Login | Register   
LinkedIn
Google+
Twitter
RSS Feed
Download our iPhone app
TODAY'S HEADLINES  |   ARTICLE ARCHIVE  |   FORUMS  |   TIP BANK
Browse DevX
Sign up for e-mail newsletters from DevX


advertisement
 

Java and XML: Learn a Better Approach To Data Validation

Forget client-side script, hard-coded server-side data validation rules, and database retrieval. There's a better way to validate user input data using a combination of Java and XML.


advertisement

WEBINAR: On-Demand

Unleash Your DevOps Strategy by Synchronizing Application and Database Changes REGISTER >

s concern has grown over the security and efficiency of Web-based applications, validation of user input has increased its importance in turn. Relying on scripting for client-side validation is unmanageable, inefficient, and non-portable. Hard-coding data validation rules into server application code ties critical business logic to the presentation tier and makes maintenance extremely troublesome. Web developers need an efficient, secure, and flexible server-side data validation mechanism.

A Java/XML-based data validation approach separates the implementation of common data validation reasoning code from the business rules and criteria data used to validate user input. The validation reasoning code is implemented in Java, while the business-specific rules and data are specified in XML. This approach provides a powerful and flexible way for application developers to specify data validation in a manner that is secure and easy to manage, while decoupling validation rules from the server-side business logic implementation.

Common Approaches to Data Validation
Before delving into the mechanics of Java/XML-based data validation, let's examine some common approaches to handling this problem, along with their relative strengths and weaknesses.

Client-side Scripting: Inflexible and Non-portable
Client-side data validation was the first generation of user input data validation technology for web applications. It is still widely used today. The data validation logic is typically implemented in HTML and Javascript and embedded in the Web pages transmitted to the browser. While it provides faster response time by reducing the number of round trips to the server, this approach has the following shortcomings:

  • Successful data validation relies heavily on client-side configuration. An end user might choose to have Javascript disabled in her browser for security reasons or simply to avoid popup advertisements. Also, different browsers support subtly different feature sets of Javascript; it's often necessary to use different APIs in different browsers to do the same thing.
  • Complex data validation logic usually needs to access data stored on the server. For example, a client-side snippet of Javascript is able to check whether a ZIP code is well-formed, but a more sophisticated application would want to further validate the ZIP code by searching a ZIP code database stored on a Web or database server.
  • The data validation logic, an integral part of the business logic, is removed from the business layer and combined with the presentation layer. This violates the principles of three-tiered architecture, introducing unnecessary coupling that reduces flexibility.
Java-based Validation: Cumbersome and Hard to Customize
A more robust way of handling data validation is to embed data validation logic on the server in a multi-tier architecture. The ability to code the validation logic in Java directly provides unmatched flexibility to deal with very complex logic. However, for sizable forms, this approach soon becomes cumbersome. It generally takes many lines of code to validate each input parameter. The coding process will be labor-intensive, and the final code will be repetitive and lengthy.

The fatal weakness of this approach is the inability to customize the validation rules once an application is in production; the entire software development process (code, debug, test, deploy) needs to be repeated to modify the Java code that implements the rule changes.

Database Retrieval: Inefficient and Expensive
Storing the data validation rules in a database is a different server-side data validation approach—one that is both flexible and easy to customize. The business logic tier retrieves the rules from the database at runtime and checks the data items against them. Compared to the pure Java approach discussed above, this approach sacrifices some flexibility for manageability and ease of customization. However, if we consider the nature of data validation rules, which tend to undergo far less change compared to typical data items stored in a database, the performance cost can be quite high. Also, to be able to manage the rules stored in a database, either an administrative user interface needs to be developed, which increases development cost, or technical personnel with different skill sets (i.e. DBAs) are needed, which increases maintenance cost.

Data Validation Musts: Flexible, Scalable, and Portable
What we need is a data validation approach with the following features:

  • Independence from any client-side operations and the ability to support client types beyond traditional web browsers (e.g. multiple-channel applications that support HTML/WML/voice clients from the same server code base).
  • Seamless integration into the business logic tier of a J2EE-based Web application.
  • Sufficient power to handle typical data validation logic.
  • Ease of customization and administration in production, ideally without necessitating a system outage.
  • Efficiency, incurring only a minimal change in performance.
A Java/XML-based approach satisfies all of these criteria. It proposes a meta-language, or grammar, for application developers to specify rules in XML format, and to parse and execute them at runtime with a Java library that supports this grammar. The rest of this article will explain this approach in detail.


Comment and Contribute

 

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

 

Sitemap
Thanks for your registration, follow us on our social networks to keep up-to-date