Spring Spring webflux : Using JSR-380 validation.xml file to disable a @Valid annotation in a controller method dont work

Affects: \

I have a spring webflux using annotated controllers and java validation the controller interface is generated by open api generator so i cant modify it i need to add and disable some of the validations generated in the model classes and the controllers methods so i used the validation.xml as described in https://beanvalidation.org/2.0/spec/#xml-mapping-constraintdeclarationinxml everythings works fine but not the disabling of an @Valid in a controller method (updating the Model validation works and disabling validation annotations other than @Valid in the controller method works)

i have pushed a demo project in this location : https://github.com/influence160/spring-webflux-xml-validation-test to reproduce the bug

the demo project contains also a postman collection for testing

all the tests in the postman requests works as expected but not the last one (withValidationOverrided post model invalid id) Spring Spring webflux : Using JSR-380 validation.xml file to disable a @Valid annotation in a controller method dont work that one shouldnt results in a validation error because the validation is disabled in additional-validation-mapping.xml

i checked the code of the classorg.springframework.web.reactive.result.method.annotation.AbstractMessageReaderArgumentResolver and in the method protected Mono<Object> readBody(MethodParameter bodyParam, @Nullable MethodParameter actualParam, boolean isBodyRequired, BindingContext bindingContext, ServerWebExchange exchange) { the exception is raised by the method

    private void validate(Object target, Object[] validationHints, MethodParameter param, BindingContext binding, ServerWebExchange exchange) {
        String name = Conventions.getVariableNameForParameter(param);
        WebExchangeDataBinder binder = binding.createDataBinder(exchange, target, name);
        binder.validate(validationHints);
        if (binder.getBindingResult().hasErrors()) {
            throw new WebExchangeBindException(param, binder.getBindingResult());
        }
    }

because the value of hints come from org.springframework.validation.annotation.ValidationAnnotationUtils

which is checking for the annotation @Valid Spring Spring webflux : Using JSR-380 validation.xml file to disable a @Valid annotation in a controller method dont work

Possible Solution maybe ValidationAnnotationUtils should call the Constraint metadata request APIs of the JAVA Validation API ( https://beanvalidation.org/2.0/spec/#constraintmetadata ) to check if the parameter is annotated with @Valid

Comment From: jhoeller

This is outside of the scope of our @Valid processing which really only triggers a Validator SPI invocation, and only then a Bean Validation provider gets involved. I'm afraid it is not part of the design to check for disabled contraints within the Bean Validation setup at that point since this is a top-level validation trigger on a Spring MVC/WebFlux handler method, not a nested validation step within a graph of Bean Validation objects.