Validate request headers with Spring validation framework
Asked Answered
M

2

6

Is it possible to use the Spring validation framework with Spring MVC to validate the presence and value of an HTTP request header?

Messuage answered 19/10, 2009 at 17:48 Comment(0)
D
11

To check the presence of a request header, you don't need the validation framework. Request header parameters are mandatory by default, and if a mandatory header is missing in a request, Spring MVC automatically responds with 400 Bad Request.

So the following code automatically checks the presence of the header "Header-Name"...

@PostMapping("/action")
public ResponseEntity<String> doAction(@RequestHeader("Header-Name") String headerValue) {
    // ...
}

... and if the header shall be optional, the annotation would need to be replaced by:

@RequestHeader(name = "Header-Name", required = false)

To check the value of a request header, the Spring validation framework can be used. To do this, you need to

  1. Add @Validated to the controller class. This is a workaround needed until this feature is implemented.
  2. Add the JSR-303 annotation to the request header parameter, e.g.

    @RequestHeader("Header-Name") @Pattern(regexp = "[A-Za-z]*") String headerValue
    

Note however that this will result in a 500 in case of an invalid header value. Check this question for how to also get the correct status code (i.e. 400) for this case.

Dehiscence answered 27/2, 2019 at 9:31 Comment(3)
When header missed message likes Missing request header 'Header-Name' for method parameter of type String, but when violated doAction.headerValue: must match "[A-Za-z]*", so writes variable name not header name. Is it possible show header name?Woodland
Maybe just name the variable so that it matches the header name?Dehiscence
The @Validated workaround will finally no longer be needed as of 6.1 which is in prerelease now, to be officially available beginning November 15.Luciusluck
C
3

I don't see how this would be possible, since the validation framework only operates on your domain objects, not on the HTTP request itself. Specifically, the Validator interface doesn't specify any methods that take the HttpServletRequest object, which is what you'd need to have access to in order to grab the headers and test them.

Using the validation framework feels like the wrong solution to whatever problem you're trying to solve, especially since it's hard to know how there'd be a unique HTTP request header for a given form submission. Are you looking to test for an HTTP header that should always be present in requests to your app? Then you might want to consider implementing a HandlerInterceptor, which will intercept and process all requests to pages that you've mapped in any HanderMappings. Are you looking to test for an HTTP header that should always be present in any page view of your app? Then you'd want to implement a Filter, which operates outside of the context of Spring MVC.

Cambric answered 19/11, 2009 at 18:11 Comment(1)
we have a custom http client that submits an http header to identify itself. i think that handler interceptor is the way to go. thanks!Messuage

© 2022 - 2024 — McMap. All rights reserved.