Geek Answers Handbook

Should I duplicate checks at my MVC level and service level?

Right now I'm a little upset. I have a web application using Stripes for MVC framework and Spring / Hibernate for background. I have a way to register an account in my MVC layer, which requires the following verification:

  • Username not done yet
  • The email address you provided is not yet associated with another account.

I have a test method in Stripes (MVC layer) that checks these two cases, but wondered if my service level should duplicate these checks? If a service-level interface was presented as a web service, I think validation would be a good idea, but if it is used only in the context of a web application, is this required?

Edit: I'm not going to duplicate the verification code - I mean duplicating the verification method calls in two places.

I see my options as:

  • Duplicate validation calls in both MVC and service level
  • Perform this check only at the MVC level
  • Perform this check only at the service level.

What is the best practice here? I am looking for advice / opinions on which option I should go and why.

Please note that there are simple checks for checking the input fields of the registration form (for example, checking spaces) and that I think that they should only be processed using the MVC check; My only concern is a more complex check.

+7
java spring validation stripes
source share
4 answers

Annie

Good question, I asked myself the same thing in many cases. Here is what I ended up (so far).

The cleanest (but tedious) approach is to invoke validation logic in both layers. A pragmatic approach may be to only link to a website (for example, to your controllers).

I think there is no answer that ends all discussions. I think it depends on the context of your project. If the size of the project is modest (from the point of view of people and the size of the code base), and you are sure that not many of the codes will be developed by others that refer to your services API (to the extent that you cannot control), then check at the web level may be enough.

However, if you expect that many customers may need higher level security. When I talk about security here, I find it as a level of consistency - the guarantees you need. If this level is high, there is no way around it: you will need to do this both in the service (to ensure security) and in the web level (mainly to provide end users with an acceptable experience).

So the key driver here is security and how much you really need it. If you need a lot, you go for a "purist" approach. If your application does not exactly make decisions regarding issues of life and death, you go for a pragmatic approach.

+1
source share

Do not duplicate the code. Use the JSR303 Bean Validation so you can use the same validation logic at all levels of your application.

Hibernate Validator (a separate project from Hibernate ORM) provides a reference implementation of this interface. It is easy to use, you can start with it very quickly .

+5
source share

In my opinion, you should distinguish between two types of validation:

  • Verification of format data: what should be confirmed at the presentation level (MVC in your case). Typically both client and server side
  • Bussines data validation: what needs to be confirmed at the service level

In your case, your checks are related to business rules, so I will put them only at the service level. In addition, if you duplicate your checks in both layers, you will do the same queries twice, slowing down the performance of your application.

+3
source share

  • Ideally, check in both layers, as your service level can be used with a client other than the current mvc level

  • Repeat use of the check mechanism in both places (for example, Bean)

+1
source share

More articles:


All Articles