Dear forum members,
I have a question regarding the MVC-approach: In my servlet some user-input from an HTML-Form needs to be verified, like "if the user-name < 3 out.println("name too short ")" etc.. Does this belong into the Servlet or should the servlet hand this kind of computations over to the "business logic" (the pure Java-class)?
Joined: May 31, 2010
This belongs to the Model i.e. the POJO that you will write.
Joined: Mar 15, 2009
It should be in model. Try to separate the business logic entirely. Model checks password and throws custom exception. Your custom-exception-class must be separate again.
@Abhijeet: Ugh, an exception for every validation issue? How would you handle multiple validation errors? Doesn't seem like a good idea.
@Frank: There are two different "kinds" of validation (at least). There's "simple" validation ("do I have a value for foo?" kind of stuff) and "complicated" validation ("does 'foo' match the requirements of the domain object I'm sending it too" etc.)
I am *not* a big fan of model-based validation, because it may preclude the re-use of the same model across different parts of an application. For example, we may want to use a User object during login: it has a user ID and a password. It has a bunch of other fields, but the login screen uses only the ID and password. Plain old model-based validation would mean the constraints for the *entire* user object would need to be met, which is unlikely. A form for filling in the rest of the User info, like an address, might not have the ID and password.
I'd consider those "simple" validations, but contextually dependent. I don't believe that kind of validation belongs in the model, but in a layer between the form itself and the model.
"Complicated" validations are a different issue. I'm still not convinced they belong in the model, at least the base-level model, particularly since they may be dependent on other factors besides just model data (like a setting, different contexts, etc.) but it really depends.
Individual exceptions would be a horrible way to deal with validations, as David pointed out.
I validate at many levels, performing the validation that makes the most sense at that level. It's not unusual for some validation to occur on the client, in the controller, and in the model (perhaps even at multiple levels in the model).
pamir sonmez wrote:I aimed to emphasize on the performance issues on the client validation addition to server side one.
That makes no sense. How can performing client-side validation have any effect whatsoever on the performance of server-side validation?
Unless you mean that when client-side validation prevents a bad request, that those request cycles are saved. But that's not really a performance issue.
Joined: May 31, 2010
Client side validation can prevent the the unnecessary request that goes to server side.
For example, if you check the emptiness of a field. And if you do not send it to the server and you give an alert like fill the box.
You save your server from one unnecessary one request.
Yeah, it is not so indispensable approach.
But if you make a great application that is reachable by huge amount of people.
The more you escalate the server burden, the more performance you gain.
If you address just a few people, you may not need client server side.
That is the wish of your free will.
I think I am clear now.
Joined: Mar 16, 2010
Hi Pamir, I think client side validation is not effective and is not going to free the server some what. In my view validations must be done in server side. Why because, consider a situation where the client disables java scripting. Then what is the state of the data in database. Some corrupted or incorrect data is saved.
So one must validate data on server side even though he validates it at client side.
Please tell me if I am wrong.
Have a nice day.
There is no rule that we all should know everything. Lets learn few things of everything here.
Joined: May 31, 2010
Yes, you are totally right I am agree with server side validation that is compulsory for security and integrity reasons
The thing I want to emphasize, also client side validation must be used for the performance reasons.