Class ValidationUtils

java.lang.Object
io.fluxzero.sdk.tracking.handling.validation.ValidationUtils
public class ValidationUtils extends Object
Utility class providing common validation and authorization routines for message payloads such as commands, queries, and web requests.

The ValidationUtils class supports two primary responsibilities:

  1. Object validation: Validates message payloads using the Validator configured on the current Fluxzero instance, falling back to defaultValidator, and optionally applying validation groups specified via ValidateWith annotations.
  2. Authorization enforcement: Performs role-based access checks based on annotations such as RequiresAnyRole, ForbidsAnyRole, and NoUserRequired declared on classes, methods, or packages.

Validation

Validation is typically executed automatically by the ValidatingInterceptor before invoking handler methods. Programmatic convenience methods such as assertValid(Object, Class[]) use the validator configured on the current Fluxzero instance when one is bound to the current execution. Outside a Fluxzero context, the default validator implementation is used. That default is loaded via ServiceLoader (e.g. DefaultValidator).

Methods like assertValid(Object, Class[]) and checkValidity(Object, Validator, Class[]) support recursive validation of collections and custom validation groups.

Authorization

The class also performs role-based security checks. Handler methods or message payloads can declare required roles, which are evaluated against the current User. If authorization fails, the utility throws either UnauthenticatedException or UnauthorizedException.

Examples

ValidationUtils.assertValid(payload); // Validate a single object
boolean isValid = ValidationUtils.isValid(payload, MyGroup.class); // Validate with a group

User user = ...;
ValidationUtils.assertAuthorized(MyCommand.class, user); // Authorization check
See Also:

  • Field Details

    • defaultValidator

      public static final Validator defaultValidator
      Returns the default Validator used for message validation.

      This is resolved via Java's ServiceLoader mechanism. If no custom Validator is found, a default Jakarta Validation implementation is used.

  • Constructor Details

    • ValidationUtils

      public ValidationUtils()

  • Method Details

    • checkValidity

      public static Optional<ValidationException> checkValidity(Object object, Class<?>... groups)
      Checks whether the provided object is valid, using the current Fluxzero Validator and validation groups.
      Parameters:
      object - the object to validate
      groups - optional validation groups
      Returns:
      an Optional containing a ValidationException if validation fails, or empty if valid

    • getConstraintViolations

      public static <T> Set<ConstraintViolation<T>> getConstraintViolations(T object, Class<?>... groups)
      Validates the object using the current Fluxzero validator and returns structured constraint violations with property paths.

      This method is intended for tests, diagnostics, and integrations that need structured validation output instead of the formatted messages stored in ValidationException.

      Type Parameters:
      T - object type
      Parameters:
      object - the object to validate
      groups - optional validation groups
      Returns:
      structured constraint violations

    • getConstraintViolations

      public static Set<ConstraintViolation<?>> getConstraintViolations(Collection<?> objects, Class<?>... groups)
      Validates each element in the collection using the current Fluxzero validator and returns structured constraint violations.
      Parameters:
      objects - the objects to validate
      groups - optional validation groups
      Returns:
      structured constraint violations for the collection elements

    • isValid

      public static boolean isValid(Object object, Class<?>... groups)
      Returns true if the given object is valid using the current Fluxzero Validator and validation groups.
      Parameters:
      object - the object to validate
      groups - optional validation groups
      Returns:
      true if valid, false otherwise

    • assertValid

      public static void assertValid(Object object, Class<?>... groups)
      Asserts that the given object is valid, using the current Fluxzero Validator.

      Throws a ValidationException if the object fails validation.

      Parameters:
      object - the object to validate
      groups - optional validation groups
      Throws:
      ValidationException - if validation fails

    • checkValidity

      public static Optional<ValidationException> checkValidity(Object object, Validator validator, Class<?>... groups)
      Checks whether the provided object is valid using the given Validator and validation groups.
      Parameters:
      object - the object to validate
      validator - the validator to use
      groups - optional validation groups
      Returns:
      an Optional containing a ValidationException if invalid, or empty if valid

    • getConstraintViolations

      public static <T> Set<ConstraintViolation<T>> getConstraintViolations(T object, Validator validator, Class<?>... groups)
      Validates the object using the provided validator and returns structured constraint violations with property paths.
      Type Parameters:
      T - object type
      Parameters:
      object - the object to validate
      validator - the validator to use
      groups - optional validation groups
      Returns:
      structured constraint violations
      Throws:
      UnsupportedOperationException - if the supplied validator does not expose raw violations

