Add password and confirmPassword field to the User object instead of having PasswordPair object. Change resetPassword method to have user as inparameter.
And change the validator to validate the user. Here i suppose that you would have password validation even when create a new user?
Ex:
@Controller
public class UserDetails {
@InitBinder
public void binder(WebDataBinder binder) {
binder.addValidators(new PasswordValidator());
}
@RequestMapping(value="/saveUserDetails", method=RequestMethod.POST)
public String saveUserDetails(@ModelAttribute User user) {
...
}
@RequestMapping(value="/resetPassword", method=RequestMethod.POST)
public String resetPassword(@Valid @ModelAttribute User user, BindingResult result) {
...
}
And the Validator
private final static class UserValidator implements Validator {
private final static int MIN_LEN=5;
@Override
public boolean supports(Class<?> clazz) {
return PasswordPair.class.isAssignableFrom(clazz);
}
@Override
public void validate(Object target, Errors errors) {
User user = (User)target;
//1 impose password rules
if (user.getPassword().length()<MIN_LEN) {
errors.rejectValue("password", "Too short", "Password must bne at least "+MIN_LEN+" chars");
}
if (!user.getPassword().equals(user.getConfirmPassword())) {
errors.rejectValue("confirmPassword", "mustMatch", "passwords must match");
}
}
}
or you could look at this post, maybe it'll help you:
Handling password confirmations on spring-mvc