Hi Malintha +1 for using bean validation.
I guess we can use the same validation to implement "Optimistic Concurrency Control" in our REST service and to validate Etag and return 302. Cheers Jo On Tue, Nov 3, 2015 at 1:27 PM, Malintha Amarasinghe <[email protected]> wrote: > Hi All, > > We are developing a REST API for API Manager for making it easy to use API > Management operations. We have already discussed security and other > implementation details in previous mails. This thread is to discuss about > its validation model. > > *Problem:* > > In traditional approach we need to write code per each method to do > validation. That opens doorway to few other problems: > > - Readability issues > - Methods can become longer due to validation related code. It > would not be easy to separate and understand validation related logic > and > actual implementation logic. > - Re-usability issues > - We might have to duplicate similar validations among different > methods. This can introduce bugs when adding new validations etc and it > is > difficult to change an existing validation. > > *Suggested Solution:* > > We are planing to use Hibernate Bean validation [1] released under Apache > Licence version 2, which is one of the implementations of Bean Validation > 1.1 specification[2]. There we are allowed to validate parameters of > methods and objects using annotations. We can use that to validate REST API > calls when they are mapped to Java methods and objects by CXF. > > For example; we will not allow a user to POST an API without API name, > version and context. Here we put *@NotNull* annotation before each name, > version and context parameters of the API DTO. Please see the code [3]. > There are other in-built validators such as *@Size, @Min/Max, @Pattern* which > we can easily use. > > It is also possible to write our own logic and define custom validator > annotations. [4,5] is one we have already implemented to validate apiId > parameter. It checks whether it matched to either a UUID or to > {provider}-{name}-{version} template. > > Validation annotations are processed once authentication and authorization > layers' processing is completed using a CXF Interceptor. If it detects any > violations, it will collect all the violations in the request done by the > client and sent back as a list of errors as the response payload. > > *Advantages:* > > - Once we have implemented a validator, we can easily reuse it in > other resources and methods using annotations. Even they can be used in > other products' APIs, if we could manage those validations in a central > place. > - Code becomes clean as we do validation in a separate layer of > processing. Actual implementation methods does not need to contain any > validation code. > - Once we have defined a set of validations using annotations, they > can be easily injected to code by code generation. We will be adding > annotations from the code generator [6] based on the swagger schema of the > API. > > > Please feel free to give your feedback on this. > > Thank you. > Malintha > > [1] http://hibernate.org/validator/ > [2] http://beanvalidation.org/1.1/ > [3] > https://github.com/wso2/carbon-apimgt/blob/release-1.10.x/components/apimgt/org.wso2.carbon.apimgt.rest.api.publisher/src/gen/java/org/wso2/carbon/apimgt/rest/api/publisher/dto/APIDTO.java > [4] > *https://github.com/wso2/carbon-apimgt/blob/release-1.10.x/components/apimgt/org.wso2.carbon.apimgt.rest.api.util/src/main/java/org/wso2/carbon/apimgt/rest/api/util/validation/ApiIdValidator.java > <https://github.com/wso2/carbon-apimgt/blob/release-1.10.x/components/apimgt/org.wso2.carbon.apimgt.rest.api.util/src/main/java/org/wso2/carbon/apimgt/rest/api/util/validation/ApiIdValidator.java>* > [5] > https://github.com/wso2/carbon-apimgt/blob/release-1.10.x/components/apimgt/org.wso2.carbon.apimgt.rest.api.util/src/main/java/org/wso2/carbon/apimgt/rest/api/util/validation/constraints/ValidateApiId.java > [6] https://github.com/hevayo/swagger2cxf-maven-plugin > > -- > Malintha Amarasinghe > Software Engineer > *WSO2, Inc. - lean | enterprise | middleware* > http://wso2.com/ > > Mobile : +94 712383306 > -- -- *Joseph Fonseka* WSO2 Inc.; http://wso2.com lean.enterprise.middleware mobile: +94 772 512 430 skype: jpfonseka * <http://lk.linkedin.com/in/rumeshbandara>*
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
