当前位置：首页 > news >正文

【SpringBoot 从入门到架构师】第8章：全局异常处理与参数校验

news 2026/5/13 1:03:34

1. 全局异常处理器 @RestControllerAdvice 实战

一、基础概念

@RestControllerAdvice 是 Spring Boot 中用于处理全局异常的注解，它结合了 @ControllerAdvice 和 @ResponseBody 的功能，主要用于 RESTful API 的异常处理。

二、基础实现

创建全局异常处理器

import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; import org.springframework.web.bind.annotation.ExceptionHandler; import org.springframework.web.bind.annotation.RestControllerAdvice; @RestControllerAdvice public class GlobalExceptionHandler { // 处理所有未捕获的异常 @ExceptionHandler(Exception.class) public ResponseEntity<ErrorResponse> handleException(Exception e) { ErrorResponse error = new ErrorResponse( HttpStatus.INTERNAL_SERVER_ERROR.value(), "服务器内部错误", e.getMessage() ); return new ResponseEntity<>(error, HttpStatus.INTERNAL_SERVER_ERROR); } // 处理自定义业务异常 @ExceptionHandler(BusinessException.class) public ResponseEntity<ErrorResponse> handleBusinessException(BusinessException e) { ErrorResponse error = new ErrorResponse( e.getCode(), e.getMessage(), e.getDetail() ); return new ResponseEntity<>(error, HttpStatus.BAD_REQUEST); } // 处理参数校验异常 @ExceptionHandler(MethodArgumentNotValidException.class) public ResponseEntity<ErrorResponse> handleValidationException( MethodArgumentNotValidException e) { String message = e.getBindingResult() .getFieldErrors() .stream() .map(FieldError::getDefaultMessage) .collect(Collectors.joining(", ")); ErrorResponse error = new ErrorResponse( HttpStatus.BAD_REQUEST.value(), "参数校验失败", message ); return new ResponseEntity<>(error, HttpStatus.BAD_REQUEST); } }

错误响应实体类

import lombok.AllArgsConstructor; import lombok.Data; import lombok.NoArgsConstructor; @Data @NoArgsConstructor @AllArgsConstructor public class ErrorResponse { private Integer code; // 错误码 private String message; // 错误信息 private String detail; // 错误详情 private Long timestamp; // 时间戳 private String path; // 请求路径 public ErrorResponse(Integer code, String message, String detail) { this.code = code; this.message = message; this.detail = detail; this.timestamp = System.currentTimeMillis(); } }

自定义业务异常类

public class BusinessException extends RuntimeException { private Integer code; private String detail; public BusinessException(String message) { super(message); this.code = 400; } public BusinessException(Integer code, String message) { super(message); this.code = code; } public BusinessException(Integer code, String message, String detail) { super(message); this.code = code; this.detail = detail; } // getters and setters }

三、进阶功能

异常分类处理

@RestControllerAdvice public class GlobalExceptionHandler { // 404 资源不存在 @ExceptionHandler(ResourceNotFoundException.class) public ResponseEntity<ErrorResponse> handleResourceNotFound( ResourceNotFoundException e, HttpServletRequest request) { ErrorResponse error = ErrorResponse.builder() .code(404) .message("资源不存在") .detail(e.getMessage()) .timestamp(System.currentTimeMillis()) .path(request.getRequestURI()) .build(); return new ResponseEntity<>(error, HttpStatus.NOT_FOUND); } // 401 未授权 @ExceptionHandler(UnauthorizedException.class) public ResponseEntity<ErrorResponse> handleUnauthorized( UnauthorizedException e, HttpServletRequest request) { ErrorResponse error = new ErrorResponse( 401, "未授权访问", e.getMessage(), System.currentTimeMillis(), request.getRequestURI() ); return new ResponseEntity<>(error, HttpStatus.UNAUTHORIZED); } // 403 禁止访问 @ExceptionHandler(AccessDeniedException.class) public ResponseEntity<ErrorResponse> handleAccessDenied( AccessDeniedException e, HttpServletRequest request) { ErrorResponse error = new ErrorResponse( 403, "禁止访问", e.getMessage(), System.currentTimeMillis(), request.getRequestURI() ); return new ResponseEntity<>(error, HttpStatus.FORBIDDEN); } }

