What to do with lookup entities selected from drop down select ? How to send them to the service layer
I am developing a spring mvc based application. I have a simple pojo form object, the problem is that many properties will be taked from drop down lists that are pop开发者_运维技巧ulated from lookup entities, so I return the entity ID to the form object.
public NewCarRequestForm {
private makeId; // this are selected from a drop down.
private modelId;
}
Should I just send this lookup entity ID to the service layer? or should I validated that this ID is correct (Somebody can send any random ID through the request) before and how?
Now there is a problem if I want to validated something based on some property of the lookup entity. Do I perform a database lookup of the entity just to perform the validation?
thanks.
The general rule that I follow is that UI validations should be repeated on the server exactly for request forging reasons.
On the other hand if someone forges a request and gives some random/invalid ID won't your code simply fail because that ID is not present in your persistent storage (DB) ?
If you are worried that someone can make a request that can bypass UI validations and that can be harmful to your system or data, then yes by all means you should repeat the validations on the server even if you need to make DB queries.
Generally client side validations are not mandatory. Server side validations are. Client side validations are just an optimization as they don't require a server call, but they are not actually defending you against anything.
精彩评论