jakartaee / validation-spec Goto Github PK

See jakartaee/validation#183

Iterating at #270

At the moment, when using @Valid annotation, there is no way to specify which groups must be validated. Inspired by the Springs @Validated annotation, my suggestion is to add an optional attribute to @Valid annotation, "groups", where we can define which groups should be validated.

Hi,

I'm trying to validate each element of an array, rather than the size of said array.

According to jls§9.7.4, annotations can be used on arrays like this:

Type annotations can apply to an array type or any component type thereof (§10.1). For example, assuming that A, B, and C are annotation interfaces meta-annotated with @Target(ElementType.TYPE_USE), then given the field declaration:

@C int @A [] @B [] f;

@A applies to the array type int[][], @B applies to its component type int[], and @C applies to the element type int. For more examples, see §10.2.

So essentially, these two declarations are "equivalent" according to the JLS:

private @NotEmpty List<@Size(min=1,max=3) String> myList;

private @Size(min=1,max=3) String @NotEmpty[] myArray;

It seems to me that currently it is only possible to validate the length of an array, but not validate each element inside this array. I also have the impression that the current behavior is different from what is described in the above JLS excerpt, and also different from how Lists are validated:

• @Size(min = 1, max = 3) String[] validates the array length whereas it should in theory validate each String element
• String @Size(min = 1, max = 3)[] should validate the array length but it does nothing at the moment.

See this sample project for JUnit test cases to reproduce the problem: https://github.com/bjansen/arrays-validation

At the moment there is no mechanism to define the group sequence validation at runtime. Hibernate Validator has its own mechanism, through @GroupSequenceProvider annotation and DefaultGroupSequenceProvider interface.

Inspired by the Hibernate's solution, my suggestion is to add the attribute "provider" to the @GroupSequence annotation which expects a reference to a class that implements the interface "GroupSequenceProvider".

More info: Hibernate Validator docs.

• Organization Name ("Organization") and, if applicable, URL:
  
  Red Hat, https://www.jboss.org/

• Product Name, Version and download URL (if applicable):
  
  Hibernate Validator, 8.0.1.Final, http://hibernate.org/validator/releases/8.0/

• Specification Name, Version and download URL:
  
  Jakarta Bean Validation 3.1, https://jakarta.ee/specifications/bean-validation/3.1/

• TCK Version, digital SHA-256 fingerprint and download URL:
  
  3.1.0, 32d008ee99e28325ef92761891112b7177ad2b6c31881216baa0f3729a8eda03
  https://download.eclipse.org/ee4j/bean-validation/3.1/validation-tck-dist-3.1.0.zip

• Public URL of TCK Results Summary:
  
  https://github.com/jakartaredhat/beanvalidation-tck/wiki/Jakarta-Bean-Validation-3.1-TCK-Results
  Includes both Java SE 17 and 21 runs

• Java runtime used to run the implementation:
  
  openjdk version "21.0.2" 2024-01-16 LTS
  OpenJDK Runtime Environment Temurin-21.0.2+13 (build 21.0.2+13-LTS)
  OpenJDK 64-Bit Server VM Temurin-21.0.2+13 (build 21.0.2+13-LTS, mixed mode, sharing)

  openjdk version "17.0.10" 2024-01-16
  OpenJDK Runtime Environment Temurin-17.0.10+7 (build 17.0.10+7)
  OpenJDK 64-Bit Server VM Temurin-17.0.10+7 (build 17.0.10+7, mixed mode, sharing)

• Summary of the information for the certification environment, operating system, cloud, ...:
  
  EF CI environment
  Linux basic-497lf 6.2.9-300.fc38.x86_64 SMP PREEMPT_DYNAMIC Thu Mar 30 22:32:58 UTC 2023 x86_64 GNU/Linux

• By checking this box I acknowledge that the Organization I represent accepts the terms of the EFTL.

• By checking this box I attest that all TCK requirements have been met, including any compatibility rules.

Copied from Specification PR #222...

Per our updated process, moving these items to a separate issue against the Spec Project:

• The specification project member who created the api staging release promotes the specification api jars to maven central. An example release job script can be found here https://wiki.eclipse.org/MavenReleaseScript.
• The specification project team should go through the merged spec website page to verify all the links are valid.
• The specification project team should approve the compatibility request.
• The compatible implementation project/vendor MUST send an email to [email protected] for approval of the compatible implementation for trademark usage.
• The specification project team should merge any final release branch as appropriate for the branch management for the project.

Probably doesn't require much, as validation pretty much "Just works" for records, too. But it would still be nice to make it explicit in the spec, have some examples, state that the constructor components should be annotated, etc.

Another question is how to trigger validation of records, as it essentially requires hooking into constructor calls, e.g. via byte code weaving. I've explored this a while ago here.

Per the discussions on the Spec Committee and Platform Dev mailing lists, it's been discovered that many of the Javadoc and Spec references to the EFSL need updating. Please reference the following required updates and keep them in mind as your Spec Project is updating the files for Jakarta EE 9.