参数校验增强

@RestControllerAdvice public class GlobalExceptionHandler { // 处理 @Valid 参数校验异常 @ExceptionHandler(MethodArgumentNotValidException.class) public ResponseEntity<ValidationErrorResponse> handleValidationException( MethodArgumentNotValidException e) { List<FieldError> fieldErrors = e.getBindingResult().getFieldErrors(); ValidationErrorResponse error = new ValidationErrorResponse(); error.setCode(400); error.setMessage("参数校验失败"); error.setTimestamp(System.currentTimeMillis()); List<ValidationError> errors = fieldErrors.stream() .map(fieldError -> new ValidationError( fieldError.getField(), fieldError.getDefaultMessage(), fieldError.getRejectedValue() )) .collect(Collectors.toList()); error.setErrors(errors); return new ResponseEntity<>(error, HttpStatus.BAD_REQUEST); } // 处理 @RequestParam 参数校验异常 @ExceptionHandler(ConstraintViolationException.class) public ResponseEntity<ValidationErrorResponse> handleConstraintViolation( ConstraintViolationException e) { ValidationErrorResponse error = new ValidationErrorResponse(); error.setCode(400); error.setMessage("参数校验失败"); error.setTimestamp(System.currentTimeMillis()); List<ValidationError> errors = e.getConstraintViolations().stream() .map(violation -> { String field = violation.getPropertyPath().toString(); return new ValidationError( field.substring(field.lastIndexOf('.') + 1), violation.getMessage(), violation.getInvalidValue() ); }) .collect(Collectors.toList()); error.setErrors(errors); return new ResponseEntity<>(error, HttpStatus.BAD_REQUEST); } } // 校验错误响应类 @Data class ValidationErrorResponse { private Integer code; private String message; private Long timestamp; private List<ValidationError> errors; } @Data @AllArgsConstructor class ValidationError { private String field; private String message; private Object rejectedValue; }

国际化支持

@RestControllerAdvice public class GlobalExceptionHandler { @Autowired private MessageSource messageSource; @ExceptionHandler(BusinessException.class) public ResponseEntity<ErrorResponse> handleBusinessException( BusinessException e, HttpServletRequest request, Locale locale) { // 从国际化文件中获取错误信息 String localizedMessage = messageSource.getMessage( e.getMessageKey(), e.getArgs(), e.getMessage(), locale ); ErrorResponse error = new ErrorResponse( e.getCode(), localizedMessage, e.getDetail(), System.currentTimeMillis(), request.getRequestURI() ); return new ResponseEntity<>(error, HttpStatus.BAD_REQUEST); } }

四、最佳实践

异常码枚举

public enum ErrorCode { SUCCESS(0, "成功"), PARAM_ERROR(400, "参数错误"), UNAUTHORIZED(401, "未授权"), FORBIDDEN(403, "禁止访问"), NOT_FOUND(404, "资源不存在"), INTERNAL_ERROR(500, "服务器内部错误"), // 业务异常码 USER_NOT_EXIST(1001, "用户不存在"), PRODUCT_OUT_OF_STOCK(1002, "商品库存不足"), ORDER_CREATE_FAILED(1003, "订单创建失败"); private final int code; private final String message; ErrorCode(int code, String message) { this.code = code; this.message = message; } // getters }

