最早的校验,就是服务端校验。早期的网站,用户输入一个邮箱地址,校验邮箱地址需要将地址发送到服务端,服务端进行校验,校验成功后,给前端一个响应。有了JavaScript,校验工作可以放在前端去执行。那么为什么还需要服务端校验呢? 因为前端传来的数据不可信。前端很容易获取都后端的数据接口,如果有人绕过页面,就会出现非法数据,所以服务端也要数据校验,总的来说:
1.前端校验要做,目的是为了提高用户体验
2.后端校验也要做,目的是为了数据安全
一、普通校验
pringmvc本身没有校验功能,它使用hibernate的校验框架,此hibernate的校验框架和orm没有关系。
一个动态web项目的小demo:
需要导入相关jar包:
1、Web.xml:
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://xmlns.jcp.org/xml/ns/javaee" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd" id="WebApp_ID" version="3.1">
<display-name>SpringValidator</display-name>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
<welcome-file>index.htm</welcome-file>
<welcome-file>index.jsp</welcome-file>
<welcome-file>default.html</welcome-file>
<welcome-file>default.htm</welcome-file>
<welcome-file>default.jsp</welcome-file>
</welcome-file-list>
<!-- 配置SpringMVC的前端控制器 -->
<servlet>
<servlet-name>spring-mvc</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<!-- 与xml配置文件类路径一致 -->
<param-value>classpath:springmvc.xml</param-value>
</init-param>
</servlet>
<!--SpringMVC的前端控制器的映射 -->
<servlet-mapping>
<servlet-name>spring-mvc</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<!-- spring框架提供的字符集过滤器 -->
<!-- spring Web MVC框架提供了org.springframework.web.filter.CharacterEncodingFilter用于解决POST方式造成的中文乱码问题 -->
<filter>
<filter-name>encoding</filter-name>
<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
<!-- 设置字符编码 -->
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
<!-- 开启编码设置,使上面的字符编码在请求和响应时生效 -->
<init-param>
<param-name>forceRequestEncoding</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>forceResponseEncoding</param-name>
<param-value>true</param-value>
</init-param>
<!--
初始化参数forceEncoding相当于一起配置了forceRequestEncoding和forceResponseEncoding
<init-param>
<param-name>forceEncoding</param-name>
<param-value>true</param-value>
</init-param>
-->
</filter>
<!-- spring框架提供的字符集过滤器映射 -->
<filter-mapping>
<filter-name>encoding</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- 配置静态资源过滤
<servlet-mapping>
<servlet-name>default</servlet-name>
<url-pattern>*.jpg</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>default</servlet-name>
<url-pattern>*.js</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>default</servlet-name>
<url-pattern>*.css</url-pattern>
</servlet-mapping>
-->
</web-app>2、Springmvc.xml:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:aop="http://www.springframework.org/schema/aop"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xsi:schemaLocation="http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-4.3.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.3.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.3.xsd
http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-4.3.xsd">
<!-- 开启注解扫描 -->
<context:component-scan base-package="com.zsl.controller" />
<!-- 开启mvc注解 -->
<mvc:annotation-driven validator="validator"/>
<!-- 配置视图解析器 -->
<bean
class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="prefix" value="/jsp/" />
<property name="suffix" value=".jsp" />
</bean>
<!-- 引入外部资源文件 -->
<bean id="validatemessageSource"
class="org.springframework.context.support.ReloadableResourceBundleMessageSource">
<property name="basename" value="classpath:validateMessage" />
<property name="fileEncodings" value="utf-8" />
<property name="cacheSeconds" value="120" />
</bean>
<!--添加对JSR-303验证框架的支持 -->
<bean id="validator"
class="org.springframework.validation.beanvalidation.LocalValidatorFactoryBean">
<property name="providerClass"
value="org.hibernate.validator.HibernateValidator" />
<!--不设置则默认为classpath下的 ValidationMessages.properties -->
<property name="validationMessageSource"
ref="validatemessageSource" />
</bean>
<!-- 防止资源文件被spring MVC拦截 -->
<mvc:resources mapping="/images/**" location="/images/"
cache-period="31556926" />
<mvc:resources mapping="/js/**" location="/js/"
cache-period="31556926" />
<mvc:resources mapping="/css/**" location="/css/"
cache-period="31556926" />
</beans>
3、Pojo类User:
package com.zsl.pojo;
import javax.validation.constraints.Max;
import javax.validation.constraints.Min;
import javax.validation.constraints.Size;
import org.hibernate.validator.constraints.NotBlank;
public class User {
//校验规则
@NotBlank(message= "{user.name.empty}")
@Size(max=6,min=3,message="{user.name.size}")
private String name;
@NotBlank(message="{user.password.empty}")
@Size(max=6,min=3,message="{user.password.size}")
private String passWord;
@Max(value=100,message="{user.age.max}")
@Min(value=1,message="{user.age.min}")
private Integer age;
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
public String getPassWord() {
