?
Solved

How & wherecan i write business validations in my web application?

Posted on 2011-03-25
11
Medium Priority
?
323 Views
Last Modified: 2012-05-11
Dear Experts,

In my application i want to write some custom validations, i.e i have a field A, and field B, always A should be grater then B, if suppose user enters B value as bigger than A, then we need to highlight that error in the same page it self.

my web application, implemented with the technologies like struts,ejb.

could you please tell me the possibilities how can i achieve this?

Please explain in brief?
0
Comment
Question by:haneef_nb
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
  • +2
11 Comments
 
LVL 40

Expert Comment

by:gurvinder372
ID: 35216072
i suggest that these validation should be on the client browser rather on the server-side. (unless you want to implement SOA)

0
 
LVL 8

Expert Comment

by:colr__
ID: 35216450
No, dont do that!!! You can't do validation on client side only as you can never trust what the client sends to the server - basic application security 101!

If you are using struts, you can extend the set of validations that are already present, to include your custom validations. What version of struts are you using?
0
 
LVL 20

Expert Comment

by:Sathish David Kumar N
ID: 35217437
if you want to validate only a and b then you go with java script it will(give error msg without refresh the page)

if you use more validate more  values go with validator  thats is the best way !! (it will refresh the page)
0
A new era in Cloud training has arrived.

A day that will go down in Cloud history.. But are you ready for it? Will you accept this Cloud challenge?

 
LVL 8

Expert Comment

by:colr__
ID: 35219228
So what happens in the case that the user has JavaScript turned off, or like myself and most of the Firefox users I know, have NoScipt installed? That would mean the application has no validation at all, which is not acceptable in the real world.

You can do validation in Javascript fro user convenience, yes, but you must also do the same validation at the server end to make sure the input is in fact valid! Never trust what the users sends you.
0
 
LVL 20

Expert Comment

by:Sathish David Kumar N
ID: 35221197
@colr__: says correct 95% user scripting in the borwser so it may not effect!!


think and do . both will best solution only .  As per i mention page refresh is main diffrences !
0
 
LVL 19

Expert Comment

by:Jim Cakalic
ID: 35223259
I usually prefer to do syntactic validations (is the content reasonable: e.g., field is required, not blanks, alpha, numeric, pattern-match) first on the client-side (to prevent a post of invalid data) and then again server-side to prevent security issues as indicated by previous posters. Semantic validations (does the data make sense) can be more difficult and perhaps involve database lookups, business rule engines, etc. These must be done server-side. Although reasonably simple, enforcing B > A is typically something that I would do server-side.

It's been a while since I worked with Struts but I thought that it had a validator plug-in that would allow you to define validation rules in one place that could then be implemented both in Javascript and applied server-side, thus preserving DRY. Maybe I'm over-optimistic about that. You might check it out, though.

Useful link on choosing form style validation:
http://www.javapractices.com/topic/TopicAction.do?Id=198

Regards,
Jim
0
 

Author Comment

by:haneef_nb
ID: 35225881
Hi Clor,

i agree with you, if the user disable java script, then the validation will failed, so what is the remedy, i am using struts 1.3.8
0
 
LVL 8

Expert Comment

by:colr__
ID: 35226331
You can add custom validators in struts, add something like the following to your struts-config file:

<plug-in className="org.apache.struts.validator.ValidatorPlugIn">
        <set-property
                property="pathnames"
                value="/org/apache/struts/validator/validator-rules.xml,/WEB-INF/custom-validator-rules.xml,/WEB-INF/validation.xml"/>
    </plug-in>

The point of interest is the 'custom-validator-rules.xml' - you'll then need to create this file, which should look something like the following:

<form-validation>

    <global>

        <validator name="passwordCheck"
                   classname="com.myvalidator.CustomFormValidator"
                   method="myCustomValidator"
                   methodParams="java.lang.Object,
                       org.apache.commons.validator.ValidatorAction,
                       org.apache.commons.validator.Field,
                       org.apache.struts.action.ActionMessages,
                       org.apache.commons.validator.Validator,
                       javax.servlet.http.HttpServletRequest"
                   msg="myCustomValidator.check.failed"/>

....

Then within the CustomFormValidator class you'll create your custom validations. Once this is all mapped togther you can then use them as you would the standard strts validators.
0
 
LVL 40

Expert Comment

by:gurvinder372
ID: 35230431
if you are submitting your form or calling a servlet via AJAX using javascript, then disabling the javascript will also prevent the user from submitting the form to server itself.
So, i don't see any problem here.

0
 
LVL 8

Accepted Solution

by:
colr__ earned 2000 total points
ID: 35230973
Back to my original point though gurvinder372 - this is not safe! Just because you submit using AJAX on your page, this doesnt mean you can assume the input at the server end is safe. A user could quite easily build a custom form that submits to the same location as your AJAX form, and use that to send malformed form submissions. Doing so would completly by-pass any valiations you have in place as you dont validate on the server!

I am amazed at the general opinion amoungst the 'experts' here that Javascript validation is secure on its own. I would be curious to see some of the 'secure' websites some of you have built this way.
0
 

Author Closing Comment

by:haneef_nb
ID: 35376537
Thanks.............
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction This article is the last of three articles that explain why and how the Experts Exchange QA Team does test automation for our web site. This article covers our test design approach and then goes through a simple test case example, how …
Java functions are among the best things for programmers to work with as Java sites can be very easy to read and prepare. Java especially simplifies many processes in the coding industry as it helps integrate many forms of technology and different d…
Viewers will learn one way to get user input in Java. Introduce the Scanner object: Declare the variable that stores the user input: An example prompting the user for input: Methods you need to invoke in order to properly get  user input:
This theoretical tutorial explains exceptions, reasons for exceptions, different categories of exception and exception hierarchy.
Suggested Courses
Course of the Month14 days, 20 hours left to enroll

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question