Hello, I m looking about using bean validation into spring mvc application. It looks good for input validation (whitelist approach). However it relays on annotations on each objects attributes to trigger input validation. If a user does not add annotation, input will not be validated even with default validation rule... Does any one knows if default input validation can be trigger with bean validation ... For enforcement purpose?

You should be able to set a customer validator to be used globally through the XML configs: http://static.springsource.org/spring/docs/3.0.x/reference/validation.html#validation-mvc-configuring Once you have the custom validator setup properly you can enable it globally within the XML config: <mvc:annotation-driven validator="[Your Validator Here]"/>Was that what you were looking for? D --- On Thu, 8/30/12, Lebeau Frederic <frederic.lebeau@websurf.be> wrote: From: Lebeau Frederic <frederic.lebeau@websurf.be> Subject: [WEB SECURITY] Bean validation To: websecurity@webappsec.org Date: Thursday, August 30, 2012, 12:51 PM Hello, I m looking about using bean validation into spring mvc application.It looks good for input validation (whitelist approach).However it relays on annotations on each objects attributes to trigger input validation. If a user does not add annotation, input will not be validated even with default validation rule... Does any one knows if default input validation can be trigger with bean validation ... For enforcement purpose? -----Inline Attachment Follows----- _______________________________________________ The Web Security Mailing List WebSecurity RSS Feed http://www.webappsec.org/rss/websecurity.rss Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA WASC on Twitter http://twitter.com/wascupdates websecurity@lists.webappsec.org http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org