统一响应体

@Data public class ApiResponse<T> { private Integer code; private String message; private T data; private Long timestamp; public static <T> ApiResponse<T> success(T data) { ApiResponse<T> response = new ApiResponse<>(); response.setCode(ErrorCode.SUCCESS.getCode()); response.setMessage(ErrorCode.SUCCESS.getMessage()); response.setData(data); response.setTimestamp(System.currentTimeMillis()); return response; } public static ApiResponse<?> error(ErrorCode errorCode) { ApiResponse<?> response = new ApiResponse<>(); response.setCode(errorCode.getCode()); response.setMessage(errorCode.getMessage()); response.setTimestamp(System.currentTimeMillis()); return response; } public static ApiResponse<?> error(Integer code, String message) { ApiResponse<?> response = new ApiResponse<>(); response.setCode(code); response.setMessage(message); response.setTimestamp(System.currentTimeMillis()); return response; } }

五、总结

使用 @RestControllerAdvice 实现全局异常处理的最佳实践：

统一异常处理：所有异常通过统一的方式处理，返回格式一致的响应
异常分类：根据异常类型返回合适的 HTTP 状态码
错误信息友好：生产环境隐藏敏感信息，开发环境提供详细错误
日志记录：记录异常信息便于排查问题
国际化支持：根据客户端语言返回对应的错误信息
参数校验：统一处理参数校验异常，提供清晰的错误信息
业务异常分离：业务异常和系统异常分开处理

这样设计的全局异常处理器能够提高代码的可维护性，提供更好的用户体验，并方便问题排查。

2. 自定义业务异常、统一异常返回格式

创建自定义异常类

// 基础业务异常类 public class BusinessException extends RuntimeException { private final Integer code; private final String message; public BusinessException(Integer code, String message) { super(message); this.code = code; this.message = message; } public BusinessException(ErrorCode errorCode) { super(errorCode.getMessage()); this.code = errorCode.getCode(); this.message = errorCode.getMessage(); } public BusinessException(ErrorCode errorCode, String message) { super(message); this.code = errorCode.getCode(); this.message = message; } // getters public Integer getCode() { return code; } @Override public String getMessage() { return message; } } // 参数验证异常 public class ValidationException extends BusinessException { private Map<String, String> errors; public ValidationException(Integer code, String message) { super(code, message); } public ValidationException(Integer code, String message, Map<String, String> errors) { super(code, message); this.errors = errors; } public Map<String, String> getErrors() { return errors; } }

定义错误码枚举

@Getter public enum ErrorCode { // 成功 SUCCESS(200, "操作成功"), // 客户端错误 BAD_REQUEST(400, "请求参数错误"), UNAUTHORIZED(401, "未授权"), FORBIDDEN(403, "禁止访问"), NOT_FOUND(404, "资源不存在"), // 业务错误 BUSINESS_ERROR(1000, "业务异常"), VALIDATION_ERROR(1001, "参数验证失败"), DATA_NOT_FOUND(1002, "数据不存在"), DATA_EXISTS(1003, "数据已存在"), OPERATION_FAILED(1004, "操作失败"), // 系统错误 INTERNAL_ERROR(500, "系统内部错误"), SERVICE_UNAVAILABLE(503, "服务不可用"); private final Integer code; private final String message; ErrorCode(Integer code, String message) { this.code = code; this.message = message; } public static ErrorCode fromCode(Integer code) { for (ErrorCode errorCode : ErrorCode.values()) { if (errorCode.getCode().equals(code)) { return errorCode; } } return INTERNAL_ERROR; } }

统一响应对象

@Data @Builder @NoArgsConstructor @AllArgsConstructor public class ApiResponse<T> { private Integer code; private String message; private T data; private Long timestamp; public static <T> ApiResponse<T> success() { return success(null); } public static <T> ApiResponse<T> success(T data) { return ApiResponse.<T>builder() .code(ErrorCode.SUCCESS.getCode()) .message(ErrorCode.SUCCESS.getMessage()) .data(data) .timestamp(System.currentTimeMillis()) .build(); } public static <T> ApiResponse<T> error(ErrorCode errorCode) { return ApiResponse.<T>builder() .code(errorCode.getCode()) .message(errorCode.getMessage()) .timestamp(System.currentTimeMillis()) .build(); } public static <T> ApiResponse<T> error(Integer code, String message) { return ApiResponse.<T>builder() .code(code) .message(message) .timestamp(System.currentTimeMillis()) .build(); } }

