hibernate / spring validation in service layer

---added (edit) --

should you do validation at the service layer, even if you validate at the front-end?

eg struts has validations so you can va开发者_高级运维lidate it a lot. (I don't mean java script validations.)

--

are you using hibernate validator or spring validations in your service layer even though you have validations already on front-end?

(front-end validation don't have to be hibernate or spring one)

Consistent Data are one of the most important thing in Enterprice Applications!

So yes: you need to check it twice: in the frontend and in the Service layer.

In our web applications we have different checks at different levels: (I am not talking about inconsistent checks, I am talking about granularity and scope of checks.)

1. Java Script checks of inputfields (max length, not empty ...)
2. The same checks like (1) and some more complex checks in the Server side web controller
3. The important (and sometimes complex) constraints which would break the application logic are checked in the entities and services
4. Everything a database can check easily (not null, forein key, unique) are checked by the database constraints.

IHO it would be the best to check all and everywhere, but this is not possible. So you need a consistent policy where you check what. And this policy strongly depends on the kind of application your are developing.

we used it in combination with wicket as fronend framework. You have to consider that you need to validate in two steps:

1. validating the input, for example: is it an Integer
2. validating against the business logic

We solved the problem using the business validation to validate within wicket. So you don't have to write code twice.

Your question is not specific enough i.e. it doesn't look to solve a single problem (it's more of a poll).

To answer the more specific question of "should you do validation at the service layer, even if you validate at the front-end?", the answer is absolutely. Almost all front-end validation, particularly for web-apps, can be bypassed. You services should implement appropriate validation to ensure that they are consistent and should not rely on validation in the user-space (like Javascript checks) as they are easily defeated.

UPDATE: when deciding to validate between the front-end of the code (the dispatcher/controller) and the service layers, I'd say there's no hard and fast rule. I'd probably check that the input we receive is sensible at the front-end and do the domain-level validation at the service layer.

I would highly recommend using Hibernate Validator and keeping all your validations to the model. Its a good boost to Oops encapsulation as the model now validates itself.