Logo
Tutorials Articles Code Playground Tools
Sign In Get Started
Module: Data Binding & Validation

Validation Annotations

This section dives into using validation annotations in Spring Boot to ensure the data your application receives is correct and consistent. We'll cover common annotations and how to apply them to your models.

What is Data Validation?

Data validation is the process of ensuring that user input or data received from external sources conforms to specific rules and constraints. This is crucial for:

  • Data Integrity: Preventing incorrect or inconsistent data from being stored.
  • Security: Protecting against malicious input (e.g., SQL injection).
  • User Experience: Providing helpful feedback to users when they enter invalid data.

Leveraging JSR-303 (Bean Validation)

Spring Boot integrates seamlessly with the JSR-303 (now JSR-380) Bean Validation API. This API provides a standard set of annotations for defining validation rules. You'll need to include a validation provider implementation in your pom.xml (or build.gradle). A common choice is Hibernate Validator:

<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-validation</artifactId>
</dependency>

Common Validation Annotations

Here's a breakdown of frequently used validation annotations:

  • @NotNull: The annotated element must not be null.
  • @NotEmpty: The annotated element must not be empty (string, collection, array). Note: This is not a standard JSR-303 annotation; it's provided by Hibernate Validator. Use @NotBlank for strings.
  • @NotBlank: The annotated element must not be null or empty, and must contain at least one non-whitespace character. Specifically for Strings.
  • @Size(min, max): The length of the annotated element must be within the specified range. Applicable to strings, collections, and arrays.
  • @Min(value): The annotated element must be greater than or equal to the specified value. Applicable to numeric types.
  • @Max(value): The annotated element must be less than or equal to the specified value. Applicable to numeric types.
  • @Email: The annotated element must be a valid email address.
  • @Pattern(regexp): The annotated element must match the specified regular expression.
  • @Positive: The annotated element must be a positive number.
  • @Negative: The annotated element must be a negative number.
  • @DecimalMin(value): The annotated element must be greater than or equal to the specified value (decimal numbers).
  • @DecimalMax(value): The annotated element must be less than or equal to the specified value (decimal numbers).
  • @Digits(integer, fractional): Validates the number of integer and fractional digits.
  • @Valid: Used to recursively validate nested objects. This is important when you have complex data structures.

Example: Validating a User Object

Let's create a simple User class and apply some validation annotations:

import javax.validation.constraints.*;

public class User {

    @NotNull(message = "Name cannot be null")
    @Size(min = 2, max = 50, message = "Name must be between 2 and 50 characters")
    private String name;

    @NotNull(message = "Email cannot be null")
    @Email(message = "Invalid email format")
    private String email;

    @NotNull(message = "Age cannot be null")
    @Min(value = 18, message = "Age must be at least 18")
    @Max(value = 120, message = "Age cannot exceed 120")
    private Integer age;

    // Getters and setters (omitted for brevity)

    public String getName() {
        return name;
    }

    public void setName(String name) {
        this.name = name;
    }

    public String getEmail() {
        return email;
    }

    public void setEmail(String email) {
        this.email = email;
    }

    public Integer getAge() {
        return age;
    }

    public void setAge(Integer age) {
        this.age = age;
    }
}

Explanation:

  • @NotNull: Ensures name, email, and age are not null.
  • @Size: Validates the length of the name string.
  • @Email: Validates the format of the email string.
  • @Min and @Max: Validates the age is within a reasonable range.
  • message attribute: Provides a custom error message that will be returned if the validation fails. This is highly recommended for user-friendly error reporting.

Using Validation in a Controller

Now, let's see how to use these annotations in a Spring Boot controller:

import org.springframework.http.ResponseEntity;
import org.springframework.validation.annotation.Validated;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RestController;

import javax.validation.Valid;

@RestController
public class UserController {

    @PostMapping("/users")
    public ResponseEntity<?> createUser(@Valid @RequestBody User user) {
        // If validation fails, Spring will automatically return a 400 Bad Request
        // with details about the validation errors.

        // If validation passes, proceed with creating the user
        System.out.println("User created: " + user.getName());
        return ResponseEntity.ok("User created successfully!");
    }
}

Explanation:

  • @Valid: This annotation is crucial. It tells Spring to trigger the validation process before the controller method is executed. It works in conjunction with @RequestBody to validate the incoming request body.
  • @RequestBody User user: Binds the request body to the User object.
  • @Validated: While @Valid is sufficient for simple cases, @Validated can be used on the controller class itself to enable validation for all methods that use @Valid or @RequestBody. It's often preferred for consistency.
  • Error Handling: If the validation fails, Spring automatically returns a 400 Bad Request response. The response body will contain details about the validation errors in a format determined by your configuration (typically JSON).

Testing Validation

You can test your validation rules using tools like curl, Postman, or a similar HTTP client. Send a request to /users with invalid data (e.g., an empty name, an invalid email, or an age less than 18). You should receive a 400 Bad Request response with error messages corresponding to the annotations you defined.

Example (using curl):

curl -X POST -H "Content-Type: application/json" -d '{"name": "", "email": "invalid-email", "age": 15}' http://localhost:8080/users

The response will likely be a JSON object containing the validation errors:

{
  "fieldErrors": [
    {
      "field": "name",
      "message": "Name cannot be null"
    },
    {
      "field": "email",
      "message": "Invalid email format"
    },
    {
      "field": "age",
      "message": "Age must be at least 18"
    }
  ]
}

Custom Validation

You can create your own custom validation annotations and validators for more complex validation logic. This is beyond the scope of this beginner tutorial, but it's a powerful feature of the Bean Validation API.

Conclusion

Validation annotations are a powerful and convenient way to ensure the quality and integrity of the data your Spring Boot application handles. By leveraging the JSR-303 Bean Validation API, you can easily define and enforce validation rules, leading to more robust and reliable applications. Remember to always provide meaningful error messages to improve the user experience.