Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

Method Constraints declared on interfaces are not being validated unless implementation contains validation annotations

Description

According to JSR-380, bean validation constraints should be applied to interfaces and not to the implementation:

In sub types (be it sub classes/interfaces or interface implementations), *no parameter constraints may be declared on overridden or implemented methods*, nor may parameters be marked for cascaded validation.

However, when using a simple example, the bean validation does not get executed:

 

public interface GreetingService {    String greet(@NotEmpty @Size(max = 10) String who); } public class GreetingServiceImpl implements GreetingService {    @Override    public String greet(String who) {       return String.format("Hello %s!", who);    } } //... @Inject private GreetingService service; this.service.greet("thisisaverylongstring");

 

Only when adding another method to the GreetingServiceImpl class which has bean validation annotations, the valdiation works as expected:

public void foo(@NotNull String bar) { }

Possibly security related if users rely on bean validation to work in order to prevent invalid input.

Steps to reproduce:

  1. Build the maven project in the attachment

  2. Deploy to Java EE Server running Hibernate Validator

  3. Navigate to URL [...]/greet/thisisaverylongstring

  4. Expected: Error message about constraint violation

  5. Actual: No error message - bean validation does not get executed

Workaround:

Uncomment the "foo" method in GreetingServiceImpl.java and everything works as expected.

Reproduced in WildFly 24.0.0.Final

Environment

None

Attachments

1
  • 26 Jul 2021, 11:02 AM

Activity

Matthias WelzJuly 29, 2021 at 9:51 AM

Thank you for your reply!

Maybe the hibernate-validator-annotation-processor could warn about this situation if a solution is not possible.

Guillaume SmetJuly 29, 2021 at 8:51 AM

I confirm that your interpretation of the specification is correct and this is an unfortunate limitation of Hibernate Validator’s CDI extension.

We tried to fix it here as part of https://hibernate.atlassian.net/browse/HV-1609 but we had to revert it, given it introduced an unacceptable slowdown of the application server startup.

A good explanation of why we reverted it is here: https://github.com/hibernate/hibernate-validator/pull/953#issuecomment-410776957 .

I’ll check with our CDI experts if we can find a solution to this issue.

Details

Assignee

Reporter

Bug Testcase Reminder (view)

Bug reports should generally be accompanied by a test case!

Bug Testcase Reminder (edit)

Bug reports should generally be accompanied by a test case!

Participants

Guillaume Smet
Matthias Welz

Priority

Created July 26, 2021 at 11:02 AM
Updated December 12, 2024 at 11:29 AM

Flag notifications