Client Side Validation
10 views
Skip to first unread message
Bobby Johnson
Jan 13, 2009, 1:19:21 PM1/13/09
to sharp-arc...@googlegroups.com
Are there any plans to add client side validation based on NHibernate.Validator? I have been looking around for a project that implements this but am having no luck. Everything seems to point to Castle.Validation. I did find an interesting project called xVal on codeplex that takes attribute based constraints and turns them into client side validation. It currently works with Castle.Validaiton and DataAnnotations. Looks like I would have to write my own RulesProvider to translate NHibernate.Validator to xVal rules. But before I go down that road I thought I would find out what the plans are.
--
"The explanation requiring the fewest assumptions is most likely to be correct."
- Occam's Razor
http://en.wikipedia.org/wiki/Occam's_Razor
--
"The explanation requiring the fewest assumptions is most likely to be correct."
- Occam's Razor
http://en.wikipedia.org/wiki/Occam's_Razor
Billy
Jan 13, 2009, 1:31:30 PM1/13/09
to S#arp Architecture
Hi Bobby,
This is a very good question for the NHibernate forums at
http://forum.hibernate.org/viewforum.php?f=25&sid=b47de9ef47e05dffed2d3d8504cb74c0
. My recommendation is to keep validation on the server side; you can
use Ajax requests to make it appear as though it were client-side.
Billy
This is a very good question for the NHibernate forums at
http://forum.hibernate.org/viewforum.php?f=25&sid=b47de9ef47e05dffed2d3d8504cb74c0
. My recommendation is to keep validation on the server side; you can
use Ajax requests to make it appear as though it were client-side.
Billy
Alec Whittington
Jan 13, 2009, 2:35:08 PM1/13/09
to sharp-arc...@googlegroups.com
To add my $.02. I actually prefer to use jQuery Validation for mine (http://bassistance.de/jquery-plugins/jquery-plugin-validation/)
This allows me the customization I need to knock out complex validation along with built-in validators to handle the simple things. I personally would not want to see client side validators added to #Arch as the validation would be different depending on what your presentation layer consisted of. While MVC is baked in, nothing says the view has to be MVC, it could be web forms, it could be a web service.
Alec Whittington
Bobby Johnson
Jan 13, 2009, 2:46:43 PM1/13/09
to sharp-arc...@googlegroups.com
Both very valid points.
My original question, albeit a fairly convoluted stream of consciousness sort of thing, was to ask if client side validation was going to be a part of S#. Sounds like no. So I can continue on my investigation of using xVal, which uses jquery validation. I do plan on making this functionality a UI concern. I am simply trying to keep it DRY by using the validation framework provided in S#.
Thanks guys.
My original question, albeit a fairly convoluted stream of consciousness sort of thing, was to ask if client side validation was going to be a part of S#. Sounds like no. So I can continue on my investigation of using xVal, which uses jquery validation. I do plan on making this functionality a UI concern. I am simply trying to keep it DRY by using the validation framework provided in S#.
Thanks guys.
Billy
Jan 13, 2009, 4:20:33 PM1/13/09
to S#arp Architecture
That's correct; my intention is to keep #arch very agnostic as to what
is used for the presentation and client interactions. So whatever
suits your fancy for client side validation is the most appropriate
response I suppose.
Billy
On Jan 13, 12:46 pm, Bobby Johnson <bobby.john...@gmail.com> wrote:
> Both very valid points.
>
> My original question, albeit a fairly convoluted stream of consciousness
> sort of thing, was to ask if client side validation was going to be a part
> of S#. Sounds like no. So I can continue on my investigation of using xVal,
> which uses jquery validation. I do plan on making this functionality a UI
> concern. I am simply trying to keep it DRY by using the validation framework
> provided in S#.
>
> Thanks guys.
>
> On Tue, Jan 13, 2009 at 11:35 AM, Alec Whittington <
>
>
>
> alec.whitting...@gmail.com> wrote:
> > To add my $.02. I actually prefer to use jQuery Validation for mine (
> >http://bassistance.de/jquery-plugins/jquery-plugin-validation/)<http://bassistance.de/jquery-plugins/jquery-plugin-validation/>
is used for the presentation and client interactions. So whatever
suits your fancy for client side validation is the most appropriate
response I suppose.
