When you do not set an action command for a component, the text in it will be an action command. That is why you get a password.
Even for JTextField also
JTextField jt=new JTextField("text"); jt.addActionListener(new ActionListener(){ public void actionPerformed(ActionEvent ae) { System.out.println(ae.getActionCommand()); } });
This is a security issue because you get the password as a String, which is immutable, not char[]
Whenever an explicit action command is not specified, the text in the component will be sent to the ActionEvent constructor, although you did not specifically specify it as an action command. The command parameter may be null , though, but null not recommended, so the text in the component is the default action command. If there is no password in JPasswordField , an empty string will be an action command.
Do not try to set the action command to null , if it is null , then the text in JPasswordField will be the action command. The problem arises again.
Therefore, I would recommend that you install some action command for JPasswordField without leaving it like that until Oracle fixes it.
JPasswordField jt=new JPasswordField("text"); jt.setActionCommand(""); jt.addActionListener(new ActionListener(){ public void actionPerformed(ActionEvent ae) { System.out.println(ae.getActionCommand()); } });