fix(fit): 修复 validation 守卫逻辑漏检 PARAMETER 目标约束注解

hasConstraintAnnotationsInParameter 仅检查 TYPE_USE 注解，遗漏仅标注
PARAMETER 的约束注解（如 @notblank 用于 @RequestParam），导致守卫未
拦截校验请求，最终引发 ClassCastException。同时修复 javax 版本
hasConstraintAnnotationsInType 逻辑短路问题，并为两个插件添加
jakarta.validation-api 的 sharedDependencies 配置。

Closes #412

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

Author: CodeCasterX

framework/fit/java/fit-builtin/plugins/fit-validation-hibernate-jakarta/pom.xml

@@ -87,6 +87,12 @@
                 <configuration>
                     <category>system</category>
                     <level>4</level>
+                    <sharedDependencies>
+                        <sharedDependency>
+                            <groupId>jakarta.validation</groupId>
+                            <artifactId>jakarta.validation-api</artifactId>
+                        </sharedDependency>
+                    </sharedDependencies>
                 </configuration>
             </plugin>
             <plugin>

framework/fit/java/fit-builtin/plugins/fit-validation-hibernate-jakarta/src/main/java/modelengine/fitframework/validation/ValidationHandler.java

@@ -1,5 +1,5 @@
 /*---------------------------------------------------------------------------------------------
- *  Copyright (c) 2025 Huawei Technologies Co., Ltd. All rights reserved.
+ *  Copyright (c) 2025-2026 Huawei Technologies Co., Ltd. All rights reserved.
  *  This file is a part of the ModelEngine Project.
  *  Licensed under the MIT License. See License.txt in the project root for license information.
  *--------------------------------------------------------------------------------------------*/
@@ -108,6 +108,9 @@ private boolean hasJakartaConstraintAnnotations(Parameter[] parameters) {
      * @return 如果包含 {@code jakarta.validation} 标注的校验注解则返回 {@code true}，否则返回 {@code false}。
      */
     private boolean hasConstraintAnnotationsInParameter(Parameter parameter) {
+        if (Arrays.stream(parameter.getAnnotations()).anyMatch(this::isJakartaConstraintAnnotation)) {
+            return true;
+        }
         return hasConstraintAnnotationsInType(parameter.getAnnotatedType());
     }
 
@@ -163,4 +166,4 @@ private boolean isJakartaConstraintAnnotation(Annotation annotation) {
             return "jakarta.validation".equals(packageName) && "Constraint".equals(className);
         });
     }
-}
+}

framework/fit/java/fit-builtin/plugins/fit-validation-hibernate-jakarta/src/test/java/modelengine/fitframework/validation/ValidationDataControllerTest.java

@@ -1,5 +1,5 @@
 /*---------------------------------------------------------------------------------------------
- *  Copyright (c) 2025 Huawei Technologies Co., Ltd. All rights reserved.
+ *  Copyright (c) 2025-2026 Huawei Technologies Co., Ltd. All rights reserved.
  *  This file is a part of the ModelEngine Project.
  *  Licensed under the MIT License. See License.txt in the project root for license information.
  *--------------------------------------------------------------------------------------------*/
@@ -92,4 +92,24 @@ void shouldFailedWhenCreateInvalidCompanyWithGroup() {
         this.response = this.mockMvc.perform(requestBuilder);
         assertThat(this.response.statusCode()).isEqualTo(500);
     }
-}
+
+    @Test
+    @DisplayName("RequestParam 参数 NotBlank 校验 - 空白值应返回 500")
+    void shouldFailWhenRequestParamIsBlank() {
+        MockRequestBuilder requestBuilder = MockMvcRequestBuilders.post("/validation/param/notblank")
+                .param("name", "  ")
+                .responseType(Void.class);
+        this.response = this.mockMvc.perform(requestBuilder);
+        assertThat(this.response.statusCode()).isEqualTo(500);
+    }
+
+    @Test
+    @DisplayName("RequestParam 参数 NotBlank 校验 - 合法值应返回 200")
+    void shouldOkWhenRequestParamIsNotBlank() {
+        MockRequestBuilder requestBuilder = MockMvcRequestBuilders.post("/validation/param/notblank")
+                .param("name", "validName")
+                .responseType(Void.class);
+        this.response = this.mockMvc.perform(requestBuilder);
+        assertThat(this.response.statusCode()).isEqualTo(200);
+    }
+}

framework/fit/java/fit-builtin/plugins/fit-validation-hibernate-jakarta/src/test/java/modelengine/fitframework/validation/ValidationHandlerTest.java

