The question isn't clear.
Yes, an action's validate()
method obviously validates on the server side.
This is a Good Thing, because data must be validated on the server side, regardless of whether or not any client-side validation occurs. Consider (a) users that have JavaScript disabled, and (b) hand-crafted requests not made through a browser. While (a) is increasingly uncommon, (b) is a legitimate danger.
You cannot rely on JS-only validation.