DefaultCredentialPasswordValidator xref

View Javadoc

1   /* 
2    * Licensed to the Apache Software Foundation (ASF) under one or more
3    * contributor license agreements.  See the NOTICE file distributed with
4    * this work for additional information regarding copyright ownership.
5    * The ASF licenses this file to You under the Apache License, Version 2.0
6    * (the "License"); you may not use this file except in compliance with
7    * the License.  You may obtain a copy of the License at
8   *
9   *     http://www.apache.org/licenses/LICENSE-2.0
10  *
11  * Unless required by applicable law or agreed to in writing, software
12  * distributed under the License is distributed on an "AS IS" BASIS,
13  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  * See the License for the specific language governing permissions and
15  * limitations under the License.
16  */
17  package org.apache.jetspeed.security.spi.impl;
18  
19  import java.util.regex.Matcher;
20  import java.util.regex.Pattern;
21  
22  import org.apache.jetspeed.security.InvalidPasswordException;
23  import org.apache.jetspeed.security.SecurityException;
24  import org.apache.jetspeed.security.spi.CredentialPasswordValidator;
25  
26  /***
27   * <p>
28   * DefaultCredentialPasswordValidator
29   * </p>
30   * 
31   * @author <a href="mailto:ate@apache.org">Ate Douma</a>
32   * @version $Id: DefaultCredentialPasswordValidator.java 601032 2007-12-04 18:45:55Z taylor $
33   */
34  public class DefaultCredentialPasswordValidator implements CredentialPasswordValidator
35  {
36      private String passwordPattern;
37      private boolean strictPassword = false;
38      /* Example:
39       * Must be at least 6 characters
40       * Must contain at least one one lower case letter, one upper case letter, one digit and one special character
41       * Valid special characters are @#$%^&+=
42        */    
43      private final static String defaultPasswordPattern = "[^.*(?=.{6,})(?=.*//d)(?=.*[a-z])(?=.*[A-Z])(?=.*[@#$%^&+=]).*$]";
44      
45      public DefaultCredentialPasswordValidator(String passwordPattern)
46      {
47      	this.passwordPattern = passwordPattern;
48          this.strictPassword = true;
49      }
50      public DefaultCredentialPasswordValidator()
51      {
52          strictPassword = false;
53      }
54      
55      /***
56       * @see org.apache.jetspeed.security.spi.CredentialPasswordValidator#validate(java.lang.String)
57       */
58      public void validate(String clearTextPassword) throws SecurityException
59      {
60         if (strictPassword)
61         {
62             Pattern p = Pattern.compile(passwordPattern);
63             //Match the given string with the pattern
64             Matcher m = p.matcher(clearTextPassword);
65             if(!m.matches())
66                 throw new InvalidPasswordException();
67         }
68         else
69         {
70          if ( clearTextPassword == null || clearTextPassword.length() == 0)
71               throw new InvalidPasswordException();
72         }
73   
74      }
75  }