Spring MVC Password Example

With this tutorial we shall create and explain a simple way to add password fields in Spring MVC forms. Spring MVC form tag library, provides support for all known HTML tags. Among the most important ones is the form:password tag, that is very useful in submitting forms.

This example contains a simple class, which is the MVC model and has two password properties, the password and the password confirmation field. There is also a validator for the fields, which will be used to check if the two values set as password are the same. There is finally a simple view that contains a form with the password fields.

You may skip project creation and jump directly to the beginning of the example below.

Our preferred development environment is Eclipse. We are using Eclipse Juno (4.2) version, along with Maven Integration plugin version 3.1.0. You can download Eclipse from here and Maven Plugin for Eclipse from here. The installation of Maven plugin for Eclipse is out of the scope of this tutorial and will not be discussed. We are also using JDK 7_u_21. Tomcat 7 is the application server used.

Let’s begin,

1. Create a new Maven project

Go to File -> Project ->Maven -> Maven Project.

New Maven Project
New Maven Project – step 1

In the “Select project name and location” page of the wizard, make sure that “Create a simple project (skip archetype selection)” option is unchecked, hit “Next” to continue with default values.

New Maven project
New Maven project- step 2

Here the maven archetype for creating a web application must be added. Click on “Add Archetype” and add the archetype. Set the “Archetype Group Id” variable to "org.apache.maven.archetypes", the “Archetype artifact Id” variable to "maven-archetype-webapp" and the “Archetype Version” to "1.0". Click on “OK” to continue.

Add Maven archetype

In the “Enter an artifact id” page of the wizard, you can define the name and main package of your project. Set the “Group Id” variable to "com.javacodegeeks.snippets.enterprise" and the “Artifact Id” variable to "springexample". The aforementioned selections compose the main project package as "com.javacodegeeks.snippets.enterprise.springexample" and the project name as "springexample". Set the “Package” variable to "war", so that a war file will be created to be deployed to tomcat server. Hit “Finish” to exit the wizard and to create your project.

Configure Maven project
Configure Maven project

The Maven project structure is shown below:

New project structure
New project structure
    It consists of the following folders:
  • /src/main/java folder, that contains source files for the dynamic content of the application,
  • /src/test/java folder contains all source files for unit tests,
  • /src/main/resources folder contains configurations files,
  • /target folder contains the compiled and packaged deliverables,
  • /src/main/resources/webapp/WEB-INF folder contains the deployment descriptors for the Web application ,
  • the pom.xml is the project object model (POM) file. The single file that contains all project related configuration.

2. Add Spring-MVC dependencies

Add the dependencies in Maven’s pom.xml file, by editing it at the “Pom.xml” page of the POM editor. The dependency needed for MVC is the spring-webmvc package. The javax.validation and the hibernate-validator packages will be also used here for validation:


<project xmlns="" xmlns:xsi=""
	<name>springexample Maven Webapp</name>




3. Create the model is a simple Java class, that has two String properties, the password and the passwordConf. These two properties will be used as the password and the confirm password fields in the form that will be created. The fields have getters and setters, so that they are accessible from the view.

package com.javacodegeeks.snippets.enterprise.password.model;

public class Password {
		private String password;
		private String passwordConf;
		public String getPassword() {
			return password;

		public void setPassword(String password) {
			this.password = password;

		public String getPasswordConf() {
			return passwordConf;

		public void setPasswordConf(String passwordConf) {
			this.passwordConf = passwordConf;


4. Create a Validator

The most important thing when typing a new password is to confirm the new password. A validator class must be created to check that the two passwords types are the same. In order to create a validator class, we are making use of the API provided by Spring MVC. below implements the org.springframework.validation.Validator, and overrides the two methods it provides.

The boolean supports(Class<?> paramClass) method is used to check if the validator can validate instances of the paramClass.

