[prev in list] [next in list] [prev in thread] [next in thread]
List: wsf-javascript-dev
Subject: [Dev] [IAM] Input validation for REST APIs
From: Janak Amarasena <janak () wso2 ! com>
Date: 2019-08-29 9:59:41
Message-ID: CAByPAKdDxSFe8OMhaPN1cW0g_1mF78mzF2WF=OWqNrcq5FhMUg () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Hi all,
For new REST APIs written for product IS that is being dispatched from
identity-rest-dispatcher[1] it is now possible to do input validations[2]
such as; request body property null check, input validation against regx
patterns, etc. You can define the required validations in the DTOs,
methods, etc and add the @Valid annotation to mark that validation is
required[3].
Any input validation errors will be caught by the
InputValidationExceptionMapper[4]. The error response will be as follows;
Status code 400
{
"code": "UE-10000",
"message": "Invalid Request",
"description": "<All input validation errors caught>",
"traceId": "<correlation id>"
}
Example
{
"code": "UE-10000",
"message": "Invalid Request",
"description": "Property displayName cannot be null. Property
description does not conform to ^([a-z]{7})$ pattern.",
"traceId": "d9bb6c40-980b-4a47-a6e9-2849ecb0acf6"
}
The error descriptoin is taken from the message property of the validation
annotation.
Ex: @NotNull(message = "Property displayName cannot be null.")
If you are using the [5] for swagger code generation then you can mark the
required fields in the swagger and also the relevant regx patterns[6] and
the gen tool will add the relevant annotations to the code for validation.
Currently, the gen tool supports adding @NotNull for required fields
and @Pattern for regex patterns defined in the swagger.
For @NotNull the message will be generated in the following format; "
Property <property_name> cannot be null."
For @Pattern the message will be generated in the following format; "
Property <property_name> does not conform to <regx_pattern> pattern."
[1] - https://github.com/wso2/identity-rest-dispatcher
[2] - https://github.com/wso2/identity-rest-dispatcher/pull/39
[3] -
http://cxf.apache.org/docs/validationfeature.html#ValidationFeature-CommonBeanValidation1.1Interceptors
[4] -
https://github.com/wso2/identity-rest-dispatcher/blob/master/components/org.wso2.carbo \
n.identity.api.dispatcher/src/main/java/org/wso2/carbon/identity/api/dispatcher/InputValidationExceptionMapper.java
[5] - https://github.com/IsuraD/swagger2cxf-maven-plugin/tree/swagger_to_jar
[6] - https://swagger.io/docs/specification/data-models/data-types/#pattern
Best Regards,
--
*Janak Amarasena* | Software Engineer | WSO2 Inc.
(m) +94777764144 | (w) +94112145345 | (e) janak@wso2.com
<https://wso2.com/signature>
[Attachment #5 (text/html)]
<div dir="ltr">Hi all,<div><br></div><div>For new REST APIs written for product IS \
that is being dispatched from identity-rest-dispatcher[1] it is now possible to do \
input validations[2] such as; request body property null check, input validation \
against regx patterns, etc. You can define the required validations in the DTOs, \
methods, etc and add the @Valid annotation to mark that validation is required[3]. \
</div><div><br></div><div>Any input validation errors will be caught by the \
InputValidationExceptionMapper[4]. The error response will be as follows; \
</div><div><font face="monospace">Status code 400</font></div><div><font \
face="monospace">{<br> "code": "UE-10000",<br> \
"message": "Invalid Request",<br> "description": \
"<All input validation errors caught>",<br> "traceId": \
"<correlation \
id>"<br>}</font><br></div><div><br></div><div>Example</div><div><font \
face="monospace">{<br> "code": "UE-10000",<br> \
"message": "Invalid Request",<br> "description": \
"Property displayName cannot be null. Property description does not conform to \
^([a-z]{7})$ pattern.",<br> "traceId": \
