Input validation
Besides authentication and authorization, one area of importance in building secure web services is to ensure that inputs are always validated. In addition to maintaining data integrity, doing so prevents security vulnerabilities such as a SQL injection.
Java Bean annotations
To implement input validation, we can use Java Bean validation annotations that were introduced with JavaEE 6. To illustrate their use, let's implement the endpoint to take bookings in our sample web service. Our booking service accepts requests in the form of the following Java class:
public class BookingRequest {
@Min(1)
private final long roomId;
@NotNull
private final DateRange dateRange;
@Size(min = 1, max = 128)
private final String customerName;
@NotNull
private CreditCardDetails creditCardDetails;
}You can see here the use of @javax.validation.constraints.Min, @javax.validation.constraints.NotNull and @javax.validation.constraints.Size. The @Min annotation allows the defining...
