Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Faces validators can provide a nicer UI experience for form field validation than returning messages from the action after form submission. But do I need the belt and braces approach of also validating in the action on form submit? I can’t find a definitive answer on how possible it is to maliciously submit the form bypassing faces validators.
JSF validators run on the server side, not on the client side. They can in no way be bypassed. You should not need to re-validate the whole bunch in the action method. Even more, doing per-field validation in action method instead of in a validator is considered poor practice.