Bean Validation should be enabled


(Jens Bannmann) #1

Hi all,

I would like to propose the following new rule.

Rule description & motivation
Bean Validation can be triggered programmatically on an object, but it will also run automatically for fields of objects being validated and for any method parameters. However, in both cases, the corresponding variable must be annotated with javax.validation.Valid. This can easily be forgotten.

This rule should create an issue for each

  • parameter of a public method (excluding constructors)
  • field with bean validation constraints
  • field in a class where other fields have bean validation constraints

that is not annotated javax.validation.Valid and where the type refers to a class with bean validation constraints.

This rule should support standard constraint annotations (such as @NotNull) as well as custom ones (annotations which have the javax.validation.Constraint annotation).

Impact to keep this code as it is
Not annotating the element with @Valid means bean validation will not be triggered, but readers may overlook this omission and assume the object will be validated.

Example Code

import javax.validation.Valid;
import javax.validation.constraints.NotNull;

public class User {
  private String name;

public class Group {
  private List<User> users; // noncompliant, User instances are not validated

public class Email {
  private List<User> recipients; // compliant

public class MyService {
  public void login(User user) { // noncompliant, parameter is not validated

  public void logout(@Valid User user) { // compliant

  protected void logAction(User user) { // compliant


Code Smell


Best regards