'Data leak from the form object

I am trying the form validation for updating password. Expected Behaviour: if Test#123 is submitted in the form it should validate the password (Atleast 1 Upper, 1 lower, 1 special character and minimum 8charcters length)be sent as Test#123 .

Actual Behaviour Test#123 is submitted in the form, validations are working fine but # is getting lost and only Test123 is being sent to the validator. I don't know why! please look at the screenshot here Click here .

Here is the code, please view this and suggest me where I went wrong.

Controller code:

@RequestMapping(value = "/update-password", method = RequestMethod.POST)
    public String updatePassword(final UpdatePasswordForm updatePasswordForm, final BindingResult result,
                                 final RedirectAttributes redirectAttributes) throws CMSItemNotFoundException
    {
        passwordValidator.validate(updatePasswordForm, result);

        if (result.hasErrors())
        {
            redirectAttributes.addAttribute("hasPwdError", true);
            publishResult(redirectAttributes, "updatePasswordForm", result);
            addFlashMessage(redirectAttributes, ERROR_MESSAGES_HOLDER, "form.global.error");
        }
        else
        {
            try
            {
                redirectAttributes.addAttribute("hasPwdError", false);
                customerFacade.changePassword(updatePasswordForm.getCurrentPassword(), updatePasswordForm.getNewPassword());
                addFlashMessage(redirectAttributes, CONF_MESSAGES_HOLDER, "text.account.confirmation.password.updated", null);
            }
            catch (final PasswordMismatchException localException)
            {
                publishResult(redirectAttributes, "updatePasswordForm", result);
                result.rejectValue("currentPassword", "profile.currentPassword.invalid", new Object[] {},
                        "profile.currentPassword.invalid");
            }
        }
        return REDIRECT_TO_PROFILE_PAGE;
    }

Validator.java:

public class PasswordValidator extends PasswordValidator
{
    public static final Pattern specailCharPattern = Pattern.compile("[^a-z0-9A-Z]", Pattern.CASE_INSENSITIVE);
    public static final Pattern UpperCasePattern = Pattern.compile("[A-Z]");
    public static final Pattern lowerCasePattern = Pattern.compile("[a-z]");
    public static final Pattern digitPattern = Pattern.compile("[0-9]");
    public static final Pattern spacePattern = Pattern.compile("\\s");
    @Override
    public void validate(final Object object, final Errors errors)
    {
        final UpdatePasswordForm passwordForm = (UpdatePasswordForm) object;
        final String newPasswd = passwordForm.getNewPassword();
        final String checkPasswd = passwordForm.getCheckNewPassword();
        final String currPasswd = passwordForm.getCurrentPassword();

        if (StringUtils.isEmpty(currPasswd))
        {
            errors.rejectValue("currentPassword", "profile.currentPassword.invalid");
        }

        if (StringUtils.isEmpty(newPasswd))
        {
            errors.rejectValue("newPassword", "updatePwd.pwd.invalid");
        }
        else if (StringUtils.isEmpty(checkPasswd))
        {
            errors.rejectValue("checkNewPassword", "updatePwd.pwd.invalid");
        }
        else if(currPasswd.equals(newPasswd)){
            errors.rejectValue("newPassword", "updatePwd.same");
        }
        else if(newPasswd.equals(checkPasswd)){
            String test=newPasswd;
            if((newPasswd.length() < 8 || newPasswd.length() >=255 )|| (checkPasswd.length() < 8 || newPasswd.length() >=255 )){ errors.rejectValue("newPassword", "register.pwd.length"); }
            if(!specailCharPattern.matcher(test.replaceAll("\\s", "")).find()){errors.rejectValue("newPassword", "register.pwd.specialchar");}
            if(!UpperCasePattern.matcher(newPasswd).find()){errors.rejectValue("newPassword", "register.pwd.uppercase");}
            if(!lowerCasePattern.matcher(newPasswd).find()){errors.rejectValue("newPassword", "register.pwd.lowercase");}
            if(!digitPattern.matcher(newPasswd).find()){errors.rejectValue("newPassword", "register.pwd.digit");}
            if(spacePattern.matcher(newPasswd).find()){errors.rejectValue("newPassword", "register.pwd.space");}
        }
        else{
            errors.rejectValue("newPassword","validation.checkPwd.equals");
        }

    }
}
/**
 * Form object for updating the password.
 */
UpdatePasswordForm.java

public class UpdatePasswordForm
{
    private String currentPassword;
    private String newPassword;
    private String checkNewPassword;

    public String getCurrentPassword()
    {
        return currentPassword;
    }

    public void setCurrentPassword(final String currentPassword)
    {
        this.currentPassword = currentPassword;
    }

    public String getNewPassword()
    {
        return newPassword;
    }

    public void setNewPassword(final String newPassword)
    {
        this.newPassword = newPassword;
    }

    public String getCheckNewPassword()
    {
        return checkNewPassword;
    }

    public void setCheckNewPassword(final String checkNewPassword)
    {
        this.checkNewPassword = checkNewPassword;
    }
}
javaspringformsvalidationspring-mvc


Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source

Related Questions