"d9bb6c40-980b-4a47-a6e9-2849ecb0acf6"<br>}</font><br></div><div>The error \
descriptoin is taken from the message property of the validation \
annotation.</div><div>Ex: <font face="monospace">@NotNull(message = "Property \
</font><span style="font-family:monospace">displayName</span><font face="monospace"> \
cannot be null.")</font></div><div><br></div><div><div>If you are using the [5] \
for swagger code generation then you can mark the required fields in the swagger and \
also the relevant regx patterns[6] and the gen tool will add the relevant annotations \
to the code for validation. </div><div><br></div><div>Currently, the gen tool \
supports adding @NotNull for required fields and @Pattern for regex patterns \
defined in the swagger. </div><div>For @NotNull the message will be generated in \
the following format; "<font face="monospace">Property </font><span \
style="font-family:monospace"><property_name></span><font face="monospace"> \
cannot be null.</font>"</div></div><div>For @Pattern the message will be \
generated in the following format; "<span style="font-family:monospace">Property \
</span><span style="font-family:monospace"><property_name></span><span \
style="font-family:monospace"> does not conform to </span><span \
style="font-family:monospace"><regx_pattern></span><span \
style="font-family:monospace"> pattern.</span>"</div><div><br></div><div>[1] - \
<a href="https://github.com/wso2/identity-rest-dispatcher">https://github.com/wso2/identity-rest-dispatcher</a></div><div>[2] \
- <a href="https://github.com/wso2/identity-rest-dispatcher/pull/39">https://github.com/wso2/identity-rest-dispatcher/pull/39</a></div><div>[3] \
- <a href="http://cxf.apache.org/docs/validationfeature.html#ValidationFeature-Common \
BeanValidation1.1Interceptors">http://cxf.apache.org/docs/validationfeature.html#ValidationFeature-CommonBeanValidation1.1Interceptors</a></div><div>[4] \
- <a href="https://github.com/wso2/identity-rest-dispatcher/blob/master/components/or \
g.wso2.carbon.identity.api.dispatcher/src/main/java/org/wso2/carbon/identity/api/dispa \
tcher/InputValidationExceptionMapper.java">https://github.com/wso2/identity-rest-dispa \
tcher/blob/master/components/org.wso2.carbon.identity.api.dispatcher/src/main/java/org \
/wso2/carbon/identity/api/dispatcher/InputValidationExceptionMapper.java</a></div><div>[5] \
- <a href="https://github.com/IsuraD/swagger2cxf-maven-plugin/tree/swagger_to_jar">ht \
tps://github.com/IsuraD/swagger2cxf-maven-plugin/tree/swagger_to_jar</a></div><div>[6] \
- <a href="https://swagger.io/docs/specification/data-models/data-types/#pattern">htt \
ps://swagger.io/docs/specification/data-models/data-types/#pattern</a></div><div><div><br></div><div><br></div><div>Best \
Regards,</div><div>-- <br></div><div dir="ltr" class="gmail_signature" \
data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div \
dir="ltr"><div dir="ltr"><div><b><font color="#000000"></font></b></div><div><b \
style="color:rgb(136,136,136)">Janak Amarasena</b><span \
style="color:rgb(136,136,136)"> | Software Engineer | WSO2 \
Inc.</span><br></div><div><font color="#888888">(m) </font><font color="#999999"><a \
href="tel:%2B94777764144" target="_blank"><font \
color="#999999">+94777764144</font></a> </font><font color="#888888">| (w) </font><a \
href="tel:%2B94112145345" target="_blank"><font \
color="#999999">+94112145345</font></a><font color="#888888"> | (e) </font><a \
href="mailto:janak@wso2.com" target="_blank"><font \
color="#999999">janak@wso2.com</font></a></div><p style="margin:0px"><a \
href="https://wso2.com/signature" target="_blank"><img \
src="http://c.content.wso2.com/signatures/wso2-signature-general.png"><br></a><br></p></div></div></div></div></div></div></div></div></div>
_______________________________________________
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic