There have been a few discussions on this lately. I can't remember whether they were in the
JSP or
Servlets forum. Search both.
The bottom line is this:
If it absolutely, positively must be validated, do it on the server.
Some other arguments:
People can turn off Javascript.
Uncaught JS exceptions will stop all JS (which often leads to the form being submitted without validation.)
Client side validation can cut down on network traffic and make for a better user experience so it makes for a nice addition to server side validation.
If it absolutely, positively must be validated, do it on the server.