全局异常处理器

@Slf4j @RestControllerAdvice public class GlobalExceptionHandler { /** * 处理业务异常 */ @ExceptionHandler(BusinessException.class) public ResponseEntity<ApiResponse<Object>> handleBusinessException(BusinessException e) { log.warn("业务异常: {}", e.getMessage(), e); ApiResponse<Object> response = ApiResponse.builder() .code(e.getCode()) .message(e.getMessage()) .timestamp(System.currentTimeMillis()) .build(); return ResponseEntity.status(HttpStatus.BAD_REQUEST).body(response); } /** * 处理参数验证异常 */ @ExceptionHandler(ValidationException.class) public ResponseEntity<ApiResponse<Map<String, String>>> handleValidationException(ValidationException e) { log.warn("参数验证异常: {}", e.getMessage()); ApiResponse<Map<String, String>> response = ApiResponse.<Map<String, String>>builder() .code(e.getCode()) .message(e.getMessage()) .data(e.getErrors()) .timestamp(System.currentTimeMillis()) .build(); return ResponseEntity.status(HttpStatus.BAD_REQUEST).body(response); } /** * 处理 Spring Validation 异常 */ @ExceptionHandler(MethodArgumentNotValidException.class) public ResponseEntity<ApiResponse<Map<String, String>>> handleValidationException(MethodArgumentNotValidException e) { log.warn("参数验证异常: {}", e.getMessage()); Map<String, String> errors = new HashMap<>(); e.getBindingResult().getFieldErrors().forEach(error -> errors.put(error.getField(), error.getDefaultMessage()) ); ApiResponse<Map<String, String>> response = ApiResponse.<Map<String, String>>builder() .code(ErrorCode.VALIDATION_ERROR.getCode()) .message(ErrorCode.VALIDATION_ERROR.getMessage()) .data(errors) .timestamp(System.currentTimeMillis()) .build(); return ResponseEntity.status(HttpStatus.BAD_REQUEST).body(response); } /** * 处理所有未捕获的异常 */ @ExceptionHandler(Exception.class) public ResponseEntity<ApiResponse<Object>> handleException(Exception e) { log.error("系统异常: ", e); ApiResponse<Object> response = ApiResponse.builder() .code(ErrorCode.INTERNAL_ERROR.getCode()) .message(ErrorCode.INTERNAL_ERROR.getMessage()) .timestamp(System.currentTimeMillis()) .build(); return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).body(response); } }

统一响应处理器

@ControllerAdvice public class ResponseAdvice implements ResponseBodyAdvice<Object> { @Override public boolean supports(MethodParameter returnType, Class<? extends HttpMessageConverter<?>> converterType) { // 排除特定的返回类型 return !returnType.getParameterType().equals(ApiResponse.class) && !returnType.getParameterType().equals(Void.class) && !returnType.hasMethodAnnotation(IgnoreResponseAdvice.class); } @Override public Object beforeBodyWrite(Object body, MethodParameter returnType, MediaType selectedContentType, Class<? extends HttpMessageConverter<?>> selectedConverterType, ServerHttpRequest request, ServerHttpResponse response) { // 处理字符串类型返回 if (body instanceof String) { return JSON.toJSONString(ApiResponse.success(body)); } // 处理 void 返回类型 if (body == null && returnType.getParameterType().equals(Void.TYPE)) { return ApiResponse.success(); } return ApiResponse.success(body); } } // 忽略统一响应的注解 @Target({ElementType.METHOD, ElementType.TYPE}) @Retention(RetentionPolicy.RUNTIME) public @interface IgnoreResponseAdvice { }

