Validating input datatype

Question

I am using below DTO class with respective annotations and are working fine also. But when I send a integer value for name/reqID(which is a String datatype) fields, still it is executing without any error/exception. How to avoid it or validate the datatype of incoming fields.

public class RequestDTO {

    @NotEmpty(message = "Please provide reqID")
    private String reqID;

    @NotEmpty(message = "Please provide name")
    private String name;

    private Map <String, String> unknownProperties;

    public AccountDTO(){
        this.unknownProperties = new HashMap<String, String>();
    }

    public AccountDTO(String reqID, String name){
        this.reqID= reqID;
        this.name = name;
        this.unknownProperties = new HashMap<String, String>();
    }

    @JsonAnySetter
    public void add(String key, String value) {
        this.unknownProperties.put(key, value);
    }

    @JsonAnyGetter
    public Map <String, String> getUnknownProperties() {
        return unknownProperties;
    }
    //getters and setters
}

working for { "reqID" : 56, "name" : 674 }. Have to check the datatype/reject the request. Any help would be appreciable.

score 1 · Answer 1 · edited May 18 '20 at 13:26

You can disable MapperFeature ALLOW_COERCION_OF_SCALARS which is enabled by default.

Then conversions from JSON String are not allowed.

Doc Details here

public static final MapperFeature ALLOW_COERCION_OF_SCALARS

When feature is disabled, only strictly compatible input may be bound: numbers for numbers, boolean values for booleans. When feature is enabled, conversions from JSON String are allowed, as long as textual value matches (for example, String "true" is allowed as equivalent of JSON boolean token true; or String "1.0" for double).

Or create a custom json deserializer for string overriding default serializer JsonDeserializer<String>.

score 1 · Answer 2 · answered May 15 '20 at 11:48

1

If you're using Spring boot, by default it uses Jackson to parse JSON. There's no configuration option within Jackson to disable this feature

Here you will find interesting approaches to solving this problem:

Disable conversion of scalars to strings when deserializing with Jackson

answered May 15 '20 at 11:48

n2ad

323
2
8

I found above mentioned link useful in my case – Balaji211 May 18 '20 at 11:17

score 0 · Answer 3 · answered May 15 '20 at 11:42

You could validate the input you are getting. But this is not specific to your DTO so if you have some sort of Utilities class with static methods (think about having one if you don't) it's better if you add it there and grab it for any DTO that might need this validation.

The validation method would look something like this:

public static boolean isNumber(String in) {
    try{
        Integer.parseInt(in);
        // log something useful here      
        return true;
    } catch(NumberFormatException e) { 
        return false;
    }
}

You could then use this method throw your own exception. Then handle that the way you'd need:

if (Utilities.isNumber(reqID)){
    throw new IllegalArgumentException("Meaningful Exception Message here"); 
}

I hope it helps! :)

score 0 · Answer 4 · answered May 15 '20 at 12:02

0

Spring boot allows regular expression checking using @Patter annotation. So just add the following

@Pattern(regexp="[a-zA-Z]")
@NotEmpty(message = "Please provide name")
private String name;

answered May 15 '20 at 12:02

mahfuj asif

1,691
1
11
32

Validating input datatype

4 Answers4