Billy
On Jan 13, 12:46 pm, Bobby Johnson <bobby.john...@gmail.com> wrote:
> Both very valid points.
>
> My original question, albeit a fairly convoluted stream of consciousness
> sort of thing, was to ask if client side validation was going to be a part
> of S#. Sounds like no. So I can continue on my investigation of using xVal,
> which uses jquery validation. I do plan on making this functionality a UI
> concern. I am simply trying to keep it DRY by using the validation framework
> provided in S#.
>
> Thanks guys.
>
> On Tue, Jan 13, 2009 at 11:35 AM, Alec Whittington <
>
>
>
> alec.whitting...@gmail.com> wrote:
> > To add my $.02. I actually prefer to use jQuery Validation for mine (
>
> > This allows me the customization I need to knock out complex validation
> > along with built-in validators to handle the simple things. I personally
> > would not want to see client side validators added to #Arch as the
> > validation would be different depending on what your presentation layer
> > consisted of. While MVC is baked in, nothing says the view has to be MVC, it
> > could be web forms, it could be a web service.
>
> > Alec Whittington
>
> > This allows me the customization I need to knock out complex validation
> > along with built-in validators to handle the simple things. I personally
> > would not want to see client side validators added to #Arch as the
> > validation would be different depending on what your presentation layer
> > consisted of. While MVC is baked in, nothing says the view has to be MVC, it
> > could be web forms, it could be a web service.
>
> > Alec Whittington
>
> > On Tue, Jan 13, 2009 at 11:31 AM, Billy <googlegro...@emccafferty.com>wrote:
>
> >> Hi Bobby,
>
> >> This is a very good question for the NHibernate forums at
>
> >>http://forum.hibernate.org/viewforum.php?f=25&sid=b47de9ef47e05dffed2...
>
> >> Hi Bobby,
>
> >> This is a very good question for the NHibernate forums at
>
> >> . My recommendation is to keep validation on the server side; you can
> >> use Ajax requests to make it appear as though it were client-side.
>
> >> Billy
>
> >> On Jan 13, 11:19 am, Bobby Johnson <bobby.john...@gmail.com> wrote:
> >> > Are there any plans to add client side validation based on
> >> > NHibernate.Validator? I have been looking around for a project that
> >> > implements this but am having no luck. Everything seems to point to
> >> > Castle.Validation. I did find an interesting project called xVal on
> >> codeplex
> >> > that takes attribute based constraints and turns them into client side
> >> > validation. It currently works with Castle.Validaiton and
> >> DataAnnotations.
> >> > Looks like I would have to write my own RulesProvider to translate
> >> > NHibernate.Validator to xVal rules. But before I go down that road I
> >> thought
> >> > I would find out what the plans are.
>
> >> > --
> >> > "The explanation requiring the fewest assumptions is most likely to be
> >> > correct."
>
> >> > - Occam's Razorhttp://en.wikipedia.org/wiki/Occam's_Razor<http://en.wikipedia.org/wiki/Occam%27s_Razor>
> >> use Ajax requests to make it appear as though it were client-side.
>
> >> Billy
>
> >> On Jan 13, 11:19 am, Bobby Johnson <bobby.john...@gmail.com> wrote:
> >> > Are there any plans to add client side validation based on
> >> > NHibernate.Validator? I have been looking around for a project that
> >> > implements this but am having no luck. Everything seems to point to
> >> > Castle.Validation. I did find an interesting project called xVal on
> >> codeplex
> >> > that takes attribute based constraints and turns them into client side
> >> > validation. It currently works with Castle.Validaiton and
> >> DataAnnotations.
> >> > Looks like I would have to write my own RulesProvider to translate
> >> > NHibernate.Validator to xVal rules. But before I go down that road I
> >> thought
> >> > I would find out what the plans are.
>
> >> > --
> >> > "The explanation requiring the fewest assumptions is most likely to be
> >> > correct."
>
Frank
Jan 13, 2009, 6:07:56 PM1/13/09
to S#arp Architecture
I would second this because client-side validation is almost entirely
useless if you have a good framework in place to have all validation
done on the server side. Here's a bunch of reasons why:
1. Client-side validation is insecure. Anyone with wget/curl can just
bypass all your validation if none exists on the server. NEVER trust
the client.
2. If you have both client-side and server-side validation, now you
most likely have duplicate code; hard to maintain.
