protected void validate(HttpServletRequest request, HttpServletResponse response, Form form) {
    super.validate(request, response, form);

    Field confirmPasswordField = form.getField("confirmPassword");

    if (confirmPasswordField != null && confirmPasswordField.isEnabled()) {
      // ensure passwords match:
      String password = form.getFieldValue("password");
      String confirmPassword = form.getFieldValue("confirmPassword");

      if (!password.equals(confirmPassword) && confirmPasswordField.isRequired()) {
        String key = "stormpath.web.register.form.errors.passwordMismatch";
        String msg = i18n(request, key);
        throw new MismatchedPasswordException(msg);
      }
    }
  }
  private Map<String, Object> getCustomData(HttpServletRequest request, Form form) {
    // Custom fields are either declared as form fields which shouldn't not be account fields or
    // through a customField attribute
    Map<String, Object> result = new LinkedHashMap<String, Object>();

    for (Field field : form.getFields()) {
      // Field is not part of the default account properties then is a custom field
      if (!field.getName().equals(getCsrfTokenManager().getTokenName())
          && !ACCOUNT_PROPERTIES.contains(field.getName())) {
        result.put(field.getName(), field.getValue());
      }
    }

    Object customData = getFieldValueResolver().getAllFields(request).get("customData");
    if (customData instanceof Map) {
      //noinspection unchecked
      result.putAll((Map<? extends String, ?>) customData);
    } // If not a map ignore, the spec doesn't cover this case

    return result;
  }