Dynamic validation layer consistent across middleware, UI and REST


With bean validation introduced in 6.4 we have a great way to have uniform bean validation across all layers in CUBA. However bean validation is essentially static, whereas in real world there are functional validation rules that depends on runtime state.

For instance, a junior salesman may not be allowed to set a discount beyond a certain limit. With Bean Validation you will probably enforce a percentage in the discount field, but you cannot manage that case.

Also, default values, which is not a validation feature per se, but is also driven by functional rules like validation rules are, and also ought to be uniform accross layers. Default value for a price or a discount can depend on a functional rule based on Customer and Product. Or be configured in a database table that will change depending on the user who is connected.

These kind of rules are IMHO beyond Bean Validation scope which is there to ensure data integrity. Of course currently you can define with CUBA elaborated validation rules in the REST API or the UI, but sharing these rules between layers is difficult : UI has a flexible way of defining rules, but you cannot use them in middleware or REST.

In our case we consider default values and validation rules the same : they are functional rules. So we have developped a small functional layer with a few features (dynamic limits and default values) at middleware level which allows managing forementionned use cases. Then we have integrated it with UI validation layer to benefit platform features (localization, notification, highlighting of wrong fields). REST is coming.

It would be nice to have the platform providing an out-of-the-box feature for that. That could be simply a refactor of current UI validation rule mechanism (which we find great) in the middleware. And interfacing it with user endpoints (i.e UI & REST), that will only keep responsibility of expressing the validation results to the user.


Hi Mike,

We’ve made a step in this direction in the upcoming platform version 6.7. See the Entity Attribute Access Control feature. It’s not actually a dynamic validation rules mechanism, but it enables managing what attributes are visible, enabled or required for particular entity instances depending on the state of this instances and their linked entities.

The release candidate will be available in the next few days.