@@ -1,5 +1,5 @@
 /*---------------------------------------------------------------------------------------------
- *  Copyright (c) 2025 Huawei Technologies Co., Ltd. All rights reserved.
+ *  Copyright (c) 2025-2026 Huawei Technologies Co., Ltd. All rights reserved.
  *  This file is a part of the ModelEngine Project.
  *  Licensed under the MIT License. See License.txt in the project root for license information.
  *--------------------------------------------------------------------------------------------*/
@@ -11,7 +11,10 @@
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.when;
 
+import jakarta.validation.Constraint;
 import jakarta.validation.ConstraintViolationException;
+import jakarta.validation.Payload;
+import jakarta.validation.Valid;
 import modelengine.fitframework.aop.JoinPoint;
 import modelengine.fitframework.ioc.BeanContainer;
 import modelengine.fitframework.ioc.annotation.AnnotationMetadataResolver;
@@ -31,6 +34,10 @@
 import org.junit.jupiter.api.Test;
 import org.mockito.Mockito;
 
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
 import java.lang.reflect.InvocationTargetException;
 import java.lang.reflect.Method;
 import java.math.BigDecimal;
@@ -79,6 +86,37 @@ private ConstraintViolationException invokeHandleMethod(Method targetMethod, Obj
         return ObjectUtils.cast(invocationTargetException.getTargetException());
     }
 
+    private boolean invokeHasJakartaConstraintAnnotations(Method targetMethod) {
+        Method hasJakartaConstraintAnnotationsMethod =
+                ReflectionUtils.getDeclaredMethod(ValidationHandler.class, "hasJakartaConstraintAnnotations",
+                        java.lang.reflect.Parameter[].class);
+        hasJakartaConstraintAnnotationsMethod.setAccessible(true);
+        try {
+            return ObjectUtils.cast(hasJakartaConstraintAnnotationsMethod.invoke(this.handler,
+                    new Object[] {targetMethod.getParameters()}));
+        } catch (IllegalAccessException | InvocationTargetException exception) {
+            throw new IllegalStateException("调用 hasJakartaConstraintAnnotations 失败", exception);
+        }
+    }
+
+    @Test
+    @DisplayName("仅 PARAMETER 目标的约束注解应被检测")
+    void shouldDetectParameterConstraintWithoutTypeUse() {
+        Method method =
+                ReflectionUtils.getDeclaredMethod(GuardValidationService.class, "validateParameterOnly", String.class);
+        boolean hasConstraintAnnotations = invokeHasJakartaConstraintAnnotations(method);
+        assertThat(hasConstraintAnnotations).isTrue();
+    }
+
+    @Test
+    @DisplayName("存在非约束类型注解时仍应检测泛型参数中的约束注解")
+    void shouldDetectConstraintInGenericTypeWhenTypeHasNonConstraintAnnotation() {
+        Method method = ReflectionUtils.getDeclaredMethod(GuardValidationService.class, "validateEmployeeList",
+                List.class);
+        boolean hasConstraintAnnotations = invokeHasJakartaConstraintAnnotations(method);
+        assertThat(hasConstraintAnnotations).isTrue();
+    }
+
     @Test
     @DisplayName("测试校验原始类型成功")
     void givePrimitiveThenValidateOk() {
@@ -773,4 +811,25 @@ void testNullValidation() {
             assertThat(exception.getMessage()).isNotNull();
         }
     }
-}
+
+    private static class GuardValidationService {
+        public void validateParameterOnly(@ParameterOnlyConstraint String name) {}
+
+        public void validateEmployeeList(@NoConstraintTypeUse List<@Valid Employee> employees) {}
+    }
+
+    @Target(ElementType.PARAMETER)
+    @Retention(RetentionPolicy.RUNTIME)
+    @Constraint(validatedBy = {})
+    private @interface ParameterOnlyConstraint {
+        String message() default "参数不合法";
+
+        Class<?>[] groups() default {};
+
+        Class<? extends Payload>[] payload() default {};
+    }
+
+    @Target(ElementType.TYPE_USE)
+    @Retention(RetentionPolicy.RUNTIME)
+    private @interface NoConstraintTypeUse {}
+}

framework/fit/java/fit-builtin/plugins/fit-validation-hibernate-jakarta/src/test/java/modelengine/fitframework/validation/data/ValidationDataController.java

@@ -1,15 +1,17 @@
 /*---------------------------------------------------------------------------------------------
- *  Copyright (c) 2025 Huawei Technologies Co., Ltd. All rights reserved.
+ *  Copyright (c) 2025-2026 Huawei Technologies Co., Ltd. All rights reserved.
  *  This file is a part of the ModelEngine Project.
  *  Licensed under the MIT License. See License.txt in the project root for license information.
  *--------------------------------------------------------------------------------------------*/
 
 package modelengine.fitframework.validation.data;
 
 import jakarta.validation.Valid;
+import jakarta.validation.constraints.NotBlank;
 import modelengine.fit.http.annotation.PostMapping;
 import modelengine.fit.http.annotation.RequestBody;
 import modelengine.fit.http.annotation.RequestMapping;
+import modelengine.fit.http.annotation.RequestParam;
 import modelengine.fitframework.annotation.Component;
 import modelengine.fitframework.validation.Validated;
 
