Solved

How & wherecan i write business validations in my web application?

Posted on 2011-03-25
11
322 Views
Last Modified: 2012-05-11
Dear Experts,

In my application i want to write some custom validations, i.e i have a field A, and field B, always A should be grater then B, if suppose user enters B value as bigger than A, then we need to highlight that error in the same page it self.

my web application, implemented with the technologies like struts,ejb.

could you please tell me the possibilities how can i achieve this?

Please explain in brief?
0
Comment
Question by:haneef_nb
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
  • +2
11 Comments
 
LVL 40

Expert Comment

by:gurvinder372
ID: 35216072
i suggest that these validation should be on the client browser rather on the server-side. (unless you want to implement SOA)

0
 
LVL 8

Expert Comment

by:colr__
ID: 35216450
No, dont do that!!! You can't do validation on client side only as you can never trust what the client sends to the server - basic application security 101!

If you are using struts, you can extend the set of validations that are already present, to include your custom validations. What version of struts are you using?
0
 
LVL 20

Expert Comment

by:Sathish David Kumar N
ID: 35217437
if you want to validate only a and b then you go with java script it will(give error msg without refresh the page)

if you use more validate more  values go with validator  thats is the best way !! (it will refresh the page)
0
Turn Insights Into Action

You’ve already invested in ITSM tools, chat applications, automation utilities, and more. Fortify these solutions with intelligent communications so you can drive business processes forward.

With xMatters, you'll never miss a beat.

 
LVL 8

Expert Comment

by:colr__
ID: 35219228
So what happens in the case that the user has JavaScript turned off, or like myself and most of the Firefox users I know, have NoScipt installed? That would mean the application has no validation at all, which is not acceptable in the real world.

You can do validation in Javascript fro user convenience, yes, but you must also do the same validation at the server end to make sure the input is in fact valid! Never trust what the users sends you.
0
 
LVL 20

Expert Comment

by:Sathish David Kumar N
ID: 35221197
@colr__: says correct 95% user scripting in the borwser so it may not effect!!


think and do . both will best solution only .  As per i mention page refresh is main diffrences !
0
 
LVL 19

Expert Comment

by:Jim Cakalic
ID: 35223259
I usually prefer to do syntactic validations (is the content reasonable: e.g., field is required, not blanks, alpha, numeric, pattern-match) first on the client-side (to prevent a post of invalid data) and then again server-side to prevent security issues as indicated by previous posters. Semantic validations (does the data make sense) can be more difficult and perhaps involve database lookups, business rule engines, etc. These must be done server-side. Although reasonably simple, enforcing B > A is typically something that I would do server-side.

It's been a while since I worked with Struts but I thought that it had a validator plug-in that would allow you to define validation rules in one place that could then be implemented both in Javascript and applied server-side, thus preserving DRY. Maybe I'm over-optimistic about that. You might check it out, though.

Useful link on choosing form style validation:
http://www.javapractices.com/topic/TopicAction.do?Id=198

Regards,
Jim
0
 

Author Comment

by:haneef_nb
ID: 35225881
Hi Clor,

i agree with you, if the user disable java script, then the validation will failed, so what is the remedy, i am using struts 1.3.8
0
 
LVL 8

Expert Comment

by:colr__
ID: 35226331
You can add custom validators in struts, add something like the following to your struts-config file:

<plug-in className="org.apache.struts.validator.ValidatorPlugIn">
        <set-property
                property="pathnames"
                value="/org/apache/struts/validator/validator-rules.xml,/WEB-INF/custom-validator-rules.xml,/WEB-INF/validation.xml"/>
    </plug-in>

The point of interest is the 'custom-validator-rules.xml' - you'll then need to create this file, which should look something like the following:

<form-validation>

    <global>

        <validator name="passwordCheck"
                   classname="com.myvalidator.CustomFormValidator"
                   method="myCustomValidator"
                   methodParams="java.lang.Object,
                       org.apache.commons.validator.ValidatorAction,
                       org.apache.commons.validator.Field,
                       org.apache.struts.action.ActionMessages,
                       org.apache.commons.validator.Validator,
                       javax.servlet.http.HttpServletRequest"
                   msg="myCustomValidator.check.failed"/>

....

Then within the CustomFormValidator class you'll create your custom validations. Once this is all mapped togther you can then use them as you would the standard strts validators.
0
 
LVL 40

Expert Comment

by:gurvinder372
ID: 35230431
if you are submitting your form or calling a servlet via AJAX using javascript, then disabling the javascript will also prevent the user from submitting the form to server itself.
So, i don't see any problem here.

0
 
LVL 8

Accepted Solution

by:
colr__ earned 500 total points
ID: 35230973
Back to my original point though gurvinder372 - this is not safe! Just because you submit using AJAX on your page, this doesnt mean you can assume the input at the server end is safe. A user could quite easily build a custom form that submits to the same location as your AJAX form, and use that to send malformed form submissions. Doing so would completly by-pass any valiations you have in place as you dont validate on the server!

I am amazed at the general opinion amoungst the 'experts' here that Javascript validation is secure on its own. I would be curious to see some of the 'secure' websites some of you have built this way.
0
 

Author Closing Comment

by:haneef_nb
ID: 35376537
Thanks.............
0

Featured Post

Get Actionable Data from Your Monitoring Solution

Your communication platform is only as good as the relevance of the information you send. Ensure your alerts get to the right people every time with actionable responses. Create escalation rules that ensure everyone follows the process and nothing is left to chance.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this post we will learn how to connect and configure Android Device (Smartphone etc.) with Android Studio. After that we will run a simple Hello World Program.
International Data Corporation (IDC) prognosticates that before the current the year gets over disbursing on IT framework products to be sent in cloud environs will be $37.1B.
Viewers learn how to read error messages and identify possible mistakes that could cause hours of frustration. Coding is as much about debugging your code as it is about writing it. Define Error Message: Line Numbers: Type of Error: Break Down…
Viewers will learn about basic arrays, how to declare them, and how to use them. Introduction and definition: Declare an array and cover the syntax of declaring them: Initialize every index in the created array: Example/Features of a basic arr…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question