Its a combination of things for me. I use thrift for the transport but I don't really let the objects penetrate past the thrift service. The data is either copied into an internal class or used to call an internal function directly. In some cases the thrift object is just wrapped in another object. Its at those points some validation happens.
Another place I do more general validation is using a an Aspect class to put around advice around the thrift service functions. Then I can validate the request's security credentials and stuff like that at a single point. -Matt ________________________________________ From: Ryan Lepidi <[email protected]> Sent: Tuesday, April 07, 2015 9:54 PM To: [email protected] Subject: How do you handle request validation? What is everyone using for validating incoming requests? Hibernate Validator's annotations would be nice but there doesn't seem to be a way to extend the generated classes, annotate them, and force thrift to instantiate those instead is there? There's also programmatic constraint declaration, but I dislike that I have to name fields by string. Then there's things like Guava's Preconditions, but that seems a bit too low level. Lastly there's things like assertj or hamcrest, but these are made with testing in mind and tend to allocate at least one object per assertion, which isn't ideal. What approaches have you had success with?
