fix(fit): 修复 validation 守卫漏检约束注解的多个场景

修复 hasConstraintAnnotations 守卫方法在以下场景无法检测约束注解的问题：

1. 仅标注 PARAMETER 目标的约束注解（如自定义 @ParameterOnlyConstraint）
   未被 hasConstraintAnnotationsInParameter 检测，因原逻辑仅检查
   TYPE_USE 注解。新增 parameter.getAnnotations() 检查。

2. 约束注解仅声明在接口方法参数上时，Java 反射中方法参数注解不从
   接口继承，导致守卫检查返回 false。重构方法签名为接受 Method，
   遍历接口层次结构查找同签名接口方法的参数注解。

3. javax 版 hasConstraintAnnotationsInType 存在逻辑短路，当参数上
   有非约束注解时直接返回 false，跳过泛型类型参数检查。

同时为两个插件添加 validation-api 的 sharedDependencies 配置。

Closes #412

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

Author: CodeCasterX

framework/fit/java/fit-builtin/plugins/fit-validation-hibernate-jakarta/pom.xml

@@ -87,6 +87,12 @@
                 <configuration>
                     <category>system</category>
                     <level>4</level>
+                    <sharedDependencies>
+                        <sharedDependency>
+                            <groupId>jakarta.validation</groupId>
+                            <artifactId>jakarta.validation-api</artifactId>
+                        </sharedDependency>
+                    </sharedDependencies>
                 </configuration>
             </plugin>
             <plugin>

framework/fit/java/fit-builtin/plugins/fit-validation-hibernate-jakarta/src/main/java/modelengine/fitframework/validation/ValidationHandler.java

@@ -1,5 +1,5 @@
 /*---------------------------------------------------------------------------------------------
- *  Copyright (c) 2025 Huawei Technologies Co., Ltd. All rights reserved.
+ *  Copyright (c) 2025-2026 Huawei Technologies Co., Ltd. All rights reserved.
  *  This file is a part of the ModelEngine Project.
  *  Licensed under the MIT License. See License.txt in the project root for license information.
  *--------------------------------------------------------------------------------------------*/
@@ -24,6 +24,7 @@
 import java.lang.annotation.Annotation;
 import java.lang.reflect.AnnotatedParameterizedType;
 import java.lang.reflect.AnnotatedType;
+import java.lang.reflect.Method;
 import java.lang.reflect.Parameter;
 import java.util.Arrays;
 import java.util.Locale;
@@ -72,11 +73,12 @@ public void setLocale(Locale locale) {
      */
     @Before(value = "@target(validated) && execution(public * *(..))", argNames = "joinPoint, validated")
     private void handle(JoinPoint joinPoint, Validated validated) {
+        Method method = joinPoint.getMethod();
         // 检查方法参数是否包含被 jakarta.validation.Constraint 标注的校验注解。
-        if (hasJakartaConstraintAnnotations(joinPoint.getMethod().getParameters())) {
+        if (hasJakartaConstraintAnnotations(method)) {
             ExecutableValidator execVal = this.validator.forExecutables();
             Set<ConstraintViolation<Object>> result = execVal.validateParameters(joinPoint.getTarget(),
-                    joinPoint.getMethod(),
+                    method,
                     joinPoint.getArgs(),
                     validated.value());
             if (!result.isEmpty()) {
@@ -94,11 +96,32 @@ public void close() {
     /**
      * 检查方法参数是否包含 {@code jakarta.validation} 校验注解。
      *
-     * @param parameters 表示可能携带校验注解的方法参数数组 {@link Parameter}{@code []}。
+     * @param method 表示待检查的方法 {@link Method}。
      * @return 如果包含 {@code jakarta.validation} 标注的校验注解则返回 {@code true}，否则返回 {@code false}。
      */
-    private boolean hasJakartaConstraintAnnotations(Parameter[] parameters) {
-        return Arrays.stream(parameters).anyMatch(this::hasConstraintAnnotationsInParameter);
+    private boolean hasJakartaConstraintAnnotations(Method method) {
+        if (Arrays.stream(method.getParameters()).anyMatch(this::hasConstraintAnnotationsInParameter)) {
+            return true;
+        }
+        return this.hasConstraintAnnotationsInInterfaces(method);
+    }
+
+    private boolean hasConstraintAnnotationsInInterfaces(Method method) {
+        Class<?> clazz = method.getDeclaringClass();
+        while (clazz != null) {
+            for (Class<?> iface : clazz.getInterfaces()) {
+                try {
+                    Method interfaceMethod = iface.getMethod(method.getName(), method.getParameterTypes());
+                    if (Arrays.stream(interfaceMethod.getParameters()).anyMatch(this::hasConstraintAnnotationsInParameter)) {
+                        return true;
+                    }
+                } catch (NoSuchMethodException ignored) {
+                    // 当前接口未声明该方法，继续检查其他接口。
+                }
+            }
+            clazz = clazz.getSuperclass();
+        }
+        return false;
     }
 