3. Ajax allows you to make server-side validation appear (to the user)
as if it were really client-side validation. I never use plain HTML
form posts anymore, too many ways that things can go wrong.
4. Performance is usually not a factor if your communications between
client/server is lightweight, like with simple JSON objects.
-Frank
> This is a very good question for the NHibernate forums athttp://forum.hibernate.org/viewforum.php?f=25&sid=b47de9ef47e05dffed2...
useless if you have a good framework in place to have all validation
done on the server side. Here's a bunch of reasons why:
1. Client-side validation is insecure. Anyone with wget/curl can just
bypass all your validation if none exists on the server. NEVER trust
the client.
2. If you have both client-side and server-side validation, now you
most likely have duplicate code; hard to maintain.
3. Ajax allows you to make server-side validation appear (to the user)
as if it were really client-side validation. I never use plain HTML
form posts anymore, too many ways that things can go wrong.
4. Performance is usually not a factor if your communications between
client/server is lightweight, like with simple JSON objects.
-Frank
> This is a very good question for the NHibernate forums athttp://forum.hibernate.org/viewforum.php?f=25&sid=b47de9ef47e05dffed2...
Bobby Johnson
Jan 13, 2009, 7:37:54 PM1/13/09
to sharp-arc...@googlegroups.com
Frank,
I disagree.
Why not prevent the client side round trip if you can? Sure you can get around it, but that is why you do the validation again on the server.
My goal is to have NHibernate.Validator functionality in two places but defined once. I set my attributes up and jquery validation is generated based on it.. and server side it is validated. Best of both worlds.
I disagree.
Why not prevent the client side round trip if you can? Sure you can get around it, but that is why you do the validation again on the server.
My goal is to have NHibernate.Validator functionality in two places but defined once. I set my attributes up and jquery validation is generated based on it.. and server side it is validated. Best of both worlds.
Frank
Jan 14, 2009, 1:05:15 AM1/14/09
to S#arp Architecture
Sounds good, provided that the server-side validation gives reasonable
errors and not ugly exceptions to end users. A big concern for me
(having done security audits in the past) is seeing only client-side
validation. One issue I've seen is when a unique constraint is applied
(say on a username when creating new user accounts), it might be
confusing for users to have client-side validation succeed on the
first part of a form and then have it fail in a later part (presumably
because some other user was just created with the same username). This
happens more frequently then you might think if say you're running a
site that has content for a popular television series and a new
character in the show is introduced.
> > > > - Occam's Razorhttp://en.wikipedia.org/wiki/Occam's_Razor<http://en.wikipedia.org/wiki/Occam%27s_Razor>
errors and not ugly exceptions to end users. A big concern for me
(having done security audits in the past) is seeing only client-side
validation. One issue I've seen is when a unique constraint is applied
(say on a username when creating new user accounts), it might be
confusing for users to have client-side validation succeed on the
first part of a form and then have it fail in a later part (presumably
because some other user was just created with the same username). This
happens more frequently then you might think if say you're running a
site that has content for a popular television series and a new
character in the show is introduced.
Martin Hornagold
Jan 14, 2009, 5:02:13 AM1/14/09
to sharp-arc...@googlegroups.com
Frank,
I agree. I think that some validation should be done on the client if possible.
No web user in 2009 expects a round trip to a server to check required fields are completed or in the correct format.
I think that #arch should look at providing some form of client validation or at least the interfaces for doing so.
xVal looks very interesting : http://blog.codeville.net/2009/01/10/xval-a-validation-framework-for-aspnet-mvc/
Luis Abreu
Jan 14, 2009, 6:36:39 AM1/14/09
to sharp-arc...@googlegroups.com
Yes, client side validation should perform the basic tasks but the domain should always have the final word regarding validation.
From: sharp-arc...@googlegroups.com
[mailto:sharp-arc...@googlegroups.com] On Behalf Of Bobby Johnson
Sent: quarta-feira, 14 de Janeiro de 2009 00:38
To: sharp-arc...@googlegroups.com
Subject: Re: Client Side Validation
Frank,
Bobby Johnson
Jan 14, 2009, 10:42:32 AM1/14/09
to sharp-arc...@googlegroups.com
Martin,
I am planning to write an IRulesProvider for xVal based on S#'s validation. If you would like to pair on the idea let me know and we can set something up.
