The problem here is that you can only "validate" post-de- serialization, and then you have to have knowledge of the DTO type(via reflection/AOP monkey business per type ), which gets complicated FAST.
My best approach was to validate in the "Generic Model" to Domain Object Mapper ( BOTH directions ). Afterall, someone by some other means could subvert your database and inject JS into the tables. On Jun 16, 12:48 am, tamsler <[email protected]> wrote: > In my opinion, the optimal solution would enable a validation > framework on top of the RPC infrastructure so that user can declare > the validation/filter properties. Following an AOP approach to deal > with such concerns. > -- Thomas --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/Google-Web-Toolkit?hl=en -~----------~----~----~----~------~----~------~--~---
