我有一个项目,带有一些自定义 ConstraintValidator。我想构建自定义消息。我这样做了,一切都很好。然后我们遇到需要有“api”模块,这意味着,您必须拆分 bean 验证注释和 ConstraintValidator,必须使用
@Constraint(validatedBy = {})日志现在包含有点神秘的消息:
Expression variables have been defined for constraint interface whatever.SomeValidation while Expression Language is not enabled.
所有这些,虽然我在文学上使用与这里提到的相同的代码: https://docs.jboss.org/hibernate/stable/validator/reference/en-US/html_single/#_custom_contexts 禁用DefaultConstraintViolation 并注册自定义一个。
有什么想法会导致这种情况吗?
这是由于 Hibernate Validator 中的安全更新所致。有关更多详细信息,请参阅 https://docs.jboss.org/hibernate/stable/validator/reference/en-US/html_single/#el-features,但简而言之,围绕 Hibernate Validator 6.x(已进入Spring Boot 2.6.x 版本)在自定义验证器中默认使用模板变量和 bean 属性和方法被认为存在安全风险,并且默认情况下被禁用。您需要通过
META-INF/validation.xmlsrc/main/resources/META-INF/validation.xml<validation-config
xmlns="http://jboss.org/xml/ns/javax/validation/configuration"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://jboss.org/xml/ns/javax/validation/configuration" version="1.1">
<property name="hibernate.validator.custom_violation_expression_language_feature_level">variables</property>
</validation-config>
,或者,通过配置
ValidatorFactoryValidatorFactory validatorFactory =
Validation.byProvider( HibernateValidator.class )
.configure()
.customViolationExpressionLanguageFeatureLevel(ExpressionLanguageFeatureLevel.BEAN_METHODS)
.buildValidatorFactory();
或
Configuration<?> config = Validation.byDefaultProvider().configure();
((ConfigurationImpl)config).constraintExpressionLanguageFeatureLevel(
ExpressionLanguageFeatureLevel.BEAN_METHODS);
ValidatorFactory factory = config.buildValidatorFactory();
一般来说,这些级别是使用以下属性定义的:
hibernate.validator.constraint_expression_language_feature_level
hibernate.validator.custom_violation_expression_language_feature_level
这些属性可接受的值为:
nonevariablesbean-propertiesbean-methods