Solved

How & wherecan i write business validations in my web application?

Posted on 2011-03-25
11
280 Views
Last Modified: 2012-05-11
Dear Experts,

In my application i want to write some custom validations, i.e i have a field A, and field B, always A should be grater then B, if suppose user enters B value as bigger than A, then we need to highlight that error in the same page it self.

my web application, implemented with the technologies like struts,ejb.

could you please tell me the possibilities how can i achieve this?

Please explain in brief?
0
Comment
Question by:haneef_nb
  • 4
  • 2
  • 2
  • +2
11 Comments
 
LVL 40

Expert Comment

by:gurvinder372
ID: 35216072
i suggest that these validation should be on the client browser rather on the server-side. (unless you want to implement SOA)

0
 
LVL 8

Expert Comment

by:colr__
ID: 35216450
No, dont do that!!! You can't do validation on client side only as you can never trust what the client sends to the server - basic application security 101!

If you are using struts, you can extend the set of validations that are already present, to include your custom validations. What version of struts are you using?
0
 
LVL 20

Expert Comment

by:Sathish David Kumar N
ID: 35217437
if you want to validate only a and b then you go with java script it will(give error msg without refresh the page)

if you use more validate more  values go with validator  thats is the best way !! (it will refresh the page)
0
 
LVL 8

Expert Comment

by:colr__
ID: 35219228
So what happens in the case that the user has JavaScript turned off, or like myself and most of the Firefox users I know, have NoScipt installed? That would mean the application has no validation at all, which is not acceptable in the real world.

You can do validation in Javascript fro user convenience, yes, but you must also do the same validation at the server end to make sure the input is in fact valid! Never trust what the users sends you.
0
 
LVL 20

Expert Comment

by:Sathish David Kumar N
ID: 35221197
@colr__: says correct 95% user scripting in the borwser so it may not effect!!


think and do . both will best solution only .  As per i mention page refresh is main diffrences !
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 19

Expert Comment

by:Jim Cakalic
ID: 35223259
I usually prefer to do syntactic validations (is the content reasonable: e.g., field is required, not blanks, alpha, numeric, pattern-match) first on the client-side (to prevent a post of invalid data) and then again server-side to prevent security issues as indicated by previous posters. Semantic validations (does the data make sense) can be more difficult and perhaps involve database lookups, business rule engines, etc. These must be done server-side. Although reasonably simple, enforcing B > A is typically something that I would do server-side.

It's been a while since I worked with Struts but I thought that it had a validator plug-in that would allow you to define validation rules in one place that could then be implemented both in Javascript and applied server-side, thus preserving DRY. Maybe I'm over-optimistic about that. You might check it out, though.

Useful link on choosing form style validation:
http://www.javapractices.com/topic/TopicAction.do?Id=198

Regards,
Jim
0
 

Author Comment

by:haneef_nb
ID: 35225881
Hi Clor,

i agree with you, if the user disable java script, then the validation will failed, so what is the remedy, i am using struts 1.3.8
0
 
LVL 8

Expert Comment

by:colr__
ID: 35226331
You can add custom validators in struts, add something like the following to your struts-config file:

<plug-in className="org.apache.struts.validator.ValidatorPlugIn">
        <set-property
                property="pathnames"
                value="/org/apache/struts/validator/validator-rules.xml,/WEB-INF/custom-validator-rules.xml,/WEB-INF/validation.xml"/>
    </plug-in>

The point of interest is the 'custom-validator-rules.xml' - you'll then need to create this file, which should look something like the following:

<form-validation>

    <global>

        <validator name="passwordCheck"
                   classname="com.myvalidator.CustomFormValidator"
                   method="myCustomValidator"
                   methodParams="java.lang.Object,
                       org.apache.commons.validator.ValidatorAction,
                       org.apache.commons.validator.Field,
                       org.apache.struts.action.ActionMessages,
                       org.apache.commons.validator.Validator,
                       javax.servlet.http.HttpServletRequest"
                   msg="myCustomValidator.check.failed"/>

....

Then within the CustomFormValidator class you'll create your custom validations. Once this is all mapped togther you can then use them as you would the standard strts validators.
0
 
LVL 40

Expert Comment

by:gurvinder372
ID: 35230431
if you are submitting your form or calling a servlet via AJAX using javascript, then disabling the javascript will also prevent the user from submitting the form to server itself.
So, i don't see any problem here.

0
 
LVL 8

Accepted Solution

by:
colr__ earned 500 total points
ID: 35230973
Back to my original point though gurvinder372 - this is not safe! Just because you submit using AJAX on your page, this doesnt mean you can assume the input at the server end is safe. A user could quite easily build a custom form that submits to the same location as your AJAX form, and use that to send malformed form submissions. Doing so would completly by-pass any valiations you have in place as you dont validate on the server!

I am amazed at the general opinion amoungst the 'experts' here that Javascript validation is secure on its own. I would be curious to see some of the 'secure' websites some of you have built this way.
0
 

Author Closing Comment

by:haneef_nb
ID: 35376537
Thanks.............
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
array11 challenge 16 51
topping2 challenge 13 59
What is the latest versions eclipse neon 2 120
Groovy:unable to resolve class error 2 31
After being asked a question last year, I went into one of my moods where I did some research and code just for the fun and learning of it all.  Subsequently, from this journey, I put together this article on "Range Searching Using Visual Basic.NET …
This was posted to the Netbeans forum a Feb, 2010 and I also sent it to Verisign. Who didn't help much in my struggles to get my application signed. ------------------------- Start The idea here is to target your cell phones with the correct…
Viewers learn about the “for” loop and how it works in Java. By comparing it to the while loop learned before, viewers can make the transition easily. You will learn about the formatting of the for loop as we write a program that prints even numbers…
The viewer will learn how to implement Singleton Design Pattern in Java.

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now