use of javax.validation.metadata.MethodDescriptor in project jersey by jersey.
the class DefaultConfiguredValidator method validateResult.
@Override
public void validateResult(final Object resource, final Invocable resourceMethod, final Object result) {
if (configuration.getBootstrapConfiguration().isExecutableValidationEnabled()) {
final Set<ConstraintViolation<Object>> constraintViolations = new HashSet<>();
final Method handlingMethod = resourceMethod.getHandlingMethod();
final BeanDescriptor beanDescriptor = getConstraintsForClass(resource.getClass());
final MethodDescriptor methodDescriptor = beanDescriptor.getConstraintsForMethod(handlingMethod.getName(), handlingMethod.getParameterTypes());
final Method definitionMethod = resourceMethod.getDefinitionMethod();
if (methodDescriptor != null && methodDescriptor.hasConstrainedReturnValue() && validateOnExecutionHandler.validateMethod(resource.getClass(), definitionMethod, handlingMethod)) {
constraintViolations.addAll(forExecutables().validateReturnValue(resource, handlingMethod, result));
if (result instanceof Response) {
constraintViolations.addAll(forExecutables().validateReturnValue(resource, handlingMethod, ((Response) result).getEntity()));
}
}
if (!constraintViolations.isEmpty()) {
throw new ConstraintViolationException(constraintViolations);
}
}
}
use of javax.validation.metadata.MethodDescriptor in project jersey by jersey.
the class DefaultConfiguredValidator method onValidate.
// Invoked as the last validation interceptor method in the chain.
@Override
public void onValidate(final ValidationInterceptorContext ctx) {
final Object resource = ctx.getResource();
final Invocable resourceMethod = ctx.getInvocable();
final Object[] args = ctx.getArgs();
final Set<ConstraintViolation<Object>> constraintViolations = new HashSet<>();
final BeanDescriptor beanDescriptor = getConstraintsForClass(resource.getClass());
// Resource validation.
if (beanDescriptor.isBeanConstrained()) {
constraintViolations.addAll(validate(resource));
}
if (resourceMethod != null && configuration.getBootstrapConfiguration().isExecutableValidationEnabled()) {
final Method handlingMethod = resourceMethod.getHandlingMethod();
// Resource method validation - input parameters.
final MethodDescriptor methodDescriptor = beanDescriptor.getConstraintsForMethod(handlingMethod.getName(), handlingMethod.getParameterTypes());
if (methodDescriptor != null && methodDescriptor.hasConstrainedParameters()) {
constraintViolations.addAll(forExecutables().validateParameters(resource, handlingMethod, args));
}
}
if (!constraintViolations.isEmpty()) {
throw new ConstraintViolationException(constraintViolations);
}
}
use of javax.validation.metadata.MethodDescriptor in project tomee by apache.
the class CxfRsHttpListener method configureFactory.