主要优点：

统一响应格式：所有接口返回统一格式的 JSON
异常分类处理：不同类型的异常有不同的处理逻辑
错误码管理：通过枚举统一管理错误码和错误信息
灵活的异常抛出：可以在业务层任意位置抛出异常
易于扩展：可以方便地添加新的异常类型
良好的日志记录：异常发生时记录详细的日志信息
生产环境友好：避免将敏感异常信息暴露给客户端

这个方案可以根据实际业务需求进行调整和扩展。

3. 参数校验 JSR303：@NotBlank、@NotNull、@Size 等注解使用

一、基础配置

添加依赖

<dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-validation</artifactId> </dependency>

启用校验

@Configuration public class ValidatorConfig { // Spring Boot 2.3+ 自动配置，无需手动配置 }

二、常用校验注解

基础注解

public class UserDTO { @NotBlank(message = "用户名不能为空") private String username; @NotNull(message = "年龄不能为null") @Min(value = 0, message = "年龄不能小于0") @Max(value = 150, message = "年龄不能大于150") private Integer age; @Email(message = "邮箱格式不正确") private String email; @Size(min = 6, max = 20, message = "密码长度必须在6-20位之间") private String password; @Pattern(regexp = "^1[3-9]\\d{9}$", message = "手机号格式不正确") private String phone; @AssertTrue(message = "必须同意协议") private Boolean agree; @Future(message = "必须是将来时间") private LocalDateTime appointmentTime; @Past(message = "必须是过去时间") private LocalDate birthDate; @DecimalMin(value = "0.0", inclusive = false, message = "金额必须大于0") @DecimalMax(value = "10000.0", message = "金额不能超过10000") private BigDecimal amount; // getters and setters }

集合校验

public class OrderDTO { @NotEmpty(message = "商品列表不能为空") private List<@Valid ProductDTO> products; @Size(min = 1, max = 10, message = "标签数量必须在1-10个之间") private List<String> tags; @NotEmpty(message = "收货地址不能为空") private Map<String, @NotBlank String> addresses; }

三、使用方法

Controller层校验

@RestController @RequestMapping("/api/users") @Validated // 类级别开启校验 public class UserController { // 方法参数校验 @PostMapping public ResponseEntity<?> createUser(@Valid @RequestBody UserDTO userDTO) { // 业务逻辑 return ResponseEntity.ok("创建成功"); } // 路径变量校验 @GetMapping("/{id}") public ResponseEntity<?> getUser(@PathVariable @Min(1) Long id) { return ResponseEntity.ok("查询成功"); } // 查询参数校验 @GetMapping public ResponseEntity<?> listUsers( @RequestParam @Min(0) Integer page, @RequestParam @Range(min = 1, max = 100) Integer size) { return ResponseEntity.ok("查询成功"); } }

Service层校验

@Service @Validated public class UserService { public void createUser(@Valid UserDTO userDTO) { // 业务逻辑 } public UserDTO getUser(@Min(1) Long id) { // 业务逻辑 return new UserDTO(); } }

四、分组校验

定义分组接口

public interface ValidationGroups { interface Create {} interface Update {} }

使用分组

public class UserDTO { @Null(groups = Create.class, message = "创建时ID必须为空") @NotNull(groups = Update.class, message = "更新时ID不能为空") private Long id; @NotBlank(groups = {Create.class, Update.class}, message = "用户名不能为空") private String username; }

控制器中使用分组

@PostMapping public ResponseEntity<?> createUser(@Validated(ValidationGroups.Create.class) @RequestBody UserDTO userDTO) { return ResponseEntity.ok("创建成功"); } @PutMapping("/{id}") public ResponseEntity<?> updateUser(@Validated(ValidationGroups.Update.class) @RequestBody UserDTO userDTO) { return ResponseEntity.ok("更新成功"); }

五、自定义校验注解

创建自定义注解

@Target({ElementType.FIELD, ElementType.PARAMETER}) @Retention(RetentionPolicy.RUNTIME) @Constraint(validatedBy = PhoneValidator.class) @Documented public @interface Phone { String message() default "手机号格式不正确"; Class<?>[] groups() default {}; Class<? extends Payload>[] payload() default {}; }

