Because in permissionForm.jsp, the form has inputs for the permissions field only, hence when submiting it, it will pass on a User object with the permissions field only populated, the rest will be null. If you need to have values in the rest of the fields, add hidden inputs like this:
<form:form action="/show" method="post" modelAttribute="user">
<form:errors path="*" cssClass="errorblock" element="div"/>
<p>
<form:select path="permissions">
<form:options items="${permissions}"/>
</form:select>
<form:hidden path="name"/>
<form:hidden path="age"/>
<form:hidden path="email"/>
</p>
<p><input type="submit" value="Add"/></p>
</form:form>
However, for the password field, I wouldn't advise adding a hidden field in the JSP because it will expose the password for anyone who can read html source.
Another and better solution would be using the session, by storing and modifying the user in the session between forms, first store the user on the first submit:
@RequestMapping(value = "/user", method = RequestMethod.POST)
public String processedForm(@ModelAttribute("user") User user, BindingResult result,
ModelMap model,HttpSession session) {
if (result.hasErrors()) {
return "form/userForm";
}
session.setAttribute("user",user);
ArrayList<String> p = new ArrayList<String>();
p.add("add_user");
p.add("delete_user");
model.addAttribute("permissions", p);
model.addAttribute("user", user);
return "form/permissionForm";
}
@RequestMapping(value = "/show", method = RequestMethod.POST)
public String show(@ModelAttribute("user") User user, BindingResult result,HttpSession session) {
User userInSession = (User)session.getAttribute("user");
userInSession.setPermissions(user.getPermissions());
if (result.hasErrors()) {
System.out.println("Error");
return "show";
} else {
System.out.println(userInSession);
return "show";
}
}