• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Server Side validation - what kind of work flow have to follow?

 
Mayilsamy Annamalai
Ranch Hand
Posts: 35
Google Web Toolkit Java PHP
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

I created a form in a jsp page. For both Adding the data and editing the data i'm using the same form. When ever user enters the data and submit. first javascript validation will work in the client side. Now i have to implement the server side validation. What kind of flow is easy and secured and best performance giving? Whether i can do the validation in the same JSP page OR i can write a servlet to manage the validation?? Or which one is best?? Please suggest me!!
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 65229
95
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You should never submit a form to JSP page or perform any kind of data processing inside a JSP -- that's what servlets are for.

What I generally do is to validate the data at the most appropriate level. Sometimes, that's in the controller, but often it's deeper within the model. In either case, any problems are gathered up and if there are validation failures, I redirect back to the JSP with the form, passing the validation problems so that the JSP (and/or any script on the page) can display them to the user for fixup.
 
Shankar Tanikella
Ranch Hand
Posts: 329
Eclipse IDE Java Oracle
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
What kind of flow is easy and secured and best performance giving?

isn't it? For web applications, we have to compromise on something or the other..

Interesting to know the context of validation over here. To me I would consider 2 different scenarios
1. Server side validation of Input data (for vulnerabilities or malicious input)
2. Business level validations (what the business requires)

For business validations I would prefer layer in business components to do it but for input validation (for security) I would have it in controller or a separate layer itself (after controller) which would make it easier to un-plug the same easily if we feel it is trash.

Any contradictions to change my perspective or make me think over again are highly appreciated
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic