I am design an application library that make use of Spring MVC, Spring, and Hibernate. The ADMIN SECTION of the application has similar architecture to Appfuse (i.e. JSP -> Controller -> Service -> DAO). The PUBLIC SECTION of the application has the architecture similar to as WEB SERVICES OR REMOTE -> SERVICE -> DAO. Here are my questions:
1. What is the best way to handle the Spring exception instead of letting propagate to the calling code.
2. Should I handle the Spring translated exceptions at my DAO or at the SERVICE implementation and rethrow my Custom exception? If I handle at the SERVICE layer, I need to rewrite a little bit if I decided to use JDBC instead of Hibernate in the future.
3. How do I prevent people from accessing my SERVICE and DAO Implementation if somehow they have access to it. Can the package private do the job? It's similar to the internal in .NET?
4. Should I validate the parameters at both the SERVICE and DAO?
Thank you very much