When an OpenAPI YAML file declares a field as an integral type in the request Body, the field could be declared for example as:
...
xyzID:
description: The Internal ID of XYZ that, within the app, uniquely identifies the specific XYZ record.
type: integer
format: int64
example: 911015108
...
The code would map to a Long value and expect that the openapi validation would catch it if somebody were to send in:
...
xyzID: "37983739"
...
Other formats could be used, such as int32, for example.
The code doesn't fail, as a change in the schema validator for handling path and query parameter treats both as idempotent, and the same validator is used:
networknt/json-schema-validator#101
APIs business logic or other cross-cutting concerns wired into the handler chain after openapi-validation would fail.
Recommended solution is to pass in the RequestValidator class in openapi-validator a parameter to the schemavalidator call, see line 112, to segregate between the handling of such values in path/query vs Body.
Request is to address it for all numeric types.
When an OpenAPI YAML file declares a field as an integral type in the request Body, the field could be declared for example as:
...
xyzID:
description: The Internal ID of XYZ that, within the app, uniquely identifies the specific XYZ record.
type: integer
format: int64
example: 911015108
...
The code would map to a Long value and expect that the openapi validation would catch it if somebody were to send in:
...
xyzID: "37983739"
...
Other formats could be used, such as int32, for example.
The code doesn't fail, as a change in the schema validator for handling path and query parameter treats both as idempotent, and the same validator is used:
networknt/json-schema-validator#101
APIs business logic or other cross-cutting concerns wired into the handler chain after openapi-validation would fail.
Recommended solution is to pass in the RequestValidator class in openapi-validator a parameter to the schemavalidator call, see line 112, to segregate between the handling of such values in path/query vs Body.
Request is to address it for all numeric types.