Solved

How & wherecan i write business validations in my web application?

Posted on 2011-03-25
11
302 Views
Last Modified: 2012-05-11
Dear Experts,

In my application i want to write some custom validations, i.e i have a field A, and field B, always A should be grater then B, if suppose user enters B value as bigger than A, then we need to highlight that error in the same page it self.

my web application, implemented with the technologies like struts,ejb.

could you please tell me the possibilities how can i achieve this?

Please explain in brief?
0
Comment
Question by:haneef_nb
  • 4
  • 2
  • 2
  • +2
11 Comments
 
LVL 40

Expert Comment

by:gurvinder372
ID: 35216072
i suggest that these validation should be on the client browser rather on the server-side. (unless you want to implement SOA)

0
 
LVL 8

Expert Comment

by:colr__
ID: 35216450
No, dont do that!!! You can't do validation on client side only as you can never trust what the client sends to the server - basic application security 101!

If you are using struts, you can extend the set of validations that are already present, to include your custom validations. What version of struts are you using?
0
 
LVL 20

Expert Comment

by:Sathish David Kumar N
ID: 35217437
if you want to validate only a and b then you go with java script it will(give error msg without refresh the page)

if you use more validate more  values go with validator  thats is the best way !! (it will refresh the page)
0
Master Your Team's Linux and Cloud Stack

Come see why top tech companies like Mailchimp and Media Temple use Linux Academy to build their employee training programs.

 
LVL 8

Expert Comment

by:colr__
ID: 35219228
So what happens in the case that the user has JavaScript turned off, or like myself and most of the Firefox users I know, have NoScipt installed? That would mean the application has no validation at all, which is not acceptable in the real world.

You can do validation in Javascript fro user convenience, yes, but you must also do the same validation at the server end to make sure the input is in fact valid! Never trust what the users sends you.
0
 
LVL 20

Expert Comment

by:Sathish David Kumar N
ID: 35221197
@colr__: says correct 95% user scripting in the borwser so it may not effect!!


think and do . both will best solution only .  As per i mention page refresh is main diffrences !
0
 
LVL 19

Expert Comment

by:Jim Cakalic
ID: 35223259
I usually prefer to do syntactic validations (is the content reasonable: e.g., field is required, not blanks, alpha, numeric, pattern-match) first on the client-side (to prevent a post of invalid data) and then again server-side to prevent security issues as indicated by previous posters. Semantic validations (does the data make sense) can be more difficult and perhaps involve database lookups, business rule engines, etc. These must be done server-side. Although reasonably simple, enforcing B > A is typically something that I would do server-side.

It's been a while since I worked with Struts but I thought that it had a validator plug-in that would allow you to define validation rules in one place that could then be implemented both in Javascript and applied server-side, thus preserving DRY. Maybe I'm over-optimistic about that. You might check it out, though.

Useful link on choosing form style validation:
http://www.javapractices.com/topic/TopicAction.do?Id=198

Regards,
Jim
0
 

Author Comment

by:haneef_nb
ID: 35225881
Hi Clor,

i agree with you, if the user disable java script, then the validation will failed, so what is the remedy, i am using struts 1.3.8
0
 
LVL 8

Expert Comment

by:colr__
ID: 35226331
You can add custom validators in struts, add something like the following to your struts-config file:

<plug-in className="org.apache.struts.validator.ValidatorPlugIn">
        <set-property
                property="pathnames"
                value="/org/apache/struts/validator/validator-rules.xml,/WEB-INF/custom-validator-rules.xml,/WEB-INF/validation.xml"/>
    </plug-in>

The point of interest is the 'custom-validator-rules.xml' - you'll then need to create this file, which should look something like the following:

<form-validation>

    <global>

        <validator name="passwordCheck"
                   classname="com.myvalidator.CustomFormValidator"
                   method="myCustomValidator"
                   methodParams="java.lang.Object,
                       org.apache.commons.validator.ValidatorAction,
                       org.apache.commons.validator.Field,
                       org.apache.struts.action.ActionMessages,
                       org.apache.commons.validator.Validator,
                       javax.servlet.http.HttpServletRequest"
                   msg="myCustomValidator.check.failed"/>

....

Then within the CustomFormValidator class you'll create your custom validations. Once this is all mapped togther you can then use them as you would the standard strts validators.
0
 
LVL 40

Expert Comment

by:gurvinder372
ID: 35230431
if you are submitting your form or calling a servlet via AJAX using javascript, then disabling the javascript will also prevent the user from submitting the form to server itself.
So, i don't see any problem here.

0
 
LVL 8

Accepted Solution

by:
colr__ earned 500 total points
ID: 35230973
Back to my original point though gurvinder372 - this is not safe! Just because you submit using AJAX on your page, this doesnt mean you can assume the input at the server end is safe. A user could quite easily build a custom form that submits to the same location as your AJAX form, and use that to send malformed form submissions. Doing so would completly by-pass any valiations you have in place as you dont validate on the server!

I am amazed at the general opinion amoungst the 'experts' here that Javascript validation is secure on its own. I would be curious to see some of the 'secure' websites some of you have built this way.
0
 

Author Closing Comment

by:haneef_nb
ID: 35376537
Thanks.............
0

Featured Post

Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
github account with ecipse 1 47
oracle 11g 23 78
jdbc error in jsp application 20 44
Problem to Alipay 10 21
INTRODUCTION Working with files is a moderately common task in Java.  For most projects hard coding the file names, using parameters in configuration files, or using command-line arguments is sufficient.   However, when your application has vi…
Java had always been an easily readable and understandable language.  Some relatively recent changes in the language seem to be changing this pretty fast, and anyone that had not seen any Java code for the last 5 years will possibly have issues unde…
Viewers will learn about arithmetic and Boolean expressions in Java and the logical operators used to create Boolean expressions. We will cover the symbols used for arithmetic expressions and define each logical operator and how to use them in Boole…
Viewers will learn about the regular for loop in Java and how to use it. Definition: Break the for loop down into 3 parts: Syntax when using for loops: Example using a for loop:

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question