Bobby
I am planning to write an IRulesProvider for xVal based on S#'s validation. If you would like to pair on the idea let me know and we can set something up.
Bobby
Martin Hornagold
Jan 14, 2009, 11:42:58 AM1/14/09
to sharp-arc...@googlegroups.com
Bobby,
I’m not sure on using xVal.
I like the concept, but I have some issues with the implementation having looked at the source code a bit today.
I think it would be good if Steve could convince the validation frameworks such as Castle and MS to use his IRulesProvider convention,
but it seems a bit hacky to me the way he converts them.
I think I will probably opt for using #arch (and therefore NHibernate.Validator) and then implementing my own Html helpers and scripts to inject the client side code.
Bobby Johnson
Jan 14, 2009, 12:00:36 PM1/14/09
to sharp-arc...@googlegroups.com
Martin,
Sounds good. I agree with you on the smelliness of the object conversion of xVal. I would be interested in seeing what you come up with.
Thanks for the input,
Bobby
Sounds good. I agree with you on the smelliness of the object conversion of xVal. I would be interested in seeing what you come up with.
Thanks for the input,
Bobby
Alexander Popov
Jan 23, 2009, 3:49:39 AM1/23/09
to S#arp Architecture
But NHibernate.Validator validating Domain Model.
But some checks is UI layer only. for example password confirmation
when registration, CAPTCHA, etc.
How about it? I don't want have to different validation frameworks.
> > > > - Occam's Razorhttp://en.wikipedia.org/wiki/Occam's_Razor<http://en.wikipedia.org/wiki/Occam%27s_Razor>
>
> - Показать цитируемый текст -
But some checks is UI layer only. for example password confirmation
when registration, CAPTCHA, etc.
How about it? I don't want have to different validation frameworks.
>
> --
> "The explanation requiring the fewest assumptions is most likely to be
> correct."
>
> - Occam's Razorhttp://en.wikipedia.org/wiki/Occam's_Razor- Скрыть цитируемый текст -
> --
> "The explanation requiring the fewest assumptions is most likely to be
> correct."
>
>
> - Показать цитируемый текст -
Jay Oliver
Jan 23, 2009, 9:11:39 AM1/23/09
to S#arp Architecture
It seems like if you're using more of a ViewModel approach, validation
on the domain model won't really be that helpful in generating client
side validation either.
> > - Occam's Razorhttp://en.wikipedia.org/wiki/Occam's_Razor-Скрыть цитируемый текст -
on the domain model won't really be that helpful in generating client
side validation either.
Luis Abreu
Jan 23, 2009, 9:21:17 AM1/23/09
to sharp-arc...@googlegroups.com
> It seems like if you're using more of a ViewModel approach, validation
> on the domain model won't really be that helpful in generating client
> side validation either.
> on the domain model won't really be that helpful in generating client
> side validation either.
Yep, unfortunately you won't be able to reuse domain validation code in the
presentation layer...
Alexander Popov
Jan 23, 2009, 9:28:33 AM1/23/09
to S#arp Architecture
hm... so... duplicate?
Luis Abreu
Jan 23, 2009, 9:57:07 AM1/23/09
to sharp-arc...@googlegroups.com
> hm... so... duplicate?
>
Only part. In my opinion, the only validation you should be doing in the UI
should be basic validations. Things like ensuring that the fields don't more
than x chars, etc. All the rest should really be done on the domain.
>
Only part. In my opinion, the only validation you should be doing in the UI
should be basic validations. Things like ensuring that the fields don't more
than x chars, etc. All the rest should really be done on the domain.
Luis
Kyle Baley
Jan 23, 2009, 12:35:37 PM1/23/09
to sharp-arc...@googlegroups.com
In particular, CAPTCHA validation shouldn't be a domain concern, should it?
Billy
Jan 23, 2009, 1:00:01 PM1/23/09
to S#arp Architecture
Perhaps a validatable RegisterSubmission object could live within the
controllers or service layer which would handle CAPTCHA checking?
Other ideas?
Billy
controllers or service layer which would handle CAPTCHA checking?
Other ideas?
Billy
Alexander Popov
Jan 23, 2009, 3:15:20 PM1/23/09
to S#arp Architecture
2Luis.
Did you mean that some checks( as field lenght ) is Not Domain Model
validation and applied only for View?
