Should validators in spring access the database?

Question

I'm not really sure if it's a good design decision to make the validators validate commands based on the state of the database. For example if I need to validate a User bean besides checking if the email and username are empty etc. I also need to reject values if they are already used. Should this kind of logic go in the validators or the service objects?

Answer 1

That would very much depend on how you define validation. Consider this: You're buying something, and you enter your credit card number. If the check digit does not match, you have failed validation. No transaction has been attempted. If however, it is a valid credit card number, but it does not match your post code (DB/third party interaction required), then that is a payment error.

Now consider this: You are entering your address, and you enter Mastiffica as your country. Why did the system even allow you to enter this - they should have restricted the interface to valid entries only (No DB needed post entry).

Or you enter "fifty" in the amount field of your bank payment screen. Why does it allow letters there - that fails validation (No need for DB). But you then enter 50 in the amount field, and it turns out you don't have fifty pounds in your account. Is that a validation error? Or is it a failed transaction?

Now, consider you have passed all basic entry validations (credit card checksum, country, digits, post code) and the transaction fails, because your credit card has expired. Is that validation error, or a failed transaction?

You can think of validation as a basic guarantee that users won't enter completely wild data, or you can think of validation as "I can complete this transaction with the data I have been given". I would personally favor the former, but again, it's matter of definition.

Then there's the aspect of first line validation as a security measure - wild data that has been accepted past your top UI layer can be a security risk (SQL injection, e.g.)