return passWord;
}
public void setPassWord(String passWord) {
this.passWord = passWord;
}
public Integer getAge() {
return age;
}
public void setAge(Integer age) {
this.age = age;
}
public User() {
super();
// TODO Auto-generated constructor stub
}
public User(String name, String passWord, Integer age) {
super();
this.name = name;
this.passWord = passWord;
this.age = age;
}
@Override
public String toString() {
return "User [name=" + name + ", passWord=" + passWord + ", age=" + age + "]";
}
}4、validateMessage.properties:
user.name.empty=账号不能为空
user.name.size=账号长度为3-6位
user.password.empty=密码不能为空
user.password.size=密码长度为3-6位
user.age.max=年龄不能超过100
user.age.min=年龄不能低于15、MyController:
package com.zsl.controller;
import java.util.List;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.validation.BindingResult;
import org.springframework.validation.ObjectError;
import org.springframework.validation.annotation.Validated;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import com.zsl.pojo.User;
@Controller
public class MyController {
/**
* @Validated book 表示book接收的数据需要根据指定的规则进行校验 BindingResult 封装验证结果,必须紧跟在验证变量之后,
* 如果有多个信息需要验证那么就有多个BindingResult参数
*
*/
@PostMapping("/testA")
public String test(@Validated User user, BindingResult br, Model model) {
// TODO Auto-generated method stub
System.out.println("user:" + user);
// 获取验证信息
List<ObjectError> allErrors = br.getAllErrors();
if (allErrors != null && allErrors.size() > 0) {
for (ObjectError objectError : allErrors) {
System.out.println("error:" + objectError);
}
// 将验证信息保存到作用域中
model.addAttribute("errors", allErrors);
}
return "user";
}
}User.jsp:
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Insert title here</title>
</head>
<body>
<h1>用户管理:</h1>
<c:if test="${errors ne null }">
<c:forEach items="${errors }" var="e">
${e.defaultMessage }<br>
</c:forEach>
</c:if>
<form action="/SpringValidator/testA" method="post" >
账号:<input type="text" name="name"><br>
密码:<input type="text" name="passWord"><br>
年龄:<input type="number" name="age"><br>
<input type='submit' value="提交">
</form>
</body>
</html>校验规则:
注解 说明
@Null 被注解的元素必须为 null
@NotNull 被注解的元素必须不为 null
@AssertTrue 被注解的元素必须为 true
@AssertFalse 被注解的元素必须为 false
@Min(value) 被注解的元素必须是一个数字,其值必须大于等于指定的最小值
@Max(value) 被注解的元素必须是一个数字,其值必须小于等于指定的最大值
@DecimalMin(value) 被注解的元素必须是一个数字,其值必须大于等于指定的最小值
@DecimalMax(value) 被注解的元素必须是一个数字,其值必须小于等于指定的最大值
@Size(max=, min=) 被注解的元素的大小必须在指定的范围内
@Digits (integer, fraction) 被注解的元素必须是一个数字,其值必须在可接受的范围内
@Past 被注解的元素必须是一个过去的日期
@Future 被注解的元素必须是一个将来的日期
@Pattern(regex=,flag=) 被注解的元素必须符合指定的正则表达式
@NotBlank(message =) 验证字符串非null,且长度必须大于0
@Email 被注解的元素必须是电子邮箱地址
@Length(min=,max=) 被注解的字符串的大小必须在指定的范围内
@NotEmpty 被注解的字符串的必须非空
@Range(min=,max=,message=) 被注解的元素必须在合适的范围内二、分组校验
为什么需要分组校验?
因为一个对象有多个属性,而不同的controller校验的需求是不一样的,必须c1只需要校验对象的账号是否为空就可以了,而c2不光要校验账号为空还需要校验手机号必须不能为空,这时分组校验就能解决这个问题了。
1、定义两个标志接口(标志接口里面没有定义任何方法)
package com.zsl.group;
/**
* 标志接口
* @author Administrator
*
*/
public interface IUserGroup {
}
package com.zsl.group;
/**
* 标志接口
* @author Administrator
*
*/
public interface IUserGroup2 {
}
Web.xml和上面的普通校验相似:
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://xmlns.jcp.org/xml/ns/javaee" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd" id="WebApp_ID" version="3.1">
<display-name>SpringValidator</display-name>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
<welcome-file>index.htm</welcome-file>
<welcome-file>index.jsp</welcome-file>
<welcome-file>default.html</welcome-file>
<welcome-file>default.htm</welcome-file>
<welcome-file>default.jsp</welcome-file>
</welcome-file-list>
<!-- 配置SpringMVC的前端控制器 -->
<servlet>
<servlet-name>spring-mvc</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:springmvc.xml</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>spring-mvc</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<!-- spring框架提供的字符集过滤器 -->
<!-- spring Web MVC框架提供了org.springframework.web.filter.CharacterEncodingFilter用于解决POST方式造成的中文乱码问题 -->
<filter>
<filter-name>encoding</filter-name>
<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
<init-param>
<param-name>forceRequestEncoding</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>forceResponseEncoding</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>encoding</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>Springmvc.xml与上面的普通校验的springmvc.xml相似:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:aop="http://www.springframework.org/schema/aop"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xsi:schemaLocation="http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-4.3.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.3.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.3.xsd