实现校验逻辑

public class PhoneValidator implements ConstraintValidator<Phone, String> { private static final Pattern PHONE_PATTERN = Pattern.compile("^1[3-9]\\d{9}$"); @Override public boolean isValid(String phone, ConstraintValidatorContext context) { if (phone == null) { return true; // 配合 @NotNull 使用 } return PHONE_PATTERN.matcher(phone).matches(); } }

使用自定义注解

public class UserDTO { @Phone private String phone; }

六、全局异常处理

@RestControllerAdvice public class GlobalExceptionHandler { // 处理参数校验异常 @ExceptionHandler(MethodArgumentNotValidException.class) public ResponseEntity<ErrorResponse> handleValidationExceptions( MethodArgumentNotValidException ex) { List<String> errors = ex.getBindingResult() .getFieldErrors() .stream() .map(error -> error.getField() + ": " + error.getDefaultMessage()) .collect(Collectors.toList()); ErrorResponse response = new ErrorResponse( "参数校验失败", HttpStatus.BAD_REQUEST.value(), errors ); return ResponseEntity.badRequest().body(response); } // 处理约束违反异常（@Validated） @ExceptionHandler(ConstraintViolationException.class) public ResponseEntity<ErrorResponse> handleConstraintViolationException( ConstraintViolationException ex) { List<String> errors = ex.getConstraintViolations() .stream() .map(violation -> violation.getPropertyPath() + ": " + violation.getMessage()) .collect(Collectors.toList()); ErrorResponse response = new ErrorResponse( "参数校验失败", HttpStatus.BAD_REQUEST.value(), errors ); return ResponseEntity.badRequest().body(response); } // 错误响应类 @Data @AllArgsConstructor public static class ErrorResponse { private String message; private int status; private List<String> errors; private LocalDateTime timestamp = LocalDateTime.now(); } }

七、嵌套对象校验

public class OrderDTO { @Valid @NotNull(message = "用户信息不能为空") private UserDTO user; @Valid @NotEmpty(message = "商品列表不能为空") private List<OrderItemDTO> items; } public class OrderItemDTO { @NotBlank(message = "商品名称不能为空") private String productName; @NotNull(message = "数量不能为空") @Min(value = 1, message = "数量至少为1") private Integer quantity; }

八、国际化消息

创建ValidationMessages.properties

user.username.notblank=用户名不能为空 user.email.invalid=邮箱格式不正确

在注解中使用

public class UserDTO { @NotBlank(message = "{user.username.notblank}") private String username; @Email(message = "{user.email.invalid}") private String email; }

九、最佳实践

分层校验：

Controller层：参数格式校验
Service层：业务逻辑校验
数据库层：数据完整性校验

合理使用分组：根据不同场景使用不同的校验规则
自定义错误消息：提供清晰、友好的错误提示
性能考虑：避免复杂的正则表达式和自定义校验逻辑
组合使用：多个注解可以组合使用增强校验

十、常见问题

@NotNull vs @NotEmpty vs @NotBlank

@NotNull：对象不为null，但可以是空字符串
@NotEmpty：集合/数组/Map/字符串不为null且长度/大小大于0
@NotBlank：字符串不为null且去除空格后长度大于0

校验不生效可能原因

未添加@Valid或@Validated注解
校验注解放在错误的类型上
未添加spring-boot-starter-validation依赖

校验顺序

使用@GroupSequence定义校验顺序

@GroupSequence({First.class, Second.class, UserDTO.class}) public class UserDTO { @NotBlank(groups = First.class) private String username; @Email(groups = Second.class) private String email; }

通过合理使用Spring Boot的参数校验功能，可以大大减少业务代码中的参数校验逻辑，提高代码的可读性和可维护性。

查看全文

http://www.jsqmd.com/news/805592/