Hi all,
I have been discussing how to integrate our method validation feature with CDI and the
Java EE spec in general. One question that got raised was when should methods be validated
within the stack of interceptors. Here are a few common interceptors:
- transaction interceptor
- security interceptor
My answer is so far to be "last", though I can imagine many interceptors wanting
to be last. An interceptor is able to change parameter values as well as return value
potentially. Our intuition is that method parameter validation should:
- be done after a transaction has been started (esp if rich constraint validators are
used)
- after the security layer has cleared the method call
- generally speaking after any interceptor that could interrupt the method call (to be
cheap)
- after any interceptor that could alter parameter values
The idea is that the method validation interceptor guarantees that parameters provided to
the actual method are sound.
With the same logic, return values should be validated before other interceptors. That
makes the method validation interceptor logic be something like that
````
validateParameterValues
run method
validateReturnValue
````
Do you think this approach is sound, in particular wrt when method validation should occur
in an interceptor stack?
Emmanuel
Show replies by date