Well, there is a reason why the standard Validator does not offer access to the current HttpServletRequest: Validators are not web-specific in the first place, so they obviously shouldn't have any Servlet API artifacts in their signature. So I'm afraid standard Validators will remain the way they are, without access to the HttpServletRequest.
So in general, I would still recommend to override "onBindAndValidate" here. Note that you can easily delegate to some custom validator objects from there: For example, define a "RequestAwareValidator" interface yourself, implement it according to your needs, pass an instance into your controller through dependency injection, and call that instance from your "onBindAndValidate" implementation.