In the validate(Object obj, Errors errors) method, an instance of the class is provided, and an Errors object. The org.springframework.validation.ValidationUtils is used here, since it offers validation API methods to check the fields of the object. So in this method we can check if the password fields are empty, and if they are equal. All error messages are passed in the error object. A properties file with error messages is used here to pass various validation messages to the errors object as shown below:

package com.javacodegeeks.snippets.enterprise.password.validator;

import org.springframework.validation.Errors;
import org.springframework.validation.ValidationUtils;
import org.springframework.validation.Validator;

import com.javacodegeeks.snippets.enterprise.password.model.Password;

public class PasswordValidator implements Validator {

	public boolean supports(Class<?> paramClass) {
		return Password.class.equals(paramClass);

	public void validate(Object obj, Errors errors) {
		ValidationUtils.rejectIfEmptyOrWhitespace(errors, "password", "valid.password");
		ValidationUtils.rejectIfEmptyOrWhitespace(errors, "passwordConf", "valid.passwordConf");
		Password password = (Password) obj;
		if (!password.getPassword().equals(password.getPasswordConf())) {
			errors.rejectValue("passwordConf", "valid.passwordConfDiff");

The file below is the file that contains all the error messages, each one corresponding to one field of class.

valid.password=Please select a password
valid.passwordConf=Please confirm your password
valid.passwordConfDiff=Your password is different

5. Create the Controller

The Controller is where the DispatcherServlet will delegate requests. The @Controller annotation indicates that the class serves the role of a Controller. The @RequestMapping annotation is used to map a URL to either an entire class or a particular handler method.

A org.springframework.validation.Validator is injected here, via the @Autowired annotation, also making use of the @Qualifier annotation to specify that the implementation of the org.springframework.validation.Validator class is injected.

The @InitBinder annotation in initBinder(WebDataBinder binder) method allows us to configure web data binding directly within the controller. With @InitBinder we can inaitialize the WebDataBinder, that is used for data binding from web request parameters to JavaBean objects. Here, the WebDataBinder is where the validator is set.

The Controller consists of two basic methods, a GET method, which is String initForm(Model model) and a POST method, which is String submitForm(Model model, @Validated Password password, BindingResult result). The first method creates and returns to the "password" view a new instance of the Password .java class. The second method also gets the Model, and the Password object created, which now consists of the values passed in the form. Password is annotated with the @Validated annotation, which allows the password object to be validated with the validator. BindingResult is where all validation errors are automatically passed, so it can be used to decide the next navigation step. If there are no errors, the validation is successful, so the method returns the String representation of the successPwd.jsp page, and the password object is passed at the Model. Otherwise, the returned String is the String representation of the password.jsp page, which also has the error messages, as will be shown below.


package com.javacodegeeks.snippets.enterprise.password;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.validation.BindingResult;
import org.springframework.validation.Validator;
import org.springframework.validation.annotation.Validated;
import org.springframework.web.bind.WebDataBinder;
import org.springframework.web.bind.annotation.InitBinder;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;

import com.javacodegeeks.snippets.enterprise.password.model.Password;

public class PasswordController {

    private Validator validator;
    private void initBinder(WebDataBinder binder) {
	@RequestMapping(method = RequestMethod.GET)
	public String initForm(Model model){
		Password password = new Password();
		model.addAttribute("password", password);
		return "password";
	@RequestMapping(method = RequestMethod.POST)
	public String submitForm(
		Model model, @Validated Password password, BindingResult result) {
		String returnVal = "successPwd";
		if(result.hasErrors()) {
			returnVal = "password";
		} else {
			model.addAttribute("password", password);
		return returnVal;


6. Create the view with the password field

The view below is a simple example of how to create a password validation field. It is a simple html view consisting of the head and body html tags. In order to create a form in Spring MVC, we make use of the form:form tag. Its method property is set to POST, and the commandName property is set to the name of the backing bean that is binded to the Model, which is the class.

The form:password tag is used to create the password field, with its path property set to the field binded to it. The form:errors tag defines where the error message of the specified field will be displayed in the view. Finally, the input tag, with type property set to submit is used for the submit button.


<%@ taglib prefix="form" uri=""%>
<title>Spring MVC password</title>

	<h2>Let's check on Spring MVC password!</h2>

	<form:form method="POST" commandName="password">
				<td>Enter a password:</td>
				<td><form:password path="password"  showPassword="true"/></td>
				<td><form:errors path="password" cssStyle="color: #ff0000;"/></td>
				<td>Confirm your password:</td>
				<td><form:password path="passwordConf" showPassword="true"/></td>
				<td><form:errors path="passwordConf" cssStyle="color: #ff0000;"/></td>
				<td><input type="submit" name="submit" value="Submit"></td>


Below is the page that will be rendered when the password validation succeeds:


<%@ page language=>java> contentType=>text/html; charset=ISO-8859-1>
<!DOCTYPE html PUBLIC >-//W3C//DTD HTML 4.01 Transitional//EN> >>>
<title>Spring MVC password</title>

	<h2>Validation of password is successful!</h2>

	<h2>Your password is : ${password.password}</h2>


7. Configure the application

The files that we must configure in the application are the web.xml file and the mvc-dispatcher-servlet.xml file.