     /**
@@ -108,6 +131,9 @@ private boolean hasJakartaConstraintAnnotations(Parameter[] parameters) {
      * @return 如果包含 {@code jakarta.validation} 标注的校验注解则返回 {@code true}，否则返回 {@code false}。
      */
     private boolean hasConstraintAnnotationsInParameter(Parameter parameter) {
+        if (Arrays.stream(parameter.getAnnotations()).anyMatch(this::isJakartaConstraintAnnotation)) {
+            return true;
+        }
         return hasConstraintAnnotationsInType(parameter.getAnnotatedType());
     }
 
@@ -163,4 +189,4 @@ private boolean isJakartaConstraintAnnotation(Annotation annotation) {
             return "jakarta.validation".equals(packageName) && "Constraint".equals(className);
         });
     }
-}
+}

framework/fit/java/fit-builtin/plugins/fit-validation-hibernate-jakarta/src/test/java/modelengine/fitframework/validation/ValidationDataControllerTest.java

@@ -1,5 +1,5 @@
 /*---------------------------------------------------------------------------------------------
- *  Copyright (c) 2025 Huawei Technologies Co., Ltd. All rights reserved.
+ *  Copyright (c) 2025-2026 Huawei Technologies Co., Ltd. All rights reserved.
  *  This file is a part of the ModelEngine Project.
  *  Licensed under the MIT License. See License.txt in the project root for license information.
  *--------------------------------------------------------------------------------------------*/
@@ -92,4 +92,24 @@ void shouldFailedWhenCreateInvalidCompanyWithGroup() {
         this.response = this.mockMvc.perform(requestBuilder);
         assertThat(this.response.statusCode()).isEqualTo(500);
     }
-}
+
+    @Test
+    @DisplayName("RequestParam 参数 NotBlank 校验 - 空白值应返回 500")
+    void shouldFailWhenRequestParamIsBlank() {
+        MockRequestBuilder requestBuilder = MockMvcRequestBuilders.post("/validation/param/notblank")
+                .param("name", "  ")
+                .responseType(Void.class);
+        this.response = this.mockMvc.perform(requestBuilder);
+        assertThat(this.response.statusCode()).isEqualTo(500);
+    }
+
+    @Test
+    @DisplayName("RequestParam 参数 NotBlank 校验 - 合法值应返回 200")
+    void shouldOkWhenRequestParamIsNotBlank() {
+        MockRequestBuilder requestBuilder = MockMvcRequestBuilders.post("/validation/param/notblank")
+                .param("name", "validName")
+                .responseType(Void.class);
+        this.response = this.mockMvc.perform(requestBuilder);
+        assertThat(this.response.statusCode()).isEqualTo(200);
+    }
+}

framework/fit/java/fit-builtin/plugins/fit-validation-hibernate-jakarta/src/test/java/modelengine/fitframework/validation/ValidationHandlerTest.java

@@ -1,5 +1,5 @@
 /*---------------------------------------------------------------------------------------------
- *  Copyright (c) 2025 Huawei Technologies Co., Ltd. All rights reserved.
+ *  Copyright (c) 2025-2026 Huawei Technologies Co., Ltd. All rights reserved.
  *  This file is a part of the ModelEngine Project.
  *  Licensed under the MIT License. See License.txt in the project root for license information.
  *--------------------------------------------------------------------------------------------*/
@@ -11,7 +11,11 @@
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.when;
 