    • getConstraintViolations

      public static Set<ConstraintViolation<?>> getConstraintViolations(Collection<?> objects, Validator validator, Class<?>... groups)
      Validates each element in the collection using the provided validator and returns structured constraint violations.
      Parameters:
      objects - the objects to validate
      validator - the validator to use
      groups - optional validation groups
      Returns:
      structured constraint violations for the collection elements
      Throws:
      UnsupportedOperationException - if the supplied validator does not expose raw violations

    • isValid

      public static boolean isValid(Object object, Validator validator, Class<?>... groups)
      Returns true if the object is valid, using the given Validator and validation groups.
      Parameters:
      object - the object to validate
      validator - the validator to use
      groups - optional validation groups
      Returns:
      true if valid, false otherwise

    • assertValid

      public static void assertValid(Object object, Validator validator, Class<?>... groups)
      Asserts that the object is valid using the given Validator and validation groups.

      Throws a ValidationException if validation fails.

      Parameters:
      object - the object to validate
      validator - the validator to use
      groups - optional validation groups
      Throws:
      ValidationException - if validation fails

    • assertValidParameters

      public static void assertValidParameters(@Nullable Object target, Executable executable, Object[] arguments)
      Asserts that executable arguments satisfy Jakarta Validation constraints declared on method or constructor parameters.
      Parameters:
      target - the target object for method invocation (ignored for constructors and static methods)
      executable - the executable that will be invoked
      arguments - resolved argument values in declaration order

    • assertValidReturnValue

      public static void assertValidReturnValue(@Nullable Object target, Executable executable, @Nullable Object returnValue)
      Asserts that an executable return value satisfies constraints declared on the method or constructor return value.
      Parameters:
      target - the target object for method invocation (ignored for constructors and static methods)
      executable - the executable that produced the value
      returnValue - returned value

    • assertAuthorized

      public static boolean assertAuthorized(Class<?> payloadType, @Nullable User user) throws UnauthenticatedException, UnauthorizedException
      Verifies whether the given user is authorized to issue the given payload, based on roles declared via annotations on the payload's class or package.

      Returns true if the user is authorized.

      If the user is not authorized, either false is returned or an exception is thrown. Which happens depends on the detected annotation.

      Parameters:
      payloadType - the class of the payload
      user - the authenticated user (may be null)
      Returns:
      true if authorized, false if authorization should fail quietly
      Throws:
      UnauthenticatedException - if authentication is required but the user is null
      UnauthorizedException - if the user lacks required roles

    • ignoreSilently

      public static boolean ignoreSilently(Class<?> payloadType, @Nullable User user)
      Determines whether a particular operation on a payload type should be ignored without raising an exception.

      Note: If the user is not authorized and an error occurs during the authorization check, the error is caught silently, and the method invocation is allowed to proceed.

      Parameters:
      payloadType - the class of the payload to be evaluated
      user - the user whose authorization is being evaluated; may be null for unauthenticated access
      Returns:
      true if the operation should be ignored silently, false otherwise

    • assertAuthorized

      public static boolean assertAuthorized(Class<?> target, Executable method, @Nullable User user)
      Checks if the given user is authorized to invoke the given method on the given target.

      Returns true if the user is authorized.

      If the user is not authorized, either false is returned or an exception is thrown. Which happens depends on the detected annotation.

      Role requirements may be defined via annotations on the method, class, or package.

      Parameters:
      target - the class declaring the method
      method - the method to check
      user - the user to check
      Returns:
      true if authorized, false if authorization should fail quietly
      Throws:
      UnauthenticatedException - if authentication is required but the user is null
      UnauthorizedException - if the user lacks required roles

    • ignoreSilently

      public static boolean ignoreSilently(Class<?> target, Executable method, @Nullable User user)
      Determines whether a specific method invocation on a target class by a given user should be ignored without raising an exception, based on the user's authorization.

      Note: If the user is not authorized and an error occurs during the authorization check, the error is caught silently, and the method invocation is allowed to proceed.

      Parameters:
      target - the class declaring the method to be checked
      method - the executable method to be checked
      user - the user whose authorization is being evaluated
      Returns:
      true if the method invocation should be ignored without raising an exception, false otherwise

    • assertAuthorized

      protected static boolean assertAuthorized(String action, @Nullable User user, ValidationUtils.RequiredRole[] requiredRoles)

    • getRequiredRoles

      protected static ValidationUtils.RequiredRole[] getRequiredRoles(Collection<? extends Annotation> annotations)