我使用 Spring 4 和 Hibernate 5
我有带有自定义验证器的密码字段的用户类。
我需要在表单绑定时验证它,长度为 8 个字符,包括小写和大写字母以及数字。
当用户输入密码时,它是有效的,但在我编码时它无效。
那么有没有办法让我的自定义验证注释在持久化时被忽略呢?
我知道我可以为未加密的密码制作不同的字段,或者制作数据传输对象,对其进行验证,然后将其数据发送给用户。但我对注释参数化的可能性感兴趣。
@Entity
@Table(name = "user")
public class User {
//other fields
@NotNull
@NotEmpty
@ValidPassword
@Column(name = "password", nullable = false, length = 60)
private String password;
//getters and setters
}
我的验证人
@Target({ TYPE, FIELD, ANNOTATION_TYPE })
@Retention(RUNTIME)
@Constraint(validatedBy = PasswordValidator.class)
@Documented
public @interface ValidPassword {
String message() default "Password is too short! Must be 8 digits and include lowercase, uppercase letters and numbers.";
Class<?>[] groups() default {};
Class<? extends Payload>[] payload() default {};
}
和
public class PasswordValidator implements ConstraintValidator<ValidPassword, String> {
private Pattern pattern;
private Matcher matcher;
private static final String PATTERN = "((?=.*\d)(?=.*[a-z])(?=.*[A-Z]).{8,})";
@Override
public void initialize(ValidPassword constraintAnnotation) {
}
@Override
public boolean isValid(String password, ConstraintValidatorContext context) {
return (validate(password));
}
private boolean validate(String password) {
pattern = Pattern.compile(PATTERN);
matcher = pattern.matcher(password);
return matcher.matches();
}
}
控制器方法
@RequestMapping(value = "/registeruser", method = RequestMethod.POST)
public String registerUser(@ModelAttribute("user") @Valid User user, BindingResult result, Model model) {
if (result.hasErrors()) {
model.addAttribute("errorSummary", result.getFieldErrors().stream()
.map(e -> e.getField() + " error - " + e.getDefaultMessage() + " ").collect(Collectors.toList()));
model.addAttribute("user", user);
} else {
User registered = null;
registered = createUserAccount(user, result);
if (registered == null) {
model.addAttribute("errorSummary", "User with this email already registered!");
model.addAttribute("user", user);
return "registration";
}
model.addAttribute("flashMessage", "User registered successfully!");
}
return "registration";
}
用户服务实现方法(我编码密码的地方(
@Transactional
@Override
public User registerNewUserAccount(User user) throws EmailExistsException {
if (emailExist(user.getEmail())) {
throw new EmailExistsException("There is an account with that email address:" + user.getEmail());
}
if (user.getPassword() == null) {
user.setPassword(new BigInteger(130, new SecureRandom()).toString(32));
System.out.println("+++++++++++++++" + user.getPassword());
}
user.setPassword(passwordEncoder.encode(user.getPassword()));
user.setUserRole(new HashSet<UserRole>(1));
user.getUserRole().add(new UserRole(user, Constants.RoleType.USER.name()));
save(user);
return user;
}
默认情况下,将对所有约束进行验证。或者,您可以指定分组约束
您可以通过创建接口来创建组:
interface FormValidationGroup{}
并像这样注释password
字段:
@ValidPassword(groups = FormValidationGroup.class)
private String password;
提及groups
参数的自定义约束注释的文档。
休眠验证程序现在应忽略password
字段,除非您指定要验证的组。要指定用于验证 Spring MVC 处理程序方法参数的组,请使用 已验证注释 而不是 Valid
。例如:
String registerUser(@ModelAttribute @Validated(FormValidationGroup.class) User user,
BindingResult result, Model model) {
if (result.hasErrors()) {