Is Bean Validation in frontend framework JSF considered server side validation?

0
votes

I am developing a small frontend application project with JavaServer Faces, I have to implement client side and server side validation. I'm using also Prime Faces, this framework that has client side validation and Bean validation. My qu4estions is this:

Is bean validation considered server side, since user's data is validated in the backing bean (Managed bean) or due to JSF works as MVC model in the front end, this is not considered server side and other techniques should be used.

Supposing Bean validation is not properly server side validation, what are the best ways to implement server side validation.

Any advice and clarification is welcome.

Thanks!

2
securityjsfprimefaces
There is no best way of validation, that's why various validations exist. Client side, you avoid traffic, but unsafe, by bean method (use facelets validator attribute) pumps up your bean, but simple use, or a custom validator for complex/secure validations and backend-access. In my opinion your question is a hard to answer best practices question.ChristophS
@Christoph: The question was about bean validation, not validation in general. And since bean validation IS proper server-side validation, making the 'best ways' question void.Kukeltje
@ChristophS thanks for responding, I agree with you, is hard to answer, there is so much documentation about it, that has got me to confusion. I have listen people to tell me that Bean validation is not server side for being inside JSF which is a Java front end technology. I also know that client side is unsafe due to customer can disable Javascript so we have to implement it in the server side too for security reasons. But technically speaking Bean validation working in the backing Beam(managed Bean) has to be server side, do not you think?webtechnelson
@webtechnelson: yes, bean validation is server side.ChristophS

2 Answers

3
votes

'Bean validation' is a proper server-side validation which is one of a number of validations that you can use in JSF. JSF has long has its own validations in the view but since JSR-303, Bean validation, was introduced, that is supported as well and many validations could be removed from the 'view' to the model.

Bean-validation is not the same as and should not be confused with doing manual validation in managed beans when e.g. calling setters or action methods. The 'validation' phase of JSF has then already passed, so returning messages becomes more difficult.

Since not everyting can be (easily) done in JSF-303, there sometimes still needs to be additional validations in JSF specific ones.

PrimeFaces client-side validation should be seen as an addition to the server side validations, it does not replace them. It can use many of the existing JSF and JSR-303 validations and antomaticaly execute them client-side without any work from you. For more complex validations, custom client-side validations should be developed as you'd need to with client-side frameworks as well.

From the PrimeFaces documentation:

PrimeFaces Client Side Validation (CSV) Framework is the most complete and advanced CSV solution for JavaServer Faces and Java EE. CSV support for JSF is not an easy task, it is not simple as integrating a 3rd party javascript plugin as JSF has its own lifecycle, concepts like conversion and then validation, partial processing, facesmessages and many more. Real CSV for JSF should be compatible with server side implementation, should do what JSF does, so that users do not experience difference behaviors on client side and server side.

  • Compatible with Server Side Implementation.
  • Conversion and Validation happens at client side.
  • Partial Process&Update support for Ajax.
  • I18n support along with component specific messages.
  • Client side Renderers for message components.
  • Easy to write custom client converters and validators.
  • Global or Component based enable/disable.
  • Advanced Bean Validation Integration.
  • Little footprint using HTML5.

So it is not a question of client-side OR server-side but whether you want/can use client-side validations to enhance user-experience so some of the (very few) downsides of JSF (round-trips for validations) is reduced.

0
votes

Validations done in the Java Code(Managed Bean) on the server are server side validations. Another direct means of validation could be f:validate (Refer)