Search code examples
javaspring-mvcspring-validator

javax.validation.constraints.Email matching invalid email address

I have a User entity having email property annotated with @Email

@Email
private String email;

I am using @Valid (javax.validation.Valid) annotation on my Controller class. The issue is that the controller validator is passing the invalid emails. Example:
pusp@1 - obviously this is an invalid email address
pusp@fake
The pattern I noticed is, the @Email only want sometext@text, it don't care for the extensions(.com/org etc). Is it the expected behaviour? Do I need to pass my own regex implementation for @Email(regex="")

Solution

  • A email without . may be considered as valid according to the validators.
    In a general way, validator implementations (here it is probably the Hibernate Validator) are not very restrictive about emails.
    For example the org.hibernate.validator.internal.constraintvalidators.AbstractEmailValidator javadoc states :

    The specification of a valid email can be found in RFC 2822 and one can come up with a regular expression matching all valid email addresses as per specification. However, as this article discusses it is not necessarily practical to implement a 100% compliant email validator. This implementation is a trade-off trying to match most email while ignoring for example emails with double quotes or comments.

    And as a side note, I noticed similarly things with HTML Validator for emails.

    So I think that the behavior that you encounter actually is which one expected.
    And about your question :

    Do I need to pass my own regex implementation for @Email(regex="")

    Indeed. You don't have any other choice if you want to make the validation more restrictive.
    As alternative, this answer creating its own validator via a constraints composition is really interesting as it is DRY (you can reuse your custom ConstraintValidator without specified at each time the pattern as it will be included in) and it reuses the "good part" of the @Email ConstraintValidator :

    @Email(message="Please provide a valid email address")
@Pattern(regexp=".+@.+\\..+", message="Please provide a valid email address")
@Target( { METHOD, FIELD, ANNOTATION_TYPE })
@Retention(RUNTIME)
@Constraint(validatedBy = {})
@Documented
public @interface ExtendedEmailValidator {
    String message() default "Please provide a valid email address";
    Class<?>[] groups() default {};
    Class<? extends Payload>[] payload() default {};
}