Spring MVC, Signup, Edit personal and Password forms
My Spring MVC application is a website where members can subscribe to indoor and outdoor activities, organized by a member. THe application therefore needs a well-known funcionality to sign up, login and edit/modify personal details. I used Spring MVC in combination with Thymeleaf views. THis works fine but I am struggling with the different forms and try to avoid redundant fields.
The following use cases are required:
Sign up: User chooses a username, password en password confirmation and personal details like birth date, gender, city, personal interests. After submitting the form, form validation checks whether username is not in use and passwords fields are equal.
Edit personal data: When logged in, the user can choose to edit his/her personal data. Username cannot be changed (and is therefore invisible or at least immutable in this form) and password fields are not shown.
Edit password; To change the password, the logged in user enters his existing password for extra security, and the new password and the confirmation of the new password. After committing, the existing password is verified and changed afterwards if and only of the new password and confirmation are matching.
I think this is pretty common functionality. But my issue is that we have only one Member class that can act as the form-backing object (The Spring MVC documentation advises against the use of separate form backing objects). Besides, the password is not stored as the plain entered text, but as the (SHA-256) hash.
For the signup use case, I choose the following approach: THe Member entity object contains one mapped field for the hashed password (which is persisted in the database) and two transient fields for entering the password which are bound to the form and validated for being equal and match other criteria (minimum length, special characters etc):
In the intitial signup form, the new user enters his username, password (Twice) and all other required fields. This works as expected.
But what if the user wants to edit his personal data? We do not want to edit the username and password fields in this scenario. The other fields need to be validated according to the same rules as the signup form. So we should need: 1) A separate form backing object, mimicking the Member object but without username and password fields. This sounds unacceptable to me due to redundancy. 2) Or use the same form backing object but somehow bypassing the username and password fields in the validation. Of course, those fields must be preserved when saving the member object back to the database using Hibernate, but we can make a customized update method in the service layer to handle that.
And the last use case is modifying the password. For this I want a separate form with 3 fields, the original password for extra verification and two fields for the new password and its confirmation. I think I should use a separate form backing object for this containing only those 3 fields, but do not want to duplicate the field and validation definitions.
Is there a clean way to do this without redundant definitions? Hope for some thoughts...