The web.xml file is the file that defines everything about the application that a server needs to know. It is placed in the /WEB-INF/ directory of the application. The <servlet> element declares the DispatcherServlet. When the DispatcherServlet is initialized, the framework will try to load the application context from a file named [servlet-name]-servlet.xml located in /WEB-INF/ directory. So, we have created the mvc-dispatcher-servlet.xml file, that will be explained below. The <servlet-mapping> element of web.xml file specifies what URLs will be handled by the DispatcherServlet.


<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="" xmlns="" xmlns:web="" xsi:schemaLocation="" id="WebApp_ID" version="3.0"> <display-name>Archetype Created Web Application</display-name>

The mvc-dispatcher-servlet.xml file is also placed in WebContent/WEB-INF directory. The org.springframework.web.servlet.view.InternalResourceViewResolver bean is used as internal resource views resolver, meaning that it will find the jsp and html files in the WebContent/WEB-INF/ folder. We can also set properties such as prefix or suffix to the view name to generate the final view page URL. This is the file where all beans created, such as Controllers are placed and defined.

The <context:component-scan> tag is used, so that the Spring container will search for all annotated classes under the com.javacodegeeks.snippets.enterprise package. The <mvc:annotation-driven> tag is used, so that the container searches for annotated classes, to resolve MVC. The class is also defined here as a bean, with an id.

Finally, the ResourceBundleMessageSource is used, to provide access to resource bundles using specified basenames. Its basename property is set to validation, thus pointing to the properties file that holds the validation messages.


<beans xmlns="" 	xmlns:context="" xmlns:mvc="" xmlns:xsi="" xsi:schemaLocation="">

  <context:component-scan base-package="com.javacodegeeks.snippets.enterprise" />
  <mvc:annotation-driven />

	<bean id="messageSource"
		<property name="basename" value="validation" />
<bean id="passwordValidator" class="com.javacodegeeks.snippets.enterprise.password.validator.PasswordValidator" />
		<property name="prefix">
		<property name="suffix">


8. Run the application

Now, let’s run the application. We first build the project with Maven. All we have to do is right click on the project and select -> Run As: Maven build. The goal must be set to package. The .war file produced must be placed in webapps folder of tomcat. Then, we can start the server.

Hit on:


And click on the Submit button. The result is the one below:

Password fields empty
Password fields empty

As you can see, the validator validates the null values on both fields, and the error messages are displayed in the page.

Then, type a value on both fields, but set a different value to the confirm password field, and click on the Submit button again:

Password fields different values
Password fields different values

As a result, the validation error occurs again, since the password is different from the passwordConf.

Now, type the same password value on both fields and click on Submit:

Password successful validation
Password successful validation

Both fields are validated now, and the successPwd page is rendered.

This was an example of a Password in Spring MVC.
Download the eclipse project of this tutorial: SpringMVCPassword

Want to know how to develop your skillset to become a Java Rockstar?

Join our newsletter to start rocking!

To get you started we give you our best selling eBooks for FREE!


1. JPA Mini Book

2. JVM Troubleshooting Guide

3. JUnit Tutorial for Unit Testing

4. Java Annotations Tutorial

5. Java Interview Questions

6. Spring Interview Questions

7. Android UI Design


and many more ....


Receive Java & Developer job alerts in your Area

I have read and agree to the terms & conditions


Theodora Fragkouli

Theodora has graduated from Computer Engineering and Informatics Department in the University of Patras. She also holds a Master degree in Economics from the National and Technical University of Athens. During her studies she has been involved with a large number of projects ranging from programming and software engineering to telecommunications, hardware design and analysis. She works as a junior Software Engineer in the telecommunications sector where she is mainly involved with projects based on Java and Big Data technologies.
Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Inline Feedbacks
View all comments
Back to top button