Typical security: no feedback in signup form UI of binding errors

[Forgev41]

When using Typical security, errors in the signup form are not shown in the form. There is no feedback on what went wrong, only an empty screen.

A solution for empty form have I provided at the bottom of this question.

Yet the question remains of how to get the Binding result Validation errors displayed in the form. like in the "Create New user" form.

I'm using Spring 2.0.0.M1 with gvNIX added!

Test script:

// Create a new project
project setup --topLevelPackage com.springsource.pizzashop --projectName pizzashop

jpa setup --provider HIBERNATE --database HYPERSONIC_IN_MEMORY

entity jpa --class ~.domain.Pizza
field string --fieldName name --notNull --sizeMin 10
field number --fieldName price --notNull --type java.math.BigDecimal

// Adding web layers
web mvc setup
web mvc all --package ~.web

// Adding Spring security
typicalsecurity setup

// Adding JQuery, Datatables and Bootstrap
web mvc jquery setup
web mvc jquery all
web mvc datatables setup
web mvc bootstrap setup

web mvc bootstrap update

Change the required length of the password field:

In file ...\src\main\java\com\springsource\pizzashop\domain\User.java

@NotNull
@Size(min = 8) // was (min = 1)
private String password;

In file ..\src\main\java\com\springsource\pizzashop\web\UserRegistrationForm.java apply the same change as above.

@NotNull
@Size(min = 8) // was (min = 1)
private String password;

Add a 1 line of debug information in file ...\src\main\java\com\springsource\pizzashop\web\SignUpController.java

@RequestMapping(method = RequestMethod.POST, produces = "text/html")
public String create(@Valid UserRegistrationForm userRegistration, BindingResult result, Model model, HttpServletRequest request) {
    validator.validate(userRegistration, result);

    System.out.println("Has binding errors: " + result.toString());  // added

    if (result.hasErrors()) {

        return createForm(model);
    } else {

    // Rest of the code

When the password field in the signup form is filled with only one letter instead of 8 an the Recaptcha is wrong the debug line shows the following message:

Has binding errors: org.springframework.validation.BeanPropertyBindingResult: 3 errors

Field error in object 'userRegistrationForm' on field 'repeatPassword': rejected value [a]; codes [Size.userRegistrationForm.repeatPassword,Size.repeatPassword,Size.java.lang.String,Size]; arguments [org.springframework.context.support.DefaultMessageSourceResolvable: codes [userRegistrationForm.repeatPassword,repeatPassword]; arguments []; default message [repeatPassword],2147483647,8]; default message [size must be between 8 and 2147483647]

Field error in object 'userRegistrationForm' on field 'password': rejected value [a]; codes [Size.userRegistrationForm.password,Size.password,Size.java.lang.String,Size]; arguments [org.springframework.context.support.DefaultMessageSourceResolvable: codes [userRegistrationForm.password,password]; arguments []; default message [password],2147483647,8]; default message [size must be between 8 and 2147483647]

Error in object 'userRegistrationForm': codes [recaptcha.mismatch.userRegistrationForm,recaptcha.mismatch]; arguments []; default message [null]

This is correct, however no feedback is shown in the form the user sees on screen!
So for the user it is not clear what went wrong and why the form does not save, but comes back.

What I expect is the same behavior as in the "Create New User" form.
When in this form the password field is also filled with one letter. Than in red the message is shown: size must be between 8 and 2147483647, which is correct

Solution for empty screen:
Solution for the empty screen is to return to the form with the information the user supplied when he/she pushed "Save". This is the same behavior as in the other create and update methods of Spring Roo / gvNIX.

@RequestMapping(method = RequestMethod.POST, produces = "text/html")
public String create(@Valid UserRegistrationForm userRegistration, BindingResult result, Model model, HttpServletRequest request) {
    validator.validate(userRegistration, result);
    if (result.hasErrors()) {
            model.addAttribute("User", userRegistration);  // Added: the original info
        return "signup/index";
        //return createForm(model);  // original, commented out.
    } else {

This solves the problem of empty screen, the user sees his/her suppplied info.
However, still the feedback in red of the binding result I do not get to see.

How can I make that visible?

[francji93]

This issue has already been solved on Stackoverflow: http://stackoverflow.com/questions/34565674/gvnix-typical-security-no-feedback-in-signup-form-ui-of-binding-errors/34653821#34653821

Best regards.