Hi devs,
I just stumbled upon the REST DSL validation part:
https://camel.apache.org/manual/rest-dsl.html#_client_request_validation
1) In case I use the "camel-restdsl-openapi-plugin" (Maven plugin) to
generate REST DSL routes from an openapi specification, e.g.:
...
testParam:
name: testparam
in: query
required: true
schema:
type: integer
format: int32
enum: [0, 1, 2, 3, 4]
...
it will generate the following Camel Route parameter for that:
.param()
.name("testparam")
.type(RestParamType.query)
.dataType("integer")
.allowableValues("0,1,2,3,4")
.required(true)
.endParam()
If I now enable the validation via
"restConfiguration().component("jetty").clientRequestValidation(true);"
I can still pass non-allowed values to the REST endpoint, e.g.
localhost:8080/rest?testparam=6 and will get an HTTP 200.
The documentation so far is only mentioning the "required" property (and
this one is working) but as the ".allowableValues("0,1,2,3,4")" property
obviously seems to already have been implemented I'm wondering why it is
not validated then.
My request is to add validation for this already existing option.
It seems similar to the request years ago which has been answers by Claus:
https://stackoverflow.com/a/50496017/5446400 and he points to the used HTTP
component which should be responsible to actually fulfill the desired
validation option defined in the route.
I am currently using platform-http but also tried Jetty - it makes no
difference.
2) Also can we maybe add support for the JSON property "allowEmptyValue"?
3) One last question which could also fit the user mailing list but as we
are in the right context right now:
Do you know any alternatives for validation of request parameters?
Of course I could put them also into a json, send them to the REST endpoint
and use a lot of validation annotations on its java data model (provided by
libs as Jackson etc.) but we are using a HTTP GET endpoint and the RFC 7231
standards do not allow GET requests with json bodies.
So it seems as Camel doesn't provide full validation possibilities we have
to manually check the incoming HTTP request parameter for validity?
I am grateful for any tips!
Kind regards
Jacob
