one that we want to override is this guy. 2:46 Configure validating repository event listener. 2:50 Jeez. 2:55 Try to say that ten times fast. 2:55 Okay, so this is going to do the super call to its parent like we saw by default. 2:58 We don't actually need that so I'm gonna get rid of that line. 3:03 And I'm also going to get some real estate because look at that. 3:06 Wow. It doesn't even fit. 3:10 So, it gets passed of validating repository of that listener. 3:13 And this is what we want to configure actually, so what we're going to do 3:16 is we are going to get access to our global validator first. 3:21 So, let's go ahead and we need to get access to it. 3:25 So, we're going to say validator. 3:29 Validater and we're going to get that by name and 3:32 again that's going to be auto wired. 3:35 And yes that is the Spring Framework validator. 3:42 Yep. 3:46 And Auto wired is there. 3:46 There we go. 3:48 So, what we wanted to have happen was we want, before things are created, so 3:49 this validating listener that is passed in, is what we can configure. 3:53 And what we're going to add on that is a validator. 3:58 It's just so happen gonna be the global validator that we're setting up. 4:00 So we're going to say here, the event is called beforeCreate. 4:04 We'll take a look at these here in a second. 4:07 And so that's before creation happens and we also want to do it for an update. 4:11 So I'm gonna go ahead and I'm gonna a duplicate that line. 4:15 And this is beforeSave. 4:17 So like I said we'll explore those events here in a bit but for 4:22 now we should have a working config that will cause our 4:26 validation to send back clean error messages on create and save. 4:29 Okay, so lets pop back over. 4:34 I'm gonna go ahead and restart my server here. 4:36 Let's make sure everything goes You form an pop over to post man here and 4:43 let's go ahead and do a new post, two courses and 4:51 we'll set the body left or last one in there so 4:56 what we'll do is we'll just not have a title. 5:01 Gotta quit doing the save early, save often habit. 5:09 All right. So let's do it. 5:12 Let's submit it. 5:13 So it's raw. 5:14 We got the right header in there. 5:15 It's application json. 5:16 Set courses, and we're gonna click send, and boom. 5:18 We got back a 400 Bad Request. 5:22 And what I want you to note here is that this is an array, it's errors and it says 5:25 course and it says title may not be null and the value that was passed was null. 5:29 How awesome is that, an automatic error message and 5:34 on top of it of course those messages can also be configured. 5:38 You can actually do it right there in the validator, you just put in message and 5:41 whatever you want the message to be amazing. 5:45 But you know what? 5:48 Thinking like a hacker, what happens if we just submit an empty string. 5:49 Let's see. 5:53 Let's go back to what we had posted before. 5:54 And let's go ahead and we're gonna. 5:57 This isn't going to be null. 6:00 Right? An empty string's not null. 6:01 Did we hack? 6:03 Did we do it? 6:04 We did. 6:06 So we're gonna need another validation, right. 6:07 Now you can stack validators, right. 6:10 You can just add another one. 6:12 So let's go ahead. 6:13 Let's go back to our course here. 6:14 And we can stack ' right. 6:23 So we want NotNull, and we also want the size of it let's see. 6:24 We definitely want a minimum size, so let's, two characters seems fair, right? 6:29 Cuz you could have a course on c or a course on go, right? 6:36 But I don't know what the length of how long it should be? 6:39 Why don't I ask my product owner real quick. 6:42 So let's see. 6:46 Got slack open here. 6:48 And I'll say hey Hannah, how long should we allow the title field to be? 6:50 And this is very common practice, right, so I'm gonna be developing and 6:58 ask this question. 7:02 And let's see, hopefully Hannah's online, look, she's typing. 7:02 So 140 character seems legit for Twitter follow suit. 7:09 Sounds good I'm going to go ahead and let her know with a, she send a money sign. 7:13 I give her a thumbs up I guess. 7:20 I collect money mouth face. 7:24 So now that I know that Hannah thinks 140 is fine, I'm just gonna go and 7:27 update things. 7:31 Over here, so max equals 140. 7:32 All right, awesome. 7:35 So let's go ahead and reboot. 7:36 And move off over here. 7:42 Let's look at what we had done before, and 7:46 I'm gonna leave the title there of nothing still and see what happens. 7:48 And we got a 400 bad requests and it says, size must be between two and 140 and 7:53 the invalid value was basically dead. 7:58 Awesome, right? 8:00 Out of the box and it's using existing standards incredible. 8:01 I've got some links in the teacher's notes about more validators that 8:04 are available out of the box. 8:07 And you can also build your own and hook and other life cycle events. 8:08 As you can imagine we want to litter our API with them and 8:11 just make sure that we're getting the data that our application expects. 8:14 But first let's just keep on moving through this frameworks amazing offering. 8:18 Now one thing that I wanted to show off is how we hook up with security 8:22 authentication and all that jazz. 8:25 But before we do that we need to get some users in place. 8:27 Let's do that, 8:30
You need to sign up for Treehouse in order to download course files.Sign up