Note: Some Spec Projects have already started or even completed these updates. If so, just kindly return/close this Issue. Thanks!

Required EFSL updates for Javadoc

For javadoc, the EFSL.html located in src/main/javadoc/doc-files should be modified as follows:

• the <<url to this license>> needs to be replaced with efsl.php link[1]
• the [title and URI of the Eclipse Foundation specification document] needs to be replaced with the Specification Name and URL (Reference [2] for an example.)
• The javadoc footer copyright year needs to be updated to 2018, 2020 as defined in the pom.xml

Required EFSL updates for Specifications

For specification, the license-efsl.adoc located in src/main/asciidoc should be modified as follows:

• Update copyright year to 2018, 2020 from 2019. Add link to EFSL.
• the <<url to this license>> needs to be replaced with efsl.php link[1]
• the [title and URI of the Eclipse Foundation specification document] needs to be replaced with the Specification Name and URL (Reference [2] for an example.)

[1] https://www.eclipse.org/legal/efsl.php
[2] https://jakarta.ee/specifications/enterprise-beans/4.0/

• Organization Name ("Organization") and, if applicable, URL:
  
  Red Hat, https://www.jboss.org/
• Product Name, Version and download URL (if applicable):
  
  Hibernate Validator, 7.0.0.Alpha6, http://hibernate.org/validator/releases/7.0/
• Specification Name, Version and download URL:
  
  Jakarta Bean Validation 3.0, https://jakarta.ee/specifications/bean-validation/3.0/
• TCK Version, digital SHA-256 fingerprint and download URL:
  
  3.0.0, c975fd229df0c40947a9f0a69b779ec92bebb3d21e05fdc65fccc1d11ef5525b
  https://download.eclipse.org/ee4j/bean-validation/3.0/beanvalidation-tck-dist-3.0.0.zip
• Public URL of TCK Results Summary:
  
  https://github.com/jakartaredhat/beanvalidation-tck/wiki/Jakarta-Bean-Validation-3.0-TCK-Results
• Java runtime used to run the implementation:
  
  Java(TM) SE Runtime Environment (build 1.8.0_202-b08)
• Summary of the information for the certification environment, operating system, cloud, ...:
  
  EF CI environment
  Linux basic-rd4rm 3.10.0-1062.el7.x86_64 #1 SMP Thu Jul 18 20:25:13 UTC 2019 x86_64 GNU/Linux
• By checking this box I acknowledge that the Organization I represent accepts the terms of the EFTL.
• By checking this box I attest that all TCK requirements have been met, including any compatibility rules.

• Organization Name ("Organization") and, if applicable, URL
  Red Hat, Inc., http://redhat.com
• Product Name, Version and download URL (if applicable)
  Hibernate Validator 6.0.17.Final, https://hibernate.org/validator/releases/6.0/
• Specification Name, Version and download URL
  Jakarta Bean Validation 2.0
  https://jakarta.ee/specifications/bean-validation/2.0
• TCK Version, digital SHA-256 fingerprint and download URL
  2.0.5
  05afb564efaa6d893dbeb32fb614d6e2bd18f09cf76244386f3b377d725b14b8
  https://download.eclipse.org/jakartaee/bean-validation/2.0/beanvalidation-tck-dist-2.0.5.tar.gz
  b6778914f78bfcce5d6934347d71502603b1b0a6bbfdfbcf956271c367d40974
  https://download.eclipse.org/jakartaee/bean-validation/2.0/beanvalidation-tck-dist-2.0.5.zip
• Public URL of TCK Results Summary
  https://developer.jboss.org/wiki/HibernateValidatorJakartaValidationTCKCertificationLog
• Java runtime used to run the implementation
  OpenJDK 64-Bit Server VM (Zulu 8.40.0.25-CA-linux64) (build 25.222-b10, mixed mode)
• Summary of the information for the certification environment, operating system, cloud,
  Fedora release 30 (Thirty)
• By checking this box I acknowledge that I accept the terms of the EFTL.
• By checking this box I attest that all TCK requirements have been met, including any compatibility rules.

I thought this was actually enforced in the spec since a long time, but it turns out it's not:

If CDI is supported in the container, it would be a benefit for developers if they could rely that an implementation also supports dependency injection in the validator.

https://beanvalidation.org/2.0/spec/#integration-dependencyinjection enforces this only that the validator must be injectable itself, but not "inside". Additionally the scope then should be handled by CDI, if a CDI scoped annotation is present.

Example

@ApplicationScoped
public class OrderValidator implements ConstraintValidator<ValidOrder, CoffeeOrder> {

  @Inject
  CoffeeShop coffeeShop;

  // ...

Most impls IMO do this already, but it turns out not all (e.g. Payara), since it's not enforced in the spec. WDYT?

When the Validation TCK base test adds a few lib dependencies to the web archive, if the dependency path contains escapable symbols, e.g. @, the TCK will fail to find an actual jar, resulting in an entire TCK failing.