+import jakarta.validation.Constraint;
 import jakarta.validation.ConstraintViolationException;
+import jakarta.validation.Payload;
+import jakarta.validation.Valid;
+import jakarta.validation.constraints.NotNull;
 import modelengine.fitframework.aop.JoinPoint;
 import modelengine.fitframework.ioc.BeanContainer;
 import modelengine.fitframework.ioc.annotation.AnnotationMetadataResolver;
@@ -31,6 +35,10 @@
 import org.junit.jupiter.api.Test;
 import org.mockito.Mockito;
 
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
 import java.lang.reflect.InvocationTargetException;
 import java.lang.reflect.Method;
 import java.math.BigDecimal;
@@ -65,20 +73,73 @@ void setUp() {
     }
 
     private ConstraintViolationException invokeHandleMethod(Method targetMethod, Object[] args) {
+        return this.invokeHandleMethod(targetMethod, this.validateService, args);
+    }
+
+    private ConstraintViolationException invokeHandleMethod(Method targetMethod, Object target, Object[] args) {
         Method handleValidatedMethod =
                 ReflectionUtils.getDeclaredMethod(ValidationHandler.class, "handle", JoinPoint.class, Validated.class);
         handleValidatedMethod.setAccessible(true);
         JoinPoint joinPoint = mock(JoinPoint.class);
         when(joinPoint.getMethod()).thenReturn(targetMethod);
         when(joinPoint.getArgs()).thenReturn(args);
-        when(joinPoint.getTarget()).thenReturn(this.validateService);
+        when(joinPoint.getTarget()).thenReturn(target);
 
         InvocationTargetException invocationTargetException = catchThrowableOfType(InvocationTargetException.class,
                 () -> handleValidatedMethod.invoke(this.handler, joinPoint, this.validated));
 
         return ObjectUtils.cast(invocationTargetException.getTargetException());
     }
 
+    private boolean invokeHasJakartaConstraintAnnotations(Method targetMethod) {
+        Method hasJakartaConstraintAnnotationsMethod =
+                ReflectionUtils.getDeclaredMethod(ValidationHandler.class, "hasJakartaConstraintAnnotations",
+                        Method.class);
+        hasJakartaConstraintAnnotationsMethod.setAccessible(true);
+        try {
+            return ObjectUtils.cast(hasJakartaConstraintAnnotationsMethod.invoke(this.handler, targetMethod));
+        } catch (IllegalAccessException | InvocationTargetException exception) {
+            throw new IllegalStateException("调用 hasJakartaConstraintAnnotations 失败", exception);
+        }
+    }
+
+    @Test
+    @DisplayName("仅 PARAMETER 目标的约束注解应被检测")
+    void shouldDetectParameterConstraintWithoutTypeUse() {
+        Method method =
+                ReflectionUtils.getDeclaredMethod(GuardValidationService.class, "validateParameterOnly", String.class);
+        boolean hasConstraintAnnotations = invokeHasJakartaConstraintAnnotations(method);
+        assertThat(hasConstraintAnnotations).isTrue();
+    }
+
+    @Test
+    @DisplayName("存在非约束类型注解时仍应检测泛型参数中的约束注解")
+    void shouldDetectConstraintInGenericTypeWhenTypeHasNonConstraintAnnotation() {
+        Method method = ReflectionUtils.getDeclaredMethod(GuardValidationService.class, "validateEmployeeList",
+                List.class);
+        boolean hasConstraintAnnotations = invokeHasJakartaConstraintAnnotations(method);
+        assertThat(hasConstraintAnnotations).isTrue();
+    }
+
+    @Test
+    @DisplayName("接口声明约束注解时实现类方法也应被检测")
+    void shouldDetectConstraintAnnotationsFromInterface() {
+        Method method =
+                ReflectionUtils.getDeclaredMethod(ValidatedCommandHandlerImpl.class, "handle", Employee.class);
+        boolean hasConstraintAnnotations = invokeHasJakartaConstraintAnnotations(method);
+        assertThat(hasConstraintAnnotations).isTrue();
+    }
+
+    @Test
+    @DisplayName("接口声明约束注解时校验应生效")
+    void shouldValidateWhenConstraintAnnotationsOnInterface() {
+        Method method =
+                ReflectionUtils.getDeclaredMethod(ValidatedCommandHandlerImpl.class, "handle", Employee.class);
+        ConstraintViolationException exception =
+                invokeHandleMethod(method, new ValidatedCommandHandlerImpl(), new Object[] {null});
+        assertThat(exception.getMessage()).contains("Command cannot be null.");
+    }
+
     @Test
     @DisplayName("测试校验原始类型成功")
     void givePrimitiveThenValidateOk() {
@@ -773,4 +834,34 @@ void testNullValidation() {
             assertThat(exception.getMessage()).isNotNull();
         }
     }
-}
+
+    private static class GuardValidationService {
+        public void validateParameterOnly(@ParameterOnlyConstraint String name) {}
+
+        public void validateEmployeeList(@NoConstraintTypeUse List<@Valid Employee> employees) {}
+    }
+
+    private interface ValidatedCommandHandler {
+        void handle(@Valid @NotNull(message = "Command cannot be null.") Employee employee);
+    }
+
+    private static class ValidatedCommandHandlerImpl implements ValidatedCommandHandler {
+        @Override
+        public void handle(Employee employee) {}
+    }
+
+    @Target(ElementType.PARAMETER)
+    @Retention(RetentionPolicy.RUNTIME)
+    @Constraint(validatedBy = {})
+    private @interface ParameterOnlyConstraint {
+        String message() default "参数不合法";
+
+        Class<?>[] groups() default {};
+
+        Class<? extends Payload>[] payload() default {};
+    }
+
+    @Target(ElementType.TYPE_USE)
+    @Retention(RetentionPolicy.RUNTIME)
+    private @interface NoConstraintTypeUse {}
+}

