aspose file tools*
The moose likes Servlets and the fly likes server side validations Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "server side validations" Watch "server side validations" New topic
Author

server side validations

smrithi prabhakar
Greenhorn

Joined: Oct 21, 2005
Posts: 4
Hi all,
I have a Jsp which takes some form inputs from the user and sends it to a servlet. The servlet routes it to the appropriate CRUD operation depending on the button user selected. there is DAO class to create conection to the datasource. now where should the validations for the form inputs be done. 'client side' or 'server side'? and what does these terms mean.
is it true that if validations are done client side then there are chances of the browser ignoring them.
Sai Krishna Chitta
Greenhorn

Joined: Oct 22, 2004
Posts: 12
Well, you can do the validations at both sides. Server Side you can do the validations in Servlet, as your business logic resides in DAOs.
James Clinton
Ranch Hand

Joined: Jun 23, 2003
Posts: 190
An important point to add here is regarding RISK. If your building a finanical site then you will most likely wish to apply validation on both ends on the most/all critical fields. If your validating a form for something less 'security critial' then you may wish to assume that your validation on the client side will be sufficent and your'd perfer to gain performance benefits....

It's all about risk..
[ October 26, 2005: Message edited by: James Clinton ]
Arun Kumar S
Greenhorn

Joined: Oct 26, 2005
Posts: 3
The risk factor:
Well, the client side validation can be done using javascript or any scripting language. The major problem being, The client side user can change the source code (validation) since its not encrypted and process the data-updation.

Its always safe to go with server-side validation.


You FAIL only if you FAIL to TRY!!!
Scott Selikoff
author
Saloon Keeper

Joined: Oct 23, 2005
Posts: 3710
    
    5

Only use javascript for visual validation, such as you want a pop-up to appear or a field to change color if they are missing a field value. This validation counts for almost nothing in the long run though.

The J2EE client, such as a JSP/servlet should validate the data but doesn't neccessarily have to. If the service has exactly one consumer and this consumer is completely controlle by you then you are safe to put 100% of the validation here and none in the server side. Alternatively, if you have many consumers and/or the consumers aren't controller by you such as in a web service, 100% of the validation should exist on the server irregardless of what is put here.

I've found in general the server does need to do all the validation since there are some conditions, like determining if user all ready exists before adding a new one, should only be done inside the scope of a server side transaction.


New/Old Issue related to this:

One issue that gave me a headache once was determining which level character field length should be validatd, such as name having max length of 30. If the database is set up for a max length of 30, the database is all ready validating this and will never allow the transaction to complete if name is greater than 30 so the server is safe. If the HTML form is set up to only allow 30 characters in the form, then it is validating this as well. The question becomes do any of the middle layers need to validate this thereby adding 3+ validation for the same data? Reasons why they shouldn't include that this may be database dependent, so maintainability is a problem. Reasons why they should include you want a clean message sent to the user indicating the precise problem, not some database exception or system error.

Any thoughts?


My Blog: Down Home Country Coding with Scott Selikoff
smrithi prabhakar
Greenhorn

Joined: Oct 21, 2005
Posts: 4
Hi,
Thank you all for the replies. it was very informative.
Thank you,
Have a nice day,
Adeel Ansari
Ranch Hand

Joined: Aug 15, 2004
Posts: 2874
Originally posted by Sai Krishna Chitta:
Well, you can do the validations at both sides. Server Side you can do the validations in Servlet, as your business logic resides in DAOs.


Just to add up here. You can use "Intercepting Filter" for your validation stuff.

Intercepting Filter is a J2EE Pattern
Stan James
(instanceof Sidekick)
Ranch Hand

Joined: Jan 29, 2003
Posts: 8791
I always say the model has the ultimate responsibility for correctness, so it must validate the data. Looking out from the viewpoint of the model, I don't trust today's client and all possible future clients well enough to skip this responsibility. The client may duplicate those rulse to improve the user experience right up to your pain threshhold for duplication.

There are some platforms that put validations in a rules language, execute the ruels directly in the model and generate JavaScript for the view on the fly so the view and the model use the same rules. That has great theoretical appeal to me but I haven't used any of them to see if they really work.


A good question is never answered. It is not a bolt to be tightened into place but a seed to be planted and to bear more seed toward the hope of greening the landscape of the idea. John Ciardi
Adeel Ansari
Ranch Hand

Joined: Aug 15, 2004
Posts: 2874
Originally posted by Stan James:
There are some platforms that put validations in a rules language, execute the ruels directly in the model and generate JavaScript for the view on the fly so the view and the model use the same rules. That has great theoretical appeal to me but I haven't used any of them to see if they really work.


Yeah. I am using Jakarta Commons Validator with JSF framework. It is working like charm.
Timothy Sam
Ranch Hand

Joined: Sep 18, 2005
Posts: 746
Hi, I'm only 2 weeks with JSP and Servlets... I find using the memento pattern useful for validations using a java bean to do the work... Here is the link... Hope that helps...
[ October 28, 2005: Message edited by: Timothy Sam ]

SCJP 1.5
http://devpinoy.org/blogs/lamia/ - http://everypesocounts.com/
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
 
subject: server side validations