I think you should perform a soft validation at the client side, just to avoid talking to the server continuously to check things. Maybe you can use some JavaScript library to help you with the job (say, jQuery Validation).
In the server side, I could create a separated domain class to validate your use case. I know some guys here would think this is an
anemic domain model but don't get me wrong. Some Customer validation, for example, may need to talk to the CustomerBase or another objects that are out of the "Customer" abstraction. So it doesn't fit to place all the Customer validation in the Customer class.
This new class dedicated to this validation (e.g. CustomerValidation) could have a "validate(obj)" method that throws an exception when the received object is invalid, according to the defined business rules. Note that this class can be reused through different applications or layers in the same application.
An example of a common server processing would be:
// -- save a customer ------------------------------------
customer = createCustomerFromRequestParameters();
cleanCustomer = sanitize( customer ); // << The server sanitizes, but not validates
customerBase = new PersistentCustomerBase();
...
customerValidation = new CustomerValidation( customerBase, ... );
...
customerService = new CustomerService( customerValidation, customerBase, ... );
try {
// save() will call customerValidation.validate( cleanCustomer ) before doing its job
customerService.save( cleanCustomer );
... send successful response ...
} catch (DomainException e) {
... send error response ...
}
// -------------------------------------------------------
What do you think?
- Thiago