Concept Flow - DTO validation
Receive HTTP Request
Bind data to DTO object
Validate DTO fields
Process request
Send response
The flow shows how Spring Boot receives data, binds it to a DTO, validates it, and either processes or returns errors.
0DTO validation in Spring Boot - Step-by-Step Execution
Start learning this pattern below
Jump into concepts and practice - no test required
or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Execution Sample
Spring Boot
import jakarta.validation.constraints.Email; import jakarta.validation.constraints.NotBlank; public record UserDTO( @NotBlank String name, @Email String email ) {} @PostMapping("/users") public ResponseEntity<String> createUser(@Valid @RequestBody UserDTO user) { return ResponseEntity.ok("User created"); }
This code defines a UserDTO with validation annotations and a controller method that validates the DTO on request.
Execution Table
| Step | Action | DTO Field | Validation Check | Result | Next Step |
|---|---|---|---|---|---|
| 1 | Receive HTTP POST /users | - | - | - | Bind data to UserDTO |
| 2 | Bind JSON to UserDTO | name | Check @NotBlank | Pass if not empty | Validate next field |
| 3 | Bind JSON to UserDTO | Check @Email format | Pass if valid email | Validation complete | |
| 4 | Validation result | - | - | All fields valid | Call createUser method |
| 5 | Process request | - | - | Return 200 OK with message | Send response |
| 6 | If validation fails | - | - | Return 400 Bad Request with errors | Send error response |
💡 Validation stops request processing if any field fails; otherwise, controller method runs.
Variable Tracker
| Variable | Start | After Step 2 | After Step 3 | Final |
|---|---|---|---|---|
| user.name | null | "Alice" | "Alice" | "Alice" |
| user.email | null | null | "alice@example.com" | "alice@example.com" |
| validationErrors | empty | empty | empty | empty or error list |
Key Moments - 3 Insights
Why does the request fail if the 'name' field is empty?
Because @NotBlank on 'name' requires a non-empty string. Execution table step 2 shows validation fails if empty, stopping processing.
What happens if the 'email' field is not a valid email format?
Step 3 in the execution table shows @Email validation fails, causing the request to return a 400 error before the controller method runs.
How does Spring Boot know to validate the DTO automatically?
The @Valid annotation on the controller method parameter triggers validation after binding, as shown between steps 2 and 4.
Visual Quiz - 3 Questions
Test your understanding
Look at the execution table, what is the result of validation at step 3 if the email is 'not-an-email'?
💡 Hint
Check step 3 in the execution table where @Email validation is performed.
At which step does the controller method 'createUser' get called?
💡 Hint
Look for the step where the request is processed after validation passes.
If the 'name' field is empty, how does the variable 'validationErrors' change?
💡 Hint
Refer to variable_tracker and key_moments about validation failure on 'name'.
Concept Snapshot
DTO validation in Spring Boot: - Use @Valid on controller method parameter - Annotate DTO fields with validation annotations like @NotBlank, @Email - Spring binds JSON to DTO, then validates automatically - If validation fails, returns 400 error with messages - If valid, controller method executes normally
Full Transcript
In Spring Boot, when a request comes in, the JSON data is bound to a DTO object. The DTO fields have validation annotations like @NotBlank and @Email. The @Valid annotation on the controller method parameter triggers automatic validation after binding. Each field is checked in order. If all fields pass, the controller method runs and returns success. If any field fails, Spring Boot stops processing and returns a 400 Bad Request with error details. This flow ensures data is correct before business logic runs.
Practice
1. What is the main purpose of using DTO validation in a Spring Boot application?
easy
Solution
Step 1: Understand DTO role
A DTO (Data Transfer Object) carries data between processes and needs validation to ensure data is correct.Step 2: Purpose of validation
Validation checks input data early to prevent bad data from reaching business logic or database.Final Answer:
To check and ensure input data meets rules before processing -> Option DQuick Check:
DTO validation = input data check [OK]
Hint: Validation means checking input data early [OK]
Common Mistakes:
- Confusing validation with database optimization
- Thinking validation generates UI
- Mixing validation with authentication
2. Which annotation is used on a DTO field to require that it must not be empty or null?
easy
Solution
Step 1: Understand annotations meaning
@NotNull only checks for null, but allows empty strings. @NotEmpty checks for both null and empty strings.Step 2: Choose correct annotation
To ensure a field is neither null nor empty, @NotEmpty is the best choice.Final Answer:
@NotEmpty -> Option BQuick Check:
@NotEmpty = no null or empty [OK]
Hint: Use @NotEmpty to block null and empty strings [OK]
Common Mistakes:
- Using @NotNull but allowing empty strings
- Confusing @Valid with field validation
- Using @Size without min value
3. Given this DTO class snippet:
What happens if a request sends
public class UserDTO {
@NotNull
private String username;
@Min(18)
private int age;
// getters and setters
}What happens if a request sends
username=null and age=16 when validated with @Valid?medium
Solution
Step 1: Check username validation
@NotNull on username means null value is invalid, so username=null fails validation.Step 2: Check age validation
@Min(18) means age must be at least 18. Given age=16, this fails validation.Final Answer:
Validation fails for both username and age fields -> Option AQuick Check:
@NotNull + @Min(18) fail for null and age 16 [OK]
Hint: Check each annotation rule against input values [OK]
Common Mistakes:
- Assuming int fields can't fail validation
- Ignoring @NotNull effect on String
- Thinking validation passes if one field is valid
4. Identify the error in this controller method for validating a DTO:
@PostMapping("/users")
public ResponseEntity<String> addUser(UserDTO user) {
// save user
return ResponseEntity.ok("User added");
}medium
Solution
Step 1: Check parameter annotations
To validate JSON input as DTO, @RequestBody is needed to bind request body to UserDTO.Step 2: Check validation annotation
@Valid is also needed to trigger validation, but missing @RequestBody causes binding failure first.Final Answer:
Missing @RequestBody annotation on UserDTO parameter -> Option CQuick Check:
@RequestBody needed for JSON binding [OK]
Hint: Use @RequestBody to bind JSON to DTO [OK]
Common Mistakes:
- Forgetting @RequestBody causes no binding
- Thinking @Valid alone binds JSON
- Assuming return type must be void
5. You want to validate a DTO with a nested object, where the nested object also needs validation. Which is the correct way to enable validation on the nested DTO field?
hard
Solution
Step 1: Understand nested validation
Spring Boot requires @Valid on nested DTO fields to trigger validation of inner objects.Step 2: Why @Valid on nested field
@NotNull only checks presence, but @Valid triggers validation of nested object's fields.Final Answer:
Add @Valid annotation on the nested DTO field inside the parent DTO -> Option AQuick Check:
@Valid on nested field triggers inner validation [OK]
Hint: Use @Valid on nested DTO fields for full validation [OK]
Common Mistakes:
- Using only @NotNull on nested DTO
- Assuming parent @Valid covers nested fields
- Skipping @Valid and expecting automatic nested validation