We have ViewModel objects and domain Entities.
suppose we have framework that can translate simple validation rules
to jQuery.validation notation.
how distribute validation check between that ( validation by
attributes for simple):
RegistrationData{
[Length( Min=5 )//need this in Domain Entity?
Name
[Length( Min=6 )]//need this in Domain Entity?
Password
[SameWith(Password) ]
PasswordConfirmation
[email]//duplicate email validate?
Email
[Captcha]
CAPTCHA
}
User:Entity
{
[NotNulNotEmpty]
Name
[NotNulNotEmpty]
Password
[Email]
Email
}
In my mind it will be some fluent interface that allow discribe
validation rules AND apply another|parent rules.
public UserValidation: EntityValidation<User>
{
public UserValidation()
{
NotNullNotEmpty(x => x.Name);
NotNullNotEmpty(x => x.Password);
Length(x => x.Name, 5);
Length(x => x.Password, 6);
Email( x=> x.Email );
PasswordComplexity( x=> x.Email,
PasswordComplexityLevel.Strong );
}
}
public RegistrationDataValidation: ViewDataValidation<
RegistrationData >
{
public RegistrationDataValidation()
{
InheritValidation<User>( );
Match( x=>x.Password, y=>y.PasswordConfirmation );
}
}
Did you mean that some checks( as field lenght ) is Not Domain Model
validation and applied only for View?
We have ViewModel objects and domain Entities.
suppose we have framework that can translate simple validation rules
to jQuery.validation notation.
how distribute validation check between that ( validation by
attributes for simple):
RegistrationData{
[Length( Min=5 )//need this in Domain Entity?
Name
[Length( Min=6 )]//need this in Domain Entity?
Password
[SameWith(Password) ]
PasswordConfirmation
[email]//duplicate email validate?
[Captcha]
CAPTCHA
}
User:Entity
{
[NotNulNotEmpty]
Name
[NotNulNotEmpty]
Password
[Email]
}
In my mind it will be some fluent interface that allow discribe
validation rules AND apply another|parent rules.
public UserValidation: EntityValidation<User>
{
public UserValidation()
{
NotNullNotEmpty(x => x.Name);
NotNullNotEmpty(x => x.Password);
Length(x => x.Name, 5);
Length(x => x.Password, 6);
Email( x=> x.Email );
PasswordComplexity( x=> x.Email,
PasswordComplexityLevel.Strong );
}
}
public RegistrationDataValidation: ViewDataValidation<
RegistrationData >
{
public RegistrationDataValidation()
{
InheritValidation<User>( );
Match( x=>x.Password, y=>y.PasswordConfirmation );
}
}
Alexander Popov
Jan 24, 2009, 6:14:00 AM1/24/09
to S#arp Architecture
> suppose we have framework that can translate simple validation rules
today i get another issue for such framework - field size also would
be synchronized between Domain Model and Client Side input
**size="XXX"**
lightglitch
Jan 24, 2009, 9:25:46 AM1/24/09
to S#arp Architecture
Look at this article:
http://blogs.taiga.nl/martijn/archive/2008/12/08/validation-in-asp.net-mvc-part-4-example-with-server-side.aspx
It implements something similar using Castle Monorail validation and
jQuery.
http://blogs.taiga.nl/martijn/archive/2008/12/08/validation-in-asp.net-mvc-part-4-example-with-server-side.aspx
It implements something similar using Castle Monorail validation and
jQuery.
Billy
Jan 24, 2009, 5:23:18 PM1/24/09
to S#arp Architecture
If anyone has specific implementations and/or tutorials concerning how
you're using validation with S#arp projects. Feel free to add new
pages and/or example uploads to the newly added S#arp Wiki and Files
sections of this group.
Billy
> http://blogs.taiga.nl/martijn/archive/2008/12/08/validation-in-asp.ne...
you're using validation with S#arp projects. Feel free to add new
pages and/or example uploads to the newly added S#arp Wiki and Files
sections of this group.
Billy
> http://blogs.taiga.nl/martijn/archive/2008/12/08/validation-in-asp.ne...
lightglitch
Jan 24, 2009, 8:03:09 PM1/24/09
to S#arp Architecture
In a week (more or less) I'm going to try integrate this article in
s#arp and then, if it looks good, I will share it.
s#arp and then, if it looks good, I will share it.
Reply all
Reply to author
Forward
0 new messages