• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Liutauras Vilda
  • Paul Clapham
Sheriffs:
  • paul wheaton
  • Tim Cooke
  • Henry Wong
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Piet Souris
Bartenders:
  • Mike London

Signup, Edit personal and Modify password forms in Spring MVC

 
Ranch Hand
Posts: 111
PHP Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Spring MVC, Signup, Edit personal and Password forms

My Spring MVC application is a website where members can subscribe to indoor and outdoor activities, organized by a member. THe application therefore needs a well-known funcionality to sign up, login and edit/modify personal details. I used Spring MVC in combination with Thymeleaf views. THis works fine but I am struggling with the different forms and try to avoid redundant fields.

The following use cases are required:

Sign up: User chooses a username, password en password confirmation and personal details like birth date, gender, city, personal interests. After submitting the form, form validation checks whether username is not in use and passwords fields are equal.

Edit personal data: When logged in, the user can choose to edit his/her personal data. Username cannot be changed (and is therefore invisible or at least immutable in this form) and password fields are not shown.

Edit password; To change the password, the logged in user enters his existing password for extra security, and the new password and the confirmation of the new password. After committing, the existing password is verified and changed afterwards if and only of the new password and confirmation are matching.

I think this is pretty common functionality. But my issue is that we have only one Member class that can act as the form-backing object (The Spring MVC documentation advises against the use of separate form backing objects). Besides, the password is not stored as the plain entered text, but as the (SHA-256) hash.

For the signup use case, I choose the following approach: THe Member entity object contains one mapped field for the hashed password (which is persisted in the database) and two transient fields for entering the password which are bound to the form and validated for being equal and match other criteria (minimum length, special characters etc):


In the intitial signup form, the new user enters his username, password (Twice) and all other required fields. This works as expected.

But what if the user wants to edit his personal data? We do not want to edit the username and password fields in this scenario. The other fields need to be validated according to the same rules as the signup form. So we should need: 1) A separate form backing object, mimicking the Member object but without username and password fields. This sounds unacceptable to me due to redundancy. 2) Or use the same form backing object but somehow bypassing the username and password fields in the validation. Of course, those fields must be preserved when saving the member object back to the database using Hibernate, but we can make a customized update method in the service layer to handle that.

And the last use case is modifying the password. For this I want a separate form with 3 fields, the original password for extra verification and two fields for the new password and its confirmation. I think I should use a separate form backing object for this containing only those 3 fields, but do not want to duplicate the field and validation definitions.

Is there a clean way to do this without redundant definitions? Hope for some thoughts...
 
Ranch Hand
Posts: 499
Spring AngularJS Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Klaas van Gelder,

From what I understood from your post, you are going to edit an member object (which has basic validations already) and you are using thymeleaf and hibernate. As far as I know, your editing goes this way. You will retrieve the member object to be edited and pass it to edit page and then save the same object. If you don't provide an option to edit username and password in the edit page, the object will contain the same username and password. It doesn't matter what fields you are going to edit, it won't change. You can use the same object to save it in your database. And in case of new password, retrieve the object, compare the password from it and the new password entered and just use the set password method in the object to replace the new password and persist it. Your basic validations will be done by hibernate. If you want custom validation constraints, see this link.

P.S:
1) I have answered from what I understood from you question, correct me if I am wrong.
2) IMO try using spring data jpa
Difference and Reasons:
1
2 and many more in coderanch and stackoverflow

 
Don't get me started about those stupid light bulbs.
reply
    Bookmark Topic Watch Topic
  • New Topic