JSF验证是客户端还是服务器端?

时间:2022-03-14 16:15:49

I implemented my validation logic as follows:

我实现了我的验证逻辑如下:

        <h:inputText id="title" value="#{...}" 
            required="true" requiredMessage="...some..text..." 
            validatorMessage="...some..other..text..." >
            <f:validateLength minimum="10" maximum="50"/>
        </h:inputText>

I read a lot about clientside and serverside validation and about their advantages and disadvantages. But I have no idea about what the code above does.

我阅读了很多关于客户端和服务器端验证以及它们的优缺点。但我不知道上面的代码是做什么的。

Can somebody please explain that :-)

有人可以解释一下:-)

Cheers

干杯

1 个解决方案

#1


30  

In client side validation, it's the client (webbrowser) which validates the input with help of a client side language, e.g. JavaScript. In server side validation, it's the server (webserver) which validates the input with help of a server side language, e.g. Java.

在客户端验证中,它是客户端(webbrowser),它借助客户端语言验证输入,例如, JavaScript的。在服务器端验证中,它是服务器(webserver),它借助服务器端语言验证输入,例如, Java的。

You should never do only client side validation, because the result is controllable (and thus also hackable/spoofable) by the enduser. Usually, you'd like to use client side validation because it gives much sooner feedback. The enduser doesn't need to wait for the form submit being completed and doesn't need to face a "flash of content" (page blanks out and then redisplays with new content). You'd like to use server side validation to ensure the integrity of the submitted data. The enduser has in no way control over the outcome of the server side validation.

您永远不应该只进行客户端验证,因为最终用户的结果是可控的(因此也是可黑客/可欺骗的)。通常,您希望使用客户端验证,因为它可以提供更快的反馈。最终用户不需要等待表单提交完成,也不需要面对“内容闪存”(页面空白然后重新显示新内容)。您希望使用服务器端验证来确保提交数据的完整性。最终用户无法控制服务器端验证的结果。

In case of JSF, the validation is always server side. Since JSF 2.0 it's possible to submit a form (and thus also validate the form) using builtin ajaxical functionality. This combines the best of the two worlds: having instant feedback without flash of content and the robustness/integrity of the server side validation.

在JSF的情况下,验证始终是服务器端。从JSF 2.0开始,可以使用内置的ajaxical功能提交表单(从而也验证表单)。这结合了两个世界中最好的:具有没有内容闪存的即时反馈和服务器端验证的稳健性/完整性。

#1


30  

In client side validation, it's the client (webbrowser) which validates the input with help of a client side language, e.g. JavaScript. In server side validation, it's the server (webserver) which validates the input with help of a server side language, e.g. Java.

在客户端验证中,它是客户端(webbrowser),它借助客户端语言验证输入,例如, JavaScript的。在服务器端验证中,它是服务器(webserver),它借助服务器端语言验证输入,例如, Java的。

You should never do only client side validation, because the result is controllable (and thus also hackable/spoofable) by the enduser. Usually, you'd like to use client side validation because it gives much sooner feedback. The enduser doesn't need to wait for the form submit being completed and doesn't need to face a "flash of content" (page blanks out and then redisplays with new content). You'd like to use server side validation to ensure the integrity of the submitted data. The enduser has in no way control over the outcome of the server side validation.

您永远不应该只进行客户端验证,因为最终用户的结果是可控的(因此也是可黑客/可欺骗的)。通常,您希望使用客户端验证,因为它可以提供更快的反馈。最终用户不需要等待表单提交完成,也不需要面对“内容闪存”(页面空白然后重新显示新内容)。您希望使用服务器端验证来确保提交数据的完整性。最终用户无法控制服务器端验证的结果。

In case of JSF, the validation is always server side. Since JSF 2.0 it's possible to submit a form (and thus also validate the form) using builtin ajaxical functionality. This combines the best of the two worlds: having instant feedback without flash of content and the robustness/integrity of the server side validation.

在JSF的情况下,验证始终是服务器端。从JSF 2.0开始,可以使用内置的ajaxical功能提交表单(从而也验证表单)。这结合了两个世界中最好的:具有没有内容闪存的即时反馈和服务器端验证的稳健性/完整性。