aspose file tools*
The moose likes OO, Patterns, UML and Refactoring and the fly likes Strategy to place validation Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » OO, Patterns, UML and Refactoring
Bookmark "Strategy to place validation " Watch "Strategy to place validation " New topic
Author

Strategy to place validation

Pedro blacap
Greenhorn

Joined: Apr 27, 2011
Posts: 5
I am involved in a project to develope a Client(WebApp)-Server(Business and Persistence) system ... and was thinking for a while where and how are the better way to implement validation.
we are using DTOs to communicate client and server (DTO i mean plain simple mostly-String-typed objects).

We are going to implement some kind of validation on the client(WebApp). i think it should be implemented in the client logic, and let the DTO to be really simple and plane. Do you agree?

Also i think that is mandatory strong validation at server lever ... mainly because we could use another client, or a 3rd party could implement their own (insecure) client,
... so where to place it?! ... it could be at business layer, near the app facade ... or/and in the model entities.
Maybe it could be everywhere ... in the client, in the business, in the model ... but ... have validation code in all layers it seems difficult to maintain

So ... ┬┐what do you think that is the best strategy to manage validation in applications?

Notes:
If you are going to tell me to avoid DTOs tell me why ... please.
Arnold Reuser
Ranch Hand

Joined: Nov 20, 2003
Posts: 196
One can think of two kind of applications :
* Self-Service - Self-Service applications addresses the general case of internal and external users interacting with enterprise transactions and data.
* Extended Enterprise - Extended Enterprise applications addresses the interactions and collaborations between business processes in separate enterprises.
One can think of two kind of validations :
* Client facing validation addresses form - or field-level validation
* Business facing validation addresses the enterpise level business rules

We are going to implement some kind of validation on the client(WebApp). i think it should be implemented in the client logic, and let the DTO to be really simple and plane. Do you agree?


Some rules I would apply :
* Extract the common validation logic in a separate module and apply that to your DTO.
* Implement specific client facing validation logic in the DTO.
* Implement the busines specific rules in the business layer.
If you are facing serious performance penalties because of this approach. Also implement client facing validation logic in javascript.

Also i think that is mandatory strong validation at server lever ... mainly because we could use another client, or a 3rd party could implement their own (insecure) client,
... so where to place it?! ... it could be at business layer, near the app facade ... or/and in the model entities.
Maybe it could be everywhere ... in the client, in the business, in the model ... but ... have validation code in all layers it seems difficult to maintain


I would make a classification of different type of common and more specialized validation logic.
Based on the rules specified above. Also realize web application tend to move from Self Service type of applications to Extended Enterprise type of applications.
If most of validation logic and business rules are implemented in the web tier of your application. You would face the consequences of not being able to maintain, extend and scale your solution.

 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Strategy to place validation