public class UserRegistrationForm { private String username; private String password; private String email; } @Target({ElementType.FIELD}) @Retention(RetentionPolicy.RUNTIME) @Constraint(validatedBy = PasswordValidator.class) public @interface Password { Class<?>[] groups() default {}; Class<? extends Payload>[] payload() default {}; } public class PasswordValidator implements ConstraintValidator<Password, String> { @Override public boolean isValid(String value, ConstraintValidatorContext context) { return value.matches("^(?=.*[a-zA-Z])(?=.*\\d).+$"); } } public class UserRegistrationForm { // ... @Password private String password; // ... } @RestControllerAdvice public class GlobalExceptionHandler { @ExceptionHandler(ConstraintViolationException.class) public ResponseEntity<Object> handleConstraintViolation( ConstraintViolationException ex, WebRequest request) { List<String> errors = ex.getConstraintViolations().stream() .map(v -> v.getPropertyPath() + ": " + v.getMessage()) .collect(Collectors.toList()); return new ResponseEntity<>(errorDto, HttpStatus.BAD_REQUEST); } }