framework/fit/java/fit-builtin/plugins/fit-validation-hibernate-jakarta/src/test/java/modelengine/fitframework/validation/data/ValidationDataController.java

@@ -1,15 +1,17 @@
 /*---------------------------------------------------------------------------------------------
- *  Copyright (c) 2025 Huawei Technologies Co., Ltd. All rights reserved.
+ *  Copyright (c) 2025-2026 Huawei Technologies Co., Ltd. All rights reserved.
  *  This file is a part of the ModelEngine Project.
  *  Licensed under the MIT License. See License.txt in the project root for license information.
  *--------------------------------------------------------------------------------------------*/
 
 package modelengine.fitframework.validation.data;
 
 import jakarta.validation.Valid;
+import jakarta.validation.constraints.NotBlank;
 import modelengine.fit.http.annotation.PostMapping;
 import modelengine.fit.http.annotation.RequestBody;
 import modelengine.fit.http.annotation.RequestMapping;
+import modelengine.fit.http.annotation.RequestParam;
 import modelengine.fitframework.annotation.Component;
 import modelengine.fitframework.validation.Validated;
 
@@ -38,4 +40,12 @@ public void validateCompanyDefaultGroup(@RequestBody @Valid Company company) {}
      */
     @PostMapping(path = "/company/companyGroup", description = "验证 Company 类特定分组注解")
     public void validateCompanyGroup(@RequestBody @Valid Company company) {}
-}
+
+    /**
+     * 验证 RequestParam 参数的 NotBlank 约束。
+     *
+     * @param name 表示待校验的名字参数的 {@link String}。
+     */
+    @PostMapping(path = "/param/notblank", description = "验证 RequestParam 参数的 NotBlank 约束")
+    public void validateRequestParamNotBlank(@RequestParam("name") @NotBlank String name) {}
+}

framework/fit/java/fit-builtin/plugins/fit-validation-hibernate-javax/pom.xml

@@ -87,6 +87,12 @@
                 <configuration>
                     <category>system</category>
                     <level>4</level>
+                    <sharedDependencies>
+                        <sharedDependency>
+                            <groupId>jakarta.validation</groupId>
+                            <artifactId>jakarta.validation-api</artifactId>
+                        </sharedDependency>
+                    </sharedDependencies>
                 </configuration>
             </plugin>
             <plugin>