I have a Spring Boot controller where I'm using @RequestHeader to enforce required headers. However, even with @NotBlank, the controller still accepts requests where the required header is an empty string (""), which I need to prevent.
Here's a simplified version of my controller:
public interface Controller{
@RequestMapping(
method = RequestMethod.POST,
value = "/some-endpoint",
produces = {"application/json"},
consumes = {"application/json"}
)
public ResponseEntity<?> processRequest(
@NotBlank @RequestHeader(value = "request-id", required = true) String requestId,
@RequestHeader(value = "optional-header", required = false) String optionalHeader,
@NotBlank @RequestHeader(value = "mandatory-header", required = true) String mandatoryHeader,
@Valid @RequestBody SomeRequestObject requestBody
);
What I've tried:
- Using @NotBlank on @RequestHeader → Still allows empty string ("").
- Adding spring-boot-starter-validation Gradle dependency → No change.
- Applying @Validated at the class level → Works for @RequestBody but not for @RequestHeader.
How can I ensure that request-id and mandatory-header must not be empty ("") at the header level without manually checking them inside the method?
I have a Spring Boot controller where I'm using @RequestHeader to enforce required headers. However, even with @NotBlank, the controller still accepts requests where the required header is an empty string (""), which I need to prevent.
Here's a simplified version of my controller:
public interface Controller{
@RequestMapping(
method = RequestMethod.POST,
value = "/some-endpoint",
produces = {"application/json"},
consumes = {"application/json"}
)
public ResponseEntity<?> processRequest(
@NotBlank @RequestHeader(value = "request-id", required = true) String requestId,
@RequestHeader(value = "optional-header", required = false) String optionalHeader,
@NotBlank @RequestHeader(value = "mandatory-header", required = true) String mandatoryHeader,
@Valid @RequestBody SomeRequestObject requestBody
);
What I've tried:
- Using @NotBlank on @RequestHeader → Still allows empty string ("").
- Adding spring-boot-starter-validation Gradle dependency → No change.
- Applying @Validated at the class level → Works for @RequestBody but not for @RequestHeader.
How can I ensure that request-id and mandatory-header must not be empty ("") at the header level without manually checking them inside the method?
Share Improve this question edited Mar 13 at 8:51 Mark Rotteveel 110k229 gold badges156 silver badges224 bronze badges asked Mar 12 at 20:46 kingifiedkingified 3231 gold badge6 silver badges22 bronze badges 4 |2 Answers
Reset to default 0There are multiple ways to fix this.
Create a custom validator annotation & use this in your method.
Use a Global interceptor where you can check for empty header values.
The simplest one is to manually check the header for empty string.
if (requestId == null || requestId.trim().isEmpty()) {
throw new IllegalArgumentException("Header 'request-id' must not be empty or blank.");
}
if (mandatoryHeader == null || mandatoryHeader.trim().isEmpty()) {
throw new IllegalArgumentException("Header 'mandatory-header' must not be empty or blank.");
}
//create custom validator interface and try to implement it
@RestController
@RequestMapping("/some-endpoint")
@Validated // Important! Required for custom validation to work
public class MyController {
@PostMapping
public ResponseEntity<?> processRequest(
@ValidHeader @RequestHeader(value = "request-id", required = true) String requestId,
@RequestHeader(value = "optional-header", required = false) String optionalHeader,
@ValidHeader @RequestHeader(value = "mandatory-header", required = true) String mandatoryHeader,
@Valid @RequestBody SomeRequestObject requestBody) {
return ResponseEntity.ok("Request processed successfully");
}
}
@Validatedwon't work as the annotations are lost. The@Validon the request body works regardless of the@Validatedat the class level or not. – M. Deinum Commented Mar 13 at 12:17