• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Struts1.2 & DTO & ActionForm

 
Ranch Hand
Posts: 87
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello,

I just start working in a project. I have a beginner knowledge in struts. I m working on a project that I have start from scrach.

in my project, they have created 3 project proejctWEB,projectEJB,project. in which I have declare all the variable in DTO that is on projectEJB.

My senior said write all the validation in EJB project but as per my knowledge all the validation need to be done on ActionForm.

Please help!!
Thanks
 
author & internet detective
Posts: 41860
908
Eclipse IDE VI Editor Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by divya sharma:
write all the validation in EJB project


I think he meant that it is not enough to do the validation on the web layer. Someone could call the EJB layer directly so it needs its own validation. Particularly for unexpected inputs (hackers.)

For things a reasonable user could enter, the Struts validation provides a nicer interface for the user to fix the error.
 
divya sharma
Ranch Hand
Posts: 87
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
ok you means that if we add validation on EJB folder that will help in avoiding hacking !! Could you pls more elaborate it!!!

Thanks!!
 
Greenhorn
Posts: 17
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
hi,

I think i can help you here.Suppose a user wants to see his account details and your rule says he must login to the system. Without logging in if he tries to see his account details he should be thrown exception or message.Now suppose accessing your ejbs a hacker passes anyone's account no.As there is no validation in your ejb, ejb's will interect with the system and will give the details to the hackers. Hence it is required to do validation on ejb layer also,so that if user has not logged in he should not be able to access his account.

In true sense validation must be done on the both the layers: web layer as well as ejb layer.As per my understanding your senior does not want the same repeatative code on both the layer, hence he wants to do it on ejb layer only because it will take care both scenarios: if user comes through web layer or if he directly uses ejbs.

Thanks,
vivek
 
Ranch Hand
Posts: 948
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
A developer on my team was asking about "duplicating" validation recently. I told him that my view was that presentation layer validation ensured that the user entered valid information and that business layer validation ensured that the presentation layer passed in valid information. We also implement business layer validation for more complex validation or checks that require a database query (for example: ensure that the entered username is unique).

I am not sure about the hacker angle. An outside user would not have direct access to your EJB method. A user could directly invoke actions and bypass JavaScript validation but your Struts validation would still be enforced.

- Brent
 
Consider Paul's rocket mass heater.
reply
    Bookmark Topic Watch Topic
  • New Topic