@@ -38,4 +40,12 @@ public void validateCompanyDefaultGroup(@RequestBody @Valid Company company) {}
      */
     @PostMapping(path = "/company/companyGroup", description = "验证 Company 类特定分组注解")
     public void validateCompanyGroup(@RequestBody @Valid Company company) {}
-}
+
+    /**
+     * 验证 RequestParam 参数的 NotBlank 约束。
+     *
+     * @param name 表示待校验的名字参数的 {@link String}。
+     */
+    @PostMapping(path = "/param/notblank", description = "验证 RequestParam 参数的 NotBlank 约束")
+    public void validateRequestParamNotBlank(@RequestParam("name") @NotBlank String name) {}
+}

framework/fit/java/fit-builtin/plugins/fit-validation-hibernate-javax/pom.xml

@@ -87,6 +87,12 @@
                 <configuration>
                     <category>system</category>
                     <level>4</level>
+                    <sharedDependencies>
+                        <sharedDependency>
+                            <groupId>jakarta.validation</groupId>
+                            <artifactId>jakarta.validation-api</artifactId>
+                        </sharedDependency>
+                    </sharedDependencies>
                 </configuration>
             </plugin>
             <plugin>

framework/fit/java/fit-builtin/plugins/fit-validation-hibernate-javax/src/main/java/modelengine/fitframework/validation/ValidationHandler.java

@@ -1,5 +1,5 @@
 /*---------------------------------------------------------------------------------------------
- *  Copyright (c) 2025 Huawei Technologies Co., Ltd. All rights reserved.
+ *  Copyright (c) 2025-2026 Huawei Technologies Co., Ltd. All rights reserved.
  *  This file is a part of the ModelEngine Project.
  *  Licensed under the MIT License. See License.txt in the project root for license information.
  *--------------------------------------------------------------------------------------------*/
@@ -109,6 +109,9 @@ private boolean hasJavaxConstraintAnnotations(Parameter[] parameters) {
      * @return 如果包含 {@code javax.validation} 标注的校验注解则返回 {@code true}，否则返回 {@code false}。
      */
     private boolean hasConstraintAnnotationsInParameter(Parameter parameter) {
+        if (Arrays.stream(parameter.getAnnotations()).anyMatch(this::isJavaxConstraintAnnotation)) {
+            return true;
+        }
         return hasConstraintAnnotationsInType(parameter.getAnnotatedType());
     }
 
@@ -120,8 +123,8 @@ private boolean hasConstraintAnnotationsInParameter(Parameter parameter) {
      */
     private boolean hasConstraintAnnotationsInType(AnnotatedType annotatedType) {
         // 检查当前类型上的注解。
-        if (annotatedType.getAnnotations().length > 0) {
-            return Arrays.stream(annotatedType.getAnnotations()).anyMatch(this::isJavaxConstraintAnnotation);
+        if (Arrays.stream(annotatedType.getAnnotations()).anyMatch(this::isJavaxConstraintAnnotation)) {
+            return true;
         }
         // 如果是参数化类型，递归检查类型参数。
         if (annotatedType instanceof AnnotatedParameterizedType parameterizedType) {
@@ -164,4 +167,4 @@ private boolean isJavaxConstraintAnnotation(Annotation annotation) {
             return "javax.validation".equals(packageName) && "Constraint".equals(className);
         });
     }
-}
+}

framework/fit/java/fit-builtin/plugins/fit-validation-hibernate-javax/src/test/java/modelengine/fitframework/validation/ValidationDataControllerTest.java

@@ -1,5 +1,5 @@
 /*---------------------------------------------------------------------------------------------
- *  Copyright (c) 2025 Huawei Technologies Co., Ltd. All rights reserved.
+ *  Copyright (c) 2025-2026 Huawei Technologies Co., Ltd. All rights reserved.
  *  This file is a part of the ModelEngine Project.
  *  Licensed under the MIT License. See License.txt in the project root for license information.
  *--------------------------------------------------------------------------------------------*/
@@ -92,4 +92,24 @@ void shouldFailedWhenCreateInvalidCompanyWithGroup() {
         this.response = this.mockMvc.perform(requestBuilder);
         assertThat(this.response.statusCode()).isEqualTo(500);
     }
-}
+
+    @Test
+    @DisplayName("RequestParam 参数 NotBlank 校验 - 空白值应返回 500")
+    void shouldFailWhenRequestParamIsBlank() {
+        MockRequestBuilder requestBuilder = MockMvcRequestBuilders.post("/validation/param/notblank")
+                .param("name", "  ")
+                .responseType(Void.class);
+        this.response = this.mockMvc.perform(requestBuilder);
+        assertThat(this.response.statusCode()).isEqualTo(500);
+    }
+
+    @Test
+    @DisplayName("RequestParam 参数 NotBlank 校验 - 合法值应返回 200")
+    void shouldOkWhenRequestParamIsNotBlank() {
+        MockRequestBuilder requestBuilder = MockMvcRequestBuilders.post("/validation/param/notblank")
+                .param("name", "validName")
+                .responseType(Void.class);
+        this.response = this.mockMvc.perform(requestBuilder);
+        assertThat(this.response.statusCode()).isEqualTo(200);
+    }
+}

