aspose file tools*
The moose likes JSP and the fly likes Server Side validation - what kind of work flow have to follow? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Java » JSP
Bookmark "Server Side validation - what kind of work flow have to follow?" Watch "Server Side validation - what kind of work flow have to follow?" New topic
Author

Server Side validation - what kind of work flow have to follow?

Mayilsamy Annamalai
Ranch Hand

Joined: Sep 18, 2010
Posts: 35

Hi,

I created a form in a jsp page. For both Adding the data and editing the data i'm using the same form. When ever user enters the data and submit. first javascript validation will work in the client side. Now i have to implement the server side validation. What kind of flow is easy and secured and best performance giving? Whether i can do the validation in the same JSP page OR i can write a servlet to manage the validation?? Or which one is best?? Please suggest me!!
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61413
    
  67

You should never submit a form to JSP page or perform any kind of data processing inside a JSP -- that's what servlets are for.

What I generally do is to validate the data at the most appropriate level. Sometimes, that's in the controller, but often it's deeper within the model. In either case, any problems are gathered up and if there are validation failures, I redirect back to the JSP with the form, passing the validation problems so that the JSP (and/or any script on the page) can display them to the user for fixup.

[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
Shankar Tanikella
Ranch Hand

Joined: Jan 30, 2011
Posts: 329

What kind of flow is easy and secured and best performance giving?

isn't it? For web applications, we have to compromise on something or the other..

Interesting to know the context of validation over here. To me I would consider 2 different scenarios
1. Server side validation of Input data (for vulnerabilities or malicious input)
2. Business level validations (what the business requires)

For business validations I would prefer layer in business components to do it but for input validation (for security) I would have it in controller or a separate layer itself (after controller) which would make it easier to un-plug the same easily if we feel it is trash.

Any contradictions to change my perspective or make me think over again are highly appreciated

Have Fun with Java
little,little.. little by little makes a lot..
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Server Side validation - what kind of work flow have to follow?