Solved

How & wherecan i write business validations in my web application?

Posted on 2011-03-25
11
318 Views
Last Modified: 2012-05-11
Dear Experts,

In my application i want to write some custom validations, i.e i have a field A, and field B, always A should be grater then B, if suppose user enters B value as bigger than A, then we need to highlight that error in the same page it self.

my web application, implemented with the technologies like struts,ejb.

could you please tell me the possibilities how can i achieve this?

Please explain in brief?
0
Comment
Question by:haneef_nb
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
  • +2
11 Comments
 
LVL 40

Expert Comment

by:gurvinder372
ID: 35216072
i suggest that these validation should be on the client browser rather on the server-side. (unless you want to implement SOA)

0
 
LVL 8

Expert Comment

by:colr__
ID: 35216450
No, dont do that!!! You can't do validation on client side only as you can never trust what the client sends to the server - basic application security 101!

If you are using struts, you can extend the set of validations that are already present, to include your custom validations. What version of struts are you using?
0
 
LVL 20

Expert Comment

by:Sathish David Kumar N
ID: 35217437
if you want to validate only a and b then you go with java script it will(give error msg without refresh the page)

if you use more validate more  values go with validator  thats is the best way !! (it will refresh the page)
0
Webinar: Aligning, Automating, Winning

Join Dan Russo, Senior Manager of Operations Intelligence, for an in-depth discussion on how Dealertrack, leading provider of integrated digital solutions for the automotive industry, transformed their DevOps processes to increase collaboration and move with greater velocity.

 
LVL 8

Expert Comment

by:colr__
ID: 35219228
So what happens in the case that the user has JavaScript turned off, or like myself and most of the Firefox users I know, have NoScipt installed? That would mean the application has no validation at all, which is not acceptable in the real world.

You can do validation in Javascript fro user convenience, yes, but you must also do the same validation at the server end to make sure the input is in fact valid! Never trust what the users sends you.
0
 
LVL 20

Expert Comment

by:Sathish David Kumar N
ID: 35221197
@colr__: says correct 95% user scripting in the borwser so it may not effect!!


think and do . both will best solution only .  As per i mention page refresh is main diffrences !
0
 
LVL 19

Expert Comment

by:Jim Cakalic
ID: 35223259
I usually prefer to do syntactic validations (is the content reasonable: e.g., field is required, not blanks, alpha, numeric, pattern-match) first on the client-side (to prevent a post of invalid data) and then again server-side to prevent security issues as indicated by previous posters. Semantic validations (does the data make sense) can be more difficult and perhaps involve database lookups, business rule engines, etc. These must be done server-side. Although reasonably simple, enforcing B > A is typically something that I would do server-side.

It's been a while since I worked with Struts but I thought that it had a validator plug-in that would allow you to define validation rules in one place that could then be implemented both in Javascript and applied server-side, thus preserving DRY. Maybe I'm over-optimistic about that. You might check it out, though.

Useful link on choosing form style validation:
http://www.javapractices.com/topic/TopicAction.do?Id=198

Regards,
Jim
0
 

Author Comment

by:haneef_nb
ID: 35225881
Hi Clor,

i agree with you, if the user disable java script, then the validation will failed, so what is the remedy, i am using struts 1.3.8
0
 
LVL 8

Expert Comment

by:colr__
ID: 35226331
You can add custom validators in struts, add something like the following to your struts-config file:

<plug-in className="org.apache.struts.validator.ValidatorPlugIn">
        <set-property
                property="pathnames"
                value="/org/apache/struts/validator/validator-rules.xml,/WEB-INF/custom-validator-rules.xml,/WEB-INF/validation.xml"/>
    </plug-in>

The point of interest is the 'custom-validator-rules.xml' - you'll then need to create this file, which should look something like the following:

<form-validation>

    <global>

        <validator name="passwordCheck"
                   classname="com.myvalidator.CustomFormValidator"
                   method="myCustomValidator"
                   methodParams="java.lang.Object,
                       org.apache.commons.validator.ValidatorAction,
                       org.apache.commons.validator.Field,
                       org.apache.struts.action.ActionMessages,
                       org.apache.commons.validator.Validator,
                       javax.servlet.http.HttpServletRequest"
                   msg="myCustomValidator.check.failed"/>

....

Then within the CustomFormValidator class you'll create your custom validations. Once this is all mapped togther you can then use them as you would the standard strts validators.
0
 
LVL 40

Expert Comment

by:gurvinder372
ID: 35230431
if you are submitting your form or calling a servlet via AJAX using javascript, then disabling the javascript will also prevent the user from submitting the form to server itself.
So, i don't see any problem here.

0
 
LVL 8

Accepted Solution

by:
colr__ earned 500 total points
ID: 35230973
Back to my original point though gurvinder372 - this is not safe! Just because you submit using AJAX on your page, this doesnt mean you can assume the input at the server end is safe. A user could quite easily build a custom form that submits to the same location as your AJAX form, and use that to send malformed form submissions. Doing so would completly by-pass any valiations you have in place as you dont validate on the server!

I am amazed at the general opinion amoungst the 'experts' here that Javascript validation is secure on its own. I would be curious to see some of the 'secure' websites some of you have built this way.
0
 

Author Closing Comment

by:haneef_nb
ID: 35376537
Thanks.............
0

Featured Post

Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
ejb example issues 3 85
Why is enum singleton a better approach than static factory 3 64
java mysql insert application 14 64
dao vs facade design patterns 2 64
Java had always been an easily readable and understandable language.  Some relatively recent changes in the language seem to be changing this pretty fast, and anyone that had not seen any Java code for the last 5 years will possibly have issues unde…
Basic understanding on "OO- Object Orientation" is needed for designing a logical solution to solve a problem. Basic OOAD is a prerequisite for a coder to ensure that they follow the basic design of OO. This would help developers to understand the b…
Viewers learn about the scanner class in this video and are introduced to receiving user input for their programs. Additionally, objects, conditional statements, and loops are used to help reinforce the concepts. Introduce Scanner class: Importing…
Viewers will learn one way to get user input in Java. Introduce the Scanner object: Declare the variable that stores the user input: An example prompting the user for input: Methods you need to invoke in order to properly get  user input:
Suggested Courses

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question