framework/fit/java/fit-builtin/plugins/fit-validation-hibernate-javax/src/test/java/modelengine/fitframework/validation/ValidationHandlerTest.java

@@ -1,5 +1,5 @@
 /*---------------------------------------------------------------------------------------------
- *  Copyright (c) 2025 Huawei Technologies Co., Ltd. All rights reserved.
+ *  Copyright (c) 2025-2026 Huawei Technologies Co., Ltd. All rights reserved.
  *  This file is a part of the ModelEngine Project.
  *  Licensed under the MIT License. See License.txt in the project root for license information.
  *--------------------------------------------------------------------------------------------*/
@@ -40,8 +40,15 @@
 import java.util.List;
 import java.util.Locale;
 import java.util.Map;
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
 
+import javax.validation.Constraint;
 import javax.validation.ConstraintViolationException;
+import javax.validation.Payload;
+import javax.validation.Valid;
 
 /**
  * {@link ValidationHandler} 的单元测试。
@@ -80,6 +87,37 @@ private ConstraintViolationException invokeHandleMethod(Method targetMethod, Obj
         return ObjectUtils.cast(invocationTargetException.getTargetException());
     }
 
+    private boolean invokeHasJavaxConstraintAnnotations(Method targetMethod) {
+        Method hasJavaxConstraintAnnotationsMethod =
+                ReflectionUtils.getDeclaredMethod(ValidationHandler.class, "hasJavaxConstraintAnnotations",
+                        java.lang.reflect.Parameter[].class);
+        hasJavaxConstraintAnnotationsMethod.setAccessible(true);
+        try {
+            return ObjectUtils.cast(hasJavaxConstraintAnnotationsMethod.invoke(this.handler,
+                    new Object[] {targetMethod.getParameters()}));
+        } catch (IllegalAccessException | InvocationTargetException exception) {
+            throw new IllegalStateException("调用 hasJavaxConstraintAnnotations 失败", exception);
+        }
+    }
+
+    @Test
+    @DisplayName("仅 PARAMETER 目标的约束注解应被检测")
+    void shouldDetectParameterConstraintWithoutTypeUse() {
+        Method method =
+                ReflectionUtils.getDeclaredMethod(GuardValidationService.class, "validateParameterOnly", String.class);
+        boolean hasConstraintAnnotations = invokeHasJavaxConstraintAnnotations(method);
+        assertThat(hasConstraintAnnotations).isTrue();
+    }
+
+    @Test
+    @DisplayName("存在非约束类型注解时仍应检测泛型参数中的约束注解")
+    void shouldDetectConstraintInGenericTypeWhenTypeHasNonConstraintAnnotation() {
+        Method method = ReflectionUtils.getDeclaredMethod(GuardValidationService.class, "validateEmployeeList",
+                List.class);
+        boolean hasConstraintAnnotations = invokeHasJavaxConstraintAnnotations(method);
+        assertThat(hasConstraintAnnotations).isTrue();
+    }
+
     @Test
     @DisplayName("测试校验原始类型成功")
     void givePrimitiveThenValidateOk() {
@@ -774,4 +812,25 @@ void testNullValidation() {
             assertThat(exception.getMessage()).isNotNull();
         }
     }
+
+    private static class GuardValidationService {
+        public void validateParameterOnly(@ParameterOnlyConstraint String name) {}
+
+        public void validateEmployeeList(@NoConstraintTypeUse List<@Valid Employee> employees) {}
+    }
+
+    @Target(ElementType.PARAMETER)
+    @Retention(RetentionPolicy.RUNTIME)
+    @Constraint(validatedBy = {})
+    private @interface ParameterOnlyConstraint {
+        String message() default "参数不合法";
+
+        Class<?>[] groups() default {};
+
+        Class<? extends Payload>[] payload() default {};
+    }
+
+    @Target(ElementType.TYPE_USE)
+    @Retention(RetentionPolicy.RUNTIME)
+    private @interface NoConstraintTypeUse {}
 }