All geek questions in one place

How to avoid re-validation in the web tier and service tier?

If I have a web application, let's say I use Spring MVC and I add validation to my forms and controllers. I can also have a service level check if clients will access my application in any other way (via REST service, etc.). In this case, I will probably have the logic / verification code in several places.

Is there a suggested approach for retaining part of the DRY confirmation?

+4
source share
5 answers

Many people will tell you how to do this. I am going to answer why you do not want this.

In the N-level system, all levels work semi-automatically. But this does not mean that they can - or should - rely on another level to ensure consistency and reliability of the data.

There are two main reasons. First, the N-tier system can expand. For example, in a web system, a new interface can use the existing web layer so that something is never thought of in the original design. Thus, you design your system, allowing something new to come to some midpoint in the levels.

Secondly, validation is often most effective than closer to the user. If I am in a browser-based solution, and I entered the wrong password in the double-entry verification field, I would like the browser to indicate this right away. Round-trip waiting takes time and user frustration.

Now take the same example and move it to the logical level. The logic level, not quite sure who sends it, wants to make sure that it receives two matching passwords. Therefore, it also checks and returns an error if they do not match. This protects data from bad changes.

This is just a philosophy, but in the past it worked well for me.

+6
source

Probably worth a look at checking out the JSR-303 bean. If you use the same JavaBeans for different interfaces, you can avoid duplicating the validation logic.

The Hibernate implementation provides better reference documentation:

http://hibernate.org/subprojects/validator

And the Spring help docs tell you how to integrate it.

http://static.springsource.org/spring/docs/3.0.x/spring-framework-reference/html/validation.html#validation-beanvalidation-overview

+2
source

I would suggest that these are different types of validation.

Verify client / controller validation to ensure that required values ​​are present, formats are followed, etc.

Linking HTTP request parameters with objects that should be transferred to the service level is the exclusive responsibility of the controller.

The service level will perform the same checks as the client, as well as "check the business", which relate to the use case. The controller cannot know this.

One way to avoid duplication is to perform the same JavaScript functions on the client and server. The server side uses the JavaScript engine to perform client checks, plus additional ones related to business verification.

+2
source

Spring uses the validator interface. This is one way. I do not know why you cannot use this in the service level. Alternatively, you can use AOP and define zero points at any level.

0
source

To begin with, checking the business / functional level should always be done at the service level. If you say that you duplicate checks performed at your MVC level, duplicates at the service level, which sounds alarming. For example, you can check things like phone number format, credit card format, etc. You should not duplicate them at the service level.

At the same time, you may have to duplicate checks, such as β€œzero” checks, and they are all fine from a design point of view.

0
source

Source: https://habr.com/ru/post/1337186/

More articles:


All Articles