SpringBoot/MVC & Thymleaf form validation on POST with URL parameters

Question

I have a form and validation works. The problem comes in when a url parameter was added. The url parameter is a token and is required. So this is what my controller looks like:

@RequestMapping(value = "/resetpassword", method = RequestMethod.GET)
public String showResetForm(ResetPassword resetPassword, Model model,
        @RequestParam(value = "token", required = true) String token,
        @RequestParam(value = "msg", required = false) String msg){     

        model.addAttribute("token", token);

    return "resetpassword";
}

@RequestMapping(value = "/resetpassword", method = RequestMethod.POST)
public String setPwd(@ModelAttribute("resetPassword") @Valid ResetPassword resetPassword,// RedirectAttributes reDirectAttr,
                     BindingResult bindingResult, Model model,
                     @RequestParam(value = "token", required = true) String token,
                     @RequestParam(value = "msg", required = false) String msg){

    if (bindingResult.hasErrors()) {
            //reDirectAttr.addFlashAttribute("org.springframework.validation.BindingResult.resetPassword",bindingResult);
            //reDirectAttr.addFlashAttribute("resetPassword",resetPassword);            
        return "resetpassword?token="+token;
    } 
    else {          
        if (token == null) {
            // TODO: no token, what to do here??
            return "redirect:/resetpassword?token=\"\"&msg=notoken";
        }
        ResetPasswordResponseDto response = super.resetUserPassword(
                resetPassword.getUname(), resetPassword.getPassword(),
                token);
        if (response.getPasswordResetResult() == PasswordResetResult.SUCCESSFUL) {
            // TODO: it worked, what now?
            return "redirect:/login";
        } else if (response.getPasswordResetResult() == PasswordResetResult.INVALID_TOKEN) {
            // TODO: bad token
            return "redirect:/resetpassword?token="+token+"&msg=badtoken";
        } else if (response.getPasswordResetResult() == PasswordResetResult.OUT_OF_POLICY_PW) {
            // TODO: out of policy pw
            return "redirect:/resetpassword?token="+token+"&msg=outofpolicy";
        } else if (response.getPasswordResetResult() == PasswordResetResult.LDAP_FAILURE) {
            // TODO: other failure
            return "redirect:/resetpassword?token="+token+"&msg=error";
        }
    }
    return "redirect:/resetpassword?token="+token+"&msg=error";
    //return new RedirectView("resetpassword?token=\"\"&msg=notoken");
}

So I tried a bunch of things but nothing seems to work. Here is what I would like to happen when the view is requested /resetpassword?token=1232453 the view is displayed. Then if the form has errors the url parameter persists in the url and the form displays the errors. Right now I get an error saying that the template cannot be resolved. Ok fair enough, so I tried doing a redirect instead

return "redirect:/resetpassword?token="+token;

and that seems to work, however the URL parameter is lost and the view loses the bindingResult errors. In the code, I posted I also tried FlashAttributes but I just get an error "Validation failed for object='resetPassword'. Error count: 4" which is correct but I need it to show the form and the errors I coded with Thymeleaf. Any help or suggestions would be great!

Resources I have looked at: Spring - Redirect after POST (even with validation errors) & SpringMVC controller: how to stay on page if form validation error occurs

Answer 1

Have you tried returning a ModelAndView instead of just the redirect string? Attributes on the model will be available as URL query parameters.

ModelAndView redirect = new ModelAndView("redirect:/resetpassword");
redirect.addObject("token", token);
redirect.addObject("msg", "error");
return redirect;