http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-4.3.xsd">
<context:component-scan base-package="com.zsl.controller"/>
<mvc:annotation-driven validator="validator"/>
<bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="prefix" value="/jsp/"/>
<property name="suffix" value=".jsp"/>
</bean>
<bean class="org.springframework.context.support.ReloadableResourceBundleMessageSource" id="validatemessageSource">
<property name="basename" value="classpath:validateMessage"/>
<property name="fileEncodings" value="utf-8"/>
<property name="cacheSeconds" value="120"/>
</bean>
<!--添加对JSR-303验证框架的支持 -->
<bean id="validator"
class="org.springframework.validation.beanvalidation.LocalValidatorFactoryBean">
<property name="providerClass"
value="org.hibernate.validator.HibernateValidator" />
<!--不设置则默认为classpath下的 ValidationMessages.properties -->
<property name="validationMessageSource"
ref="validatemessageSource" />
</bean>
<!-- 防止资源文件被spring MVC拦截 -->
<mvc:resources mapping="/images/**" location="/images/"
cache-period="31556926" />
<mvc:resources mapping="/js/**" location="/js/"
cache-period="31556926" />
<mvc:resources mapping="/css/**" location="/css/"
cache-period="31556926" />
</beans>validateMessage.properties:
user.name.empty=账号不能为空
user.name.size=账号长度为3-6位
user.password.empty=密码不能为空
user.password.size=密码长度为3-6位
user.age.max=年龄不能超过100
user.age.min=年龄不能低于1Pojo类:User:
package com.zsl.pojo;
import javax.validation.constraints.Max;
import javax.validation.constraints.Min;
import javax.validation.constraints.Size;
import org.hibernate.validator.constraints.NotBlank;
import com.zsl.group.IUserGroup;
import com.zsl.group.IUserGroup2;
public class User {
@NotBlank(message= "{user.name.empty}",groups= {IUserGroup.class})
@Size(max=6,min=3,message="{user.name.size}",groups= {IUserGroup2.class})
private String name;
@NotBlank(message="{user.password.empty}",groups= {IUserGroup.class})
@Size(max=6,min=3,message="{user.password.size}",groups= {IUserGroup2.class})
private String passWord;
@Max(value=100,message="{user.age.max}",groups= {IUserGroup.class,IUserGroup2.class})
@Min(value=1,message="{user.age.min}",groups= {IUserGroup.class,IUserGroup2.class})
private Integer age;
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
public String getPassWord() {
return passWord;
}
public void setPassWord(String passWord) {
this.passWord = passWord;
}
public Integer getAge() {
return age;
}
public void setAge(Integer age) {
this.age = age;
}
public User() {
super();
// TODO Auto-generated constructor stub
}
public User(String name, String passWord, Integer age) {
super();
this.name = name;
this.passWord = passWord;
this.age = age;
}
@Override
public String toString() {
return "User [name=" + name + ", passWord=" + passWord + ", age=" + age + "]";
}
}分组进行校验
MyController:
package com.zsl.controller;
import java.util.List;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.validation.BindingResult;
import org.springframework.validation.ObjectError;
import org.springframework.validation.annotation.Validated;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import com.zsl.group.IUserGroup;
import com.zsl.group.IUserGroup2;
import com.zsl.pojo.User;
@Controller
public class MyController {
/**
* @Validated book 表示book接收的数据需要根据指定的规则进行校验 BindingResult 封装验证结果,必须紧跟在验证变量之后,
* 如果有多个信息需要验证那么就有多个BindingResult参数
*
* testA校验IUserGroup组的
*/
@PostMapping("/testA")
public String test(@Validated(value=IUserGroup.class) User user, BindingResult br, Model model) {
// TODO Auto-generated method stub
System.out.println("user:" + user);
// 获取验证信息
List<ObjectError> allErrors = br.getAllErrors();
if (allErrors != null && allErrors.size() > 0) {
for (ObjectError objectError : allErrors) {
System.out.println("error:" + objectError);
}
// 将验证信息保存到作用域中
model.addAttribute("errors", allErrors);
}
return "user";
}
/**
* @Validated book 表示book接收的数据需要根据指定的规则进行校验 BindingResult 封装验证结果,必须紧跟在验证变量之后,
* 如果有多个信息需要验证那么就有多个BindingResult参数
*
* testB校验IUserGroup2组的
*/
@PostMapping("/testB")
public String testB(@Validated(value=IUserGroup2.class) User user, BindingResult br, Model model) {
// TODO Auto-generated method stub
System.out.println("user:" + user);
// 获取验证信息
List<ObjectError> allErrors = br.getAllErrors();
if (allErrors != null && allErrors.size() > 0) {
for (ObjectError objectError : allErrors) {
System.out.println("error:" + objectError);
}
// 将验证信息保存到作用域中
model.addAttribute("errors", allErrors);
}
return "user";
}
}原文:https://www.cnblogs.com/zhangsonglin/p/11144116.html