private void configureFactory(final Collection<Object> givenAdditionalProviders, final ServiceConfiguration serviceConfiguration, final JAXRSServerFactoryBean factory, final WebBeansContext ctx, final Application application) {
CxfUtil.configureEndpoint(factory, serviceConfiguration, CXF_JAXRS_PREFIX);
boolean enforceCxfBvalMapper = false;
if (ctx == null || !ctx.getBeanManagerImpl().isInUse()) {
// activate bval
boolean bvalActive = Boolean.parseBoolean(SystemInstance.get().getProperty("openejb.cxf.rs.bval.active", serviceConfiguration.getProperties().getProperty(CXF_JAXRS_PREFIX + "bval.active", "true")));
if (factory.getFeatures() == null && bvalActive) {
factory.setFeatures(new ArrayList<>());
} else if (bvalActive) {
// check we should activate it and user didn't configure it
for (final Feature f : factory.getFeatures()) {
if (BeanValidationFeature.class.isInstance(f)) {
bvalActive = false;
break;
}
}
for (final Interceptor<?> i : factory.getInInterceptors()) {
if (BeanValidationInInterceptor.class.isInstance(i)) {
bvalActive = false;
break;
}
}
for (final Interceptor<?> i : factory.getOutInterceptors()) {
if (BeanValidationOutInterceptor.class.isInstance(i)) {
bvalActive = false;
break;
}
}
}
if (bvalActive) {
// bval doesn't need the actual instance so faking it to avoid to lookup the bean
// todo: close the factory
final BeanValidationProvider provider = new BeanValidationProvider();
ValidatorFactory validatorFactory = Validation.buildDefaultValidatorFactory();
final Validator validator = validatorFactory.getValidator();
final BeanValidationInInterceptor in = new JAXRSBeanValidationInInterceptor() {
@Override
protected Object getServiceObject(final Message message) {
return CxfRsHttpListener.this.getServiceObject(message);
}
};
in.setProvider(provider);
in.setServiceObject(FAKE_SERVICE_OBJECT);
factory.getInInterceptors().add(in);
final BeanValidationOutInterceptor out = new JAXRSBeanValidationOutInterceptor() {
@Override
protected Object getServiceObject(final Message message) {
return CxfRsHttpListener.this.getServiceObject(message);
}
@Override
protected void handleValidation(final Message message, final Object resourceInstance, final Method method, final List<Object> arguments) {
final MethodDescriptor constraintsForMethod = validator.getConstraintsForClass(resourceInstance.getClass()).getConstraintsForMethod(method.getName(), method.getParameterTypes());
if (constraintsForMethod != null && constraintsForMethod.hasConstrainedReturnValue()) {
super.handleValidation(message, resourceInstance, method, arguments);
}
}
};
out.setEnforceOnlyBeanConstraints(true);
out.setProvider(provider);
out.setServiceObject(FAKE_SERVICE_OBJECT);
factory.getOutInterceptors().add(out);
// and add a mapper to get back a 400 like for bval
enforceCxfBvalMapper = true;
}
}
final Collection<ServiceInfo> services = serviceConfiguration.getAvailableServices();
final String staticSubresourceResolution = serviceConfiguration.getProperties().getProperty(CXF_JAXRS_PREFIX + STATIC_SUB_RESOURCE_RESOLUTION_KEY);
if (staticSubresourceResolution != null) {
factory.setStaticSubresourceResolution("true".equalsIgnoreCase(staticSubresourceResolution));
}
// resource comparator
final String resourceComparator = serviceConfiguration.getProperties().getProperty(RESOURCE_COMPARATOR_KEY);
if (resourceComparator != null) {
try {
ResourceComparator instance = (ResourceComparator) ServiceInfos.resolve(services, resourceComparator);
if (instance == null) {
instance = (ResourceComparator) Thread.currentThread().getContextClassLoader().loadClass(resourceComparator).newInstance();
}
factory.setResourceComparator(instance);
} catch (final Exception e) {
LOGGER.error("Can't create the resource comparator " + resourceComparator, e);
}
}
// static resources
final String staticResources = serviceConfiguration.getProperties().getProperty(STATIC_RESOURCE_KEY);
if (staticResources != null) {
final String[] resources = staticResources.split(",");
for (final String r : resources) {
final String trimmed = r.trim();
if (!trimmed.isEmpty()) {
staticResourcesList.add(Pattern.compile(trimmed));
}
}
}
// providers
Set<String> providersConfig = null;
{
