SecurID® Governance & Lifecycle Blog

Subscribe to the official SecurID Governance & Lifecycle community blog for information about new product features, industry insights, best practices, and more.

Request Forms - Validation

Moderator Moderator
13 1 1,802

Validation is a key thing to consider when building a form.  While you have the submitter's attention, you should ensure the data is accurate and nothing is missing that will lead to a bottleneck later when processing the request.  For example, if I need a cost center to do the billing for the fulfillment, get that up front and ensure it is right rather than create an activity assigned to someone later on.


You can do the validation at two different levels:

  • Field level
  • Form level


Field Level

Field level validation is useful to ensure the value entered meets expectations.  This is specific to the field.  If the validation is more specific to the interaction of multiple fields, it is probably best done as a form level validation script.


So how do I do field level validation?  Every form control has an optional validation URI field.  If specified, this url will get called when the control's value changes.


This URI is expected to adhere to the following contract:

  • Input Parameters: Request parameters with the following names (name, question, value)
  • Output: Print error message (if any). Empty to proceed.


Example: Validate Phone

In this example we are validating the field has a value properly formatted as a phone number:


    String name = request.getParameter("name");

    String question = request.getParameter("question");

    String value = request.getParameter("value");

    if (value == null || !value.matches("[(][0-9][0-9][0-9][)] ?[0-9][0-9][0-9]-[0-9][0-9][0-9][0-9]")) {

        out.println("Invalid phone number for " + question + ", expected (###) ###-####");




Form Level

Form level validation is useful when you want to evaluate the entire request that is being submitted.  For example, you may want to validate that if the region field is Canada that certain fields are provided (you could also solve this using conditions and is required flags).


Similar to field level validation, you specify a URI to invoke when the Next button is clicked to submit the form.  This URI is specified on the form detail page.


This URI is expected to adhere to the following contract:

  • Input Parameters: Request parameters prefixed by 'value.' or 'question.'
  • Output: Print error message(s) (if any). Empty to proceed.


Example: Validate Form

In this example we are looking at what form values we have an print that out.  Lastly, this example validates that the form had a v2 field with an expected value:

<%@ page import="java.util.Enumeration" %>

<%@ page import="java.util.HashMap" %>

<%@ page import="java.util.Properties" %>

<%@ page import="" %>


    HashMap<String, String> values = new HashMap<String, String>();

    HashMap<String, String> questions = new HashMap<String, String>();


    // Make the parameters and questions easy to access

    for (Enumeration e = request.getParameterNames(); e.hasMoreElements();) {

        String name = e.nextElement().toString();

        String value = request.getParameter(name);

        if (name.startsWith("value.")) values.put(name.substring(6), value);

        if (name.startsWith("question.")) questions.put(name.substring(9), value);



    System.out.println("validateform.jsp request method=" + request.getMethod());

    System.out.println("validateform.jsp parameterMap=" + request.getParameterMap());

    System.out.println("validateform.jsp values=" + values);

    System.out.println("validateform.jsp questions=" + questions);


    Properties outputProps = new Properties();


    if (!values.containsKey("v2")) {

        outputProps.put("error","Where is the v2 field!");

    } else if (!values.get("v2").contains("Demo")) {

        outputProps.put("error.v2","I am expecting the word Demo here");

        outputProps.put("error","Form validation failed!");



    ByteArrayOutputStream outputStream = new ByteArrayOutputStream();, null);







Posting Your Validation Scripts

The validation scripts represent custom logic you will want to ship as part of your solution.  The best way to do this is by uploading the scripts using the Admin->User Interface->Files page.  Files that are uploaded this way have a number of benefits:

  • The scripts are stored as part of our database so they are backed up
  • Scripts are not lost when patches or upgrades are applied
  • No redeployment of the application (EAR) is required


Once you have uploaded script using the above method, you can reference the script using the uri:

/aveksa/custom/jsp/<your validation form>.jsp

1 Comment