CodeSource#getLocation(), which is used to obtain the path to the added lib returns an URL that keeps the escaped symbols in the path.

The suggestion is to resolve the path by converting the URL to URI.

In particular, this can happen on CI where the jars are located in a directory with paths similar to /var/lib/jenkins/workspace/hibernate-validator_smth@tmp

See also jakartaee/validation-tck#198 (comment) for the patch.

Create/Update CONTRIBUTING files

Per input from the Eclipse EMO, each Specification Project needs to ensure that a CONTRIBUTING.md or CONTRIBUTING.adoc file exists in each specification-related repository maintained by Specification Projects.
In addition, the CONTRIBUTING.md or CONTRIBUTING.adoc file needs to include the following text:

## Eclipse Development Process

This Eclipse Foundation open project is governed by the Eclipse Foundation
Development Process and operates under the terms of the Eclipse IP Policy.

The Jakarta EE Specification Committee has adopted the Jakarta EE Specification
Process (JESP) in accordance with the Eclipse Foundation Specification Process
v1.2 (EFSP) to ensure that the specification process is complied with by all
Jakarta EE specification projects.

* https://eclipse.org/projects/dev_process
* https://www.eclipse.org/org/documents/Eclipse_IP_Policy.pdf
* https://jakarta.ee/about/jesp/
* https://www.eclipse.org/legal/efsp_non_assert.php

Please do this at your earliest convenience.
Thank you!

-- EE4J PMC ([email protected])

Project team:

• promotes api staging release promotes the specification api jars to maven central. An example release job script can be found here https://wiki.eclipse.org/MavenReleaseScript.
• go through the merged jakarta.ee specification website page to verify all the links are valid.
• if XML Schemas are published on https://jakarta.ee/schemas, send a PR to update the status from Draft to Final.
• approve the compatibility request.
• merge any final release branch as appropriate for the branch management for the project.

Is your feature request related to a problem? Please describe.
Jakarta EE 9 is the next major release, with the main focus of moving from the javax namespace to the jakarta namespace.

Describe the solution you'd like
This issue will be used to track the progress of this work effort via the Jakarta EE 9 Project board.

Additional context
Jakarta EE Specification Process
Eclipse Project Handbook
Eclipse Release Record for Jakarta EE 9

ToDo

• Create Eclipse Release Record in your respective Jakarta Specification Project.
  Most Component Release Records will just reference the Jakarta EE 9 Platform Release Plan. But, if your Component deviates at all from the Platform Release Plan, then a description of the changes will be required in the Release Record.
• Initiate a ballot for your Jakarta Release Record/Plan.
  Again, if your component is only doing the required minimum as defined by the Jakarta EE 9 Platform Release Plan, then no separate ballot is required. You are already approved. But, if your component deviates from the Platform Release Plan, then you will need to initiate your own ballot as defined by the Jakarta EE Specification Process.
• Jakarta-ize your Specification document (if applicable)
  Many of the Jakarta EE components now have the source for their Specification documents. It is strongly recommended that these Specification documents are properly updated to represent Jakarta EE instead of Java EE. Some helpful instructions are documented here.
• javax -> jakarta Spec updates
  If your component has Specification source, then all javax package references need to be updated to use jakarta package references.
• javax -> jakarta API updates
  Your component APIs need to move from using the javax namespace to using the jakarta namespace.
• Release Candidate (RC) of Jakarta API in Maven Central
  A Release Candidate of your component API should be pushed to Maven Central as soon as humanly possible. This will allow other dependent components to utilize your APIs as they are updating their APIs. Multiple revisions of these Release Candidate APIs are allowed (and probably expected) during the development cycle.
• javax -> jakarta TCK updates
  Your component TCK needs to be updated to use the jakarta namespace.
• javax -> jakarta Compatible Implementation updates
  Your compatible implementation that will be used to demonstrate completeness of the Specification needs to be updated to use the jakarta namespace.
• Final Jakarta API available in Staging Repo
  When ready, your final version of the API needs to be staged to get ready for the PR review and approvals.
• Draft Specification and Apidoc PRs ready for review
  Like we did for Jakarta EE 8, draft PRs need to be created and reviewed in preparation for the final ballots.
• Release Review Ballot started
  Each Jakarta EE component will need to initiate a separate Release Review ballot after proper reviewing has completed. To be clear, there will not be a blanket Release Review for all of Jakarta EE 9 like we did for the Plan Review. Each component needs a separate Release Review.

The current spec document build is based on ant and the asciidoctor ant plugin. The ant plugin has not been updated in 5 years, and we are using an even older version of it. Even just updating to the 5 year old version of the ant plugin causes the generation to fail because the custom Hibernate tree/block asciidoc plugins are apparently incompatible with that version.

We should look at switching the generation to the maven plugin, but this will probably still require updates to the hibernate-asciidoctor-extensions.

The public project site https://beanvalidation.org/ still has Duke inspecting a bean through his looking glass.
Is that still OK for Jakarta EE or should it change?