final String provider = serviceConfiguration.getProperties().getProperty(PROVIDERS_KEY);
if (provider != null) {
providersConfig = new HashSet<>();
for (final String p : Arrays.asList(provider.split(","))) {
providersConfig.add(p.trim());
}
}
{
if (GLOBAL_PROVIDERS != null) {
if (providersConfig == null) {
providersConfig = new HashSet<>();
}
providersConfig.addAll(Arrays.asList(GLOBAL_PROVIDERS.split(",")));
}
}
}
// another property to configure the scanning of providers but this one is consistent with current cxf config
// the other one is more generic but need another file
final String key = CXF_JAXRS_PREFIX + "skip-provider-scanning";
final boolean ignoreAutoProviders = "true".equalsIgnoreCase(SystemInstance.get().getProperty(key, serviceConfiguration.getProperties().getProperty(key, "false")));
final List<Object> additionalProviders = new ArrayList<Object>(ignoreAutoProviders ? Collections.EMPTY_LIST : givenAdditionalProviders);
for (final Class<?> clzz : application.getClasses()) {
if (isProvider(clzz) && !additionalProviders.contains(clzz)) {
additionalProviders.add(clzz);
}
}
List<Object> providers = null;
if (providersConfig != null) {
providers = ServiceInfos.resolve(services, providersConfig.toArray(new String[providersConfig.size()]), OpenEJBProviderFactory.INSTANCE);
if (providers != null && additionalProviders != null && !additionalProviders.isEmpty()) {
providers.addAll(providers(serviceConfiguration.getAvailableServices(), additionalProviders, ctx));
}
}
if (providers == null) {
providers = new ArrayList<>(4);
if (additionalProviders != null && !additionalProviders.isEmpty()) {
providers.addAll(providers(serviceConfiguration.getAvailableServices(), additionalProviders, ctx));
}
}
if (!ignoreAutoProviders) {
addMandatoryProviders(providers, serviceConfiguration);
if (enforceCxfBvalMapper) {
if (!shouldSkipProvider(CxfResponseValidationExceptionMapper.class.getName())) {
providers.add(new CxfResponseValidationExceptionMapper());
}
}
}
SystemInstance.get().fireEvent(new ExtensionProviderRegistration(AppFinder.findAppContextOrWeb(Thread.currentThread().getContextClassLoader(), AppFinder.AppContextTransformer.INSTANCE), providers));
if (!providers.isEmpty()) {
factory.setProviders(providers);
}
}
use of javax.validation.metadata.MethodDescriptor in project tomee by apache.
the class BValInterceptor method invoke.
@AroundInvoke
public Object invoke(final InvocationContext context) throws Exception {
Method method = context.getMethod();
Class<?> targetClass = getTargetClass(context);
final ClassValidationData validationData = new ClassValidationData(targetClass);
if (validationData.getJwtConstraints().size() > 0) {
final Class<?> constraintsClazz = new ClassValidationGenerator(validationData).generate().stream().filter(aClass -> aClass.getName().endsWith("ReturnConstraints")).findFirst().orElseThrow(MissingConstraintsException::new);
try {
final Method constraintsClazzMethod = constraintsClazz.getMethod(method.getName(), method.getParameterTypes());
targetClass = constraintsClazz;
method = constraintsClazzMethod;
} catch (NoSuchMethodException | SecurityException e) {
// this is ok. it means there are no return value constraints
return context.proceed();
}
}
if (!isExecutableValidated(targetClass, method, this::computeIsMethodValidated)) {
return context.proceed();
}
final MethodDescriptor constraintsForMethod = validator.getConstraintsForClass(targetClass).getConstraintsForMethod(method.getName(), method.getParameterTypes());
if (!DescriptorManager.isConstrained(constraintsForMethod)) {
return context.proceed();
}
initExecutableValidator();
if (constraintsForMethod.hasConstrainedParameters()) {
final Set<ConstraintViolation<Object>> violations = executableValidator.validateParameters(context.getTarget(), method, context.getParameters());
if (!violations.isEmpty()) {
throw new ConstraintViolationException(violations);
}
}
final Object result = context.proceed();
if (constraintsForMethod.hasConstrainedReturnValue()) {
final Set<ConstraintViolation<Object>> violations = executableValidator.validateReturnValue(context.getTarget(), method, result);
if (!violations.isEmpty()) {
throw new ConstraintViolationException(violations);
}
}
return result;
}
Aggregations