Bean Validation

Bean Validation lets you declare input rules with annotations — @NotNull , @Size , @Email — and have Spring enforce them automatically with @Valid , surfacing problems through a BindingResult or a 400 response.

Learn Bean Validation in our free Java course — a beginner-friendly interactive lesson with worked examples, a practice exercise and a quick reference.

Part of the free Java course at LearnCodingFast — hands-on lessons with examples you run in your browser, plus practice exercises and a quick quiz.

You should know how a Spring REST controller binds a @RequestBody . These examples use the jakarta.validation constraints.

💡 Analogy: Validation annotations are the guest list rules posted at the door, and @Valid is the bouncer who actually checks them. The rules — "name required, 2-30 characters," "must be 18+" — live on the request object. When a request arrives, the bouncer reads each rule; if anything fails, the visitor is turned away (a 400) or you get a clipboard of every problem (the BindingResult ) to handle yourself. Bad data never reaches the party.

Declare the rules once; let the framework enforce them everywhere.

Annotate the fields of a request object. @NotBlank for required text, @Size for length, @Email for format, @Min / @Max for ranges. Each takes an optional message .

Put @Valid on the @RequestBody parameter. With no BindingResult , a failure becomes a 400 Bad Request automatically; add a BindingResult right after it to inspect errors yourself.

Under the hood, a validator runs rules like the ones below and collects every failure. Here is the same logic in plain Java so you can run it.

Answer: it passes @NotNull (it isn't null) but fails @NotBlank (no non-whitespace characters).

Answer: 400 Bad Request , via MethodArgumentNotValidException .

Answer: immediately after the @Valid parameter it reports on.

🎯 YOUR TURN — Validate a ProductRequest

Annotate a ProductRequest with constraints for name, sku, price, and an optional description.

🧩 MINI-CHALLENGE — Return all field errors

Build a controller that collects every validation error into a Map<String,String> and returns it as a 400.

You can now declare input rules with jakarta.validation constraints, choose between @NotNull , @NotEmpty , and @NotBlank , enforce them with @Valid , and inspect failures through a BindingResult or a default 400.

Next up: Exception Handling with @ControllerAdvice — turning errors into clean, consistent responses.

Practice quiz

Which package do the standard Bean Validation annotations live in (modern Spring Boot)?

  • javax.validation
  • jakarta.validation.constraints
  • org.springframework.validation
  • java.validation

Answer: jakarta.validation.constraints. Modern Spring Boot uses Jakarta Bean Validation; constraints live in jakarta.validation.constraints.

What does @NotNull check?

  • The value is not null
  • The String is not blank
  • The collection is not empty
  • The number is positive

Answer: The value is not null. @NotNull simply requires the annotated value to be non-null (it allows an empty string).

Which annotation rejects null, empty, AND whitespace-only strings?

  • @NotNull
  • @NotEmpty
  • @NotBlank
  • @Size(min=1)

Answer: @NotBlank. @NotBlank requires a non-null string with at least one non-whitespace character.

What does @Size(min = 2, max = 30) constrain?

  • Only numbers
  • The byte size of a file
  • The number of fields
  • The length/size of a string, collection, or array

Answer: The length/size of a string, collection, or array. @Size constrains the length of a String or the size of a collection/array/map to the given range.

What triggers validation of a @RequestBody in a controller?

  • @Validated on the class only
  • Annotating the parameter with @Valid
  • It is always automatic
  • A try/catch block

Answer: Annotating the parameter with @Valid. Placing @Valid (or @Validated) on the method parameter tells Spring to validate the bound object.

Where do you inspect validation errors when you add a BindingResult parameter?

  • In the response headers
  • In the BindingResult immediately after the @Valid parameter
  • In a static field
  • In application.properties

Answer: In the BindingResult immediately after the @Valid parameter. A BindingResult declared right after the validated parameter holds the field errors for manual handling.

What does @Email validate?

  • The string is a syntactically valid email address
  • The address exists
  • The domain is reachable
  • The inbox is empty

Answer: The string is a syntactically valid email address. @Email only checks that the string matches an email-address format; it cannot confirm deliverability.

Which annotation requires a numeric value to be at least a minimum?

  • @Max
  • @Min
  • @Positive
  • @Size

Answer: @Min. @Min(value) requires the number to be greater than or equal to the given minimum.

By default, what HTTP status does Spring return when @Valid fails on a @RequestBody (no BindingResult)?

  • 200 OK
  • 500 Internal Server Error
  • 400 Bad Request
  • 404 Not Found

Answer: 400 Bad Request. A failed @Valid on a request body raises MethodArgumentNotValidException, mapped to 400 Bad Request by default.

What is the role of the message attribute on a constraint, e.g. @Size(message = "...")?

  • It changes the field name
  • It disables the constraint
  • It sets a default value
  • It customizes the validation error message

Answer: It customizes the validation error message. The message attribute customizes the error text reported when the constraint is violated.