I have a question regarding the MVC-approach: In my servlet some user-input from an HTML-Form needs to be verified, like "if the user-name < 3 out.println("name too short ")" etc.. Does this belong into the Servlet or should the servlet hand this kind of computations over to the "business logic" (the pure Java-class)?
@Frank: There are two different "kinds" of validation (at least). There's "simple" validation ("do I have a value for foo?" kind of stuff) and "complicated" validation ("does 'foo' match the requirements of the domain object I'm sending it too" etc.)
I am *not* a big fan of model-based validation, because it may preclude the re-use of the same model across different parts of an application. For example, we may want to use a User object during login: it has a user ID and a password. It has a bunch of other fields, but the login screen uses only the ID and password. Plain old model-based validation would mean the constraints for the *entire* user object would need to be met, which is unlikely. A form for filling in the rest of the User info, like an address, might not have the ID and password.
I'd consider those "simple" validations, but contextually dependent. I don't believe that kind of validation belongs in the model, but in a layer between the form itself and the model.
"Complicated" validations are a different issue. I'm still not convinced they belong in the model, at least the base-level model, particularly since they may be dependent on other factors besides just model data (like a setting, different contexts, etc.) but it really depends.
I validate at many levels, performing the validation that makes the most sense at that level. It's not unusual for some validation to occur on the client, in the controller, and in the model (perhaps even at multiple levels in the model).
One size rarely fits all.
David Newton wrote:
Validation still needs to be done on the server side, though.
I aimed to emphasize on the performance issues on the client validation addition to server side one.
pamir sonmez wrote:I aimed to emphasize on the performance issues on the client validation addition to server side one.
That makes no sense. How can performing client-side validation have any effect whatsoever on the performance of server-side validation?
Unless you mean that when client-side validation prevents a bad request, that those request cycles are saved. But that's not really a performance issue.
For example, if you check the emptiness of a field. And if you do not send it to the server and you give an alert like fill the box.
You save your server from one unnecessary one request.
Yeah, it is not so indispensable approach.
But if you make a great application that is reachable by huge amount of people.
The more you escalate the server burden, the more performance you gain.
If you address just a few people, you may not need client server side.
That is the wish of your free will.
I think I am clear now.
So one must validate data on server side even though he validates it at client side.
Please tell me if I am wrong.
Have a nice day.