Go back to Read chapters

How to validate and escape API messages with twitter text and custom validator

How to validate API messages with a either a twitter-text Open Source validator, spring-data or a custom validator.

By going on a path of microservice architecture we have more options to choose how we build and bind services together. The initial proposition for this book was to build services as separate microservices that would be bound together by a proxy layer. The proxy layer would be before calling the service layer and it would handle the security, validation and escaping of the characters before calling the services. 

In the current service configuration it is better to have the validation in each of the service components. Here we present how to validate the messaging API messages with

  • twitter-text component that is released as Open Source under Apache 2 License for Java here Twitter-text
  • Spring validation using Java validators for example the @Size validator in the API controller class
  • Custom validation for the Control character validation in the message
  • Spring HtmlUtils to escape the HTML characters before passing the message forward to the hashtag handler
  • The HashtagParserUtil utility class is designed to remove special characters from the hashtag words so that hashtag #f-ree will become #free and #free is used to index the hashtag. Also the escaped strings are removed eg. > < strings

How to validate text message with twitter-text validation

Let's start with the twitter-text validation, it has validation for 140 characters and also data validation. The validation JAR dependency can be added by adding the following configuration to the POM.xml file. You can choose the version accordingly from twitter-text Gitbub tags


After that you can add the call for the message validation for example

Validator messageTextValidator = new Validator();

if (!messageTextValidator.isValidTweet(message)) {

throw new InputValidationException("Message is not valid");


How to validate REST API Reqeuest parameters in Spring Boot with Java Size validator

The Spring validation does not work straight with the API parameters without some configuration changes in the Spring boot application configuration. We have to inject a MethodValidationPostProcessor class to the Spring boot application configuration. In the application class we add the following:


public MethodValidationPostProcessor methodValidationPostProcessor() {

return new MethodValidationPostProcessor();


After that the REST API Controller class can have an annotation @Validated on the API method level for example in the addContent method below.

@RequestMapping(method = RequestMethod.POST)

public Content addContent(

@Size(min = 1, max = 1000, message = "Message length is invalid.") @RequestParam(required = true) String message)

How to build a custom validator to validate message text control characters

The following section is about how to make a simple custom validator for the message characters. The message is a stream of bytes and we want to validate that each character belongs to a correct group. If a single character belongs to a group of Control characters and is not a whitespace character then the message is invalid and will not be handled. We thow an exception at this point that stops the handling of this message and returns the error to the caller or client. 

We use the Java Character class in the MessageValidator class to check the group where each character belongs. The following invalidates for example a message that has the BACKSPACE character 

boolean isWhiteSpace = Character.isWhitespace(codePoint);

boolean isISOControl = Character.isISOControl(codePoint);

if (isISOControl && !isWhiteSpace) {

throw new InputValidationException("Message validation failed at character point [" + index + "]");


You can download the Hashtag messaging API application that is updated with the configurable Validation classes here. We have added a new property that can be switched on or off for the twitter-text validation because this invalidates all messages over 140 characters. The database configuration handles messages up to 1000 characters currently. This is configured in the application.properties file by default to validate the twitter-text with the following parameter. The validation can be turned off by removing this line:


How to escape characters that are used in HTML tags

Because we are using HTML as one of the client the HTML tag escaping must be done before handling the message over forward to the service layer. In Spring we can use the simple call to escape the characters with:


Download the validators from the previous chapter resources or from the Docker chapter

Download the Hashtag messaging API Validators in the end of the Spring Boot chapter

Download the Docker container for Hashtag messaging API Validators in the end of the Docker chapter

What new ideas or thoughts this chapter gave you?