You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-dev@portals.apache.org by ta...@apache.org on 2007/12/04 19:46:40 UTC

svn commit: r601034 - in /portals/jetspeed-2/trunk: components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/ jetspeed-portal-resources/src/main/resources/webapp/WEB-INF/assembly/

Author: taylor
Date: Tue Dec  4 10:46:39 2007
New Revision: 601034

URL: http://svn.apache.org/viewvc?rev=601034&view=rev
Log:
https://issues.apache.org/jira/browse/JS2-805
Credential pattern regex enforcement example:
Must be at least 6 characters
Must contain at least one one lower case letter, one upper case letter, one digit and one special character
Valid special characters are @#$%^&+=

Default turned off as before

Modified:
    portals/jetspeed-2/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/DefaultCredentialPasswordValidator.java
    portals/jetspeed-2/trunk/jetspeed-portal-resources/src/main/resources/webapp/WEB-INF/assembly/security-spi-atn.xml

Modified: portals/jetspeed-2/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/DefaultCredentialPasswordValidator.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/DefaultCredentialPasswordValidator.java?rev=601034&r1=601033&r2=601034&view=diff
==============================================================================
--- portals/jetspeed-2/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/DefaultCredentialPasswordValidator.java (original)
+++ portals/jetspeed-2/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/DefaultCredentialPasswordValidator.java Tue Dec  4 10:46:39 2007
@@ -16,6 +16,9 @@
 */
 package org.apache.jetspeed.security.spi.impl;
 
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
 import org.apache.jetspeed.security.InvalidPasswordException;
 import org.apache.jetspeed.security.SecurityException;
 import org.apache.jetspeed.security.spi.CredentialPasswordValidator;
@@ -30,16 +33,43 @@
  */
 public class DefaultCredentialPasswordValidator implements CredentialPasswordValidator
 {
+    private String passwordPattern;
+    private boolean strictPassword = false;
+    /* Example:
+        * Must be at least 6 characters
+        * Must contain at least one one lower case letter, one upper case letter, one digit and one special character
+        * Valid special characters are @#$%^&+=
+     */
+    private final static String defaultPasswordPattern = "[^.*(?=.{6,})(?=.*\\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[@#$%^&+=]).*$]";
+    
+    public DefaultCredentialPasswordValidator(String passwordPattern)
+    {
+        this.passwordPattern = passwordPattern;
+        this.strictPassword = true;
+    }
     public DefaultCredentialPasswordValidator()
     {
+        strictPassword = false;
     }
-
+    
     /**
      * @see org.apache.jetspeed.security.spi.CredentialPasswordValidator#validate(java.lang.String)
      */
     public void validate(String clearTextPassword) throws SecurityException
     {
+       if (strictPassword)
+       {
+           Pattern p = Pattern.compile(passwordPattern);
+           //Match the given string with the pattern
+           Matcher m = p.matcher(clearTextPassword);
+           if(!m.matches())
+               throw new InvalidPasswordException();
+       }
+       else
+       {
         if ( clearTextPassword == null || clearTextPassword.length() == 0)
-            throw new InvalidPasswordException();
+             throw new InvalidPasswordException();
+       }
+ 
     }
 }

Modified: portals/jetspeed-2/trunk/jetspeed-portal-resources/src/main/resources/webapp/WEB-INF/assembly/security-spi-atn.xml
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/jetspeed-portal-resources/src/main/resources/webapp/WEB-INF/assembly/security-spi-atn.xml?rev=601034&r1=601033&r2=601034&view=diff
==============================================================================
--- portals/jetspeed-2/trunk/jetspeed-portal-resources/src/main/resources/webapp/WEB-INF/assembly/security-spi-atn.xml (original)
+++ portals/jetspeed-2/trunk/jetspeed-portal-resources/src/main/resources/webapp/WEB-INF/assembly/security-spi-atn.xml Tue Dec  4 10:46:39 2007
@@ -23,6 +23,12 @@
   <!-- require a non-empty password -->
   <bean id="org.apache.jetspeed.security.spi.CredentialPasswordValidator" 
        class="org.apache.jetspeed.security.spi.impl.DefaultCredentialPasswordValidator"/>
+   <!-- UNCOMMENT TO TURN ON Regex-based password validation. The pattern below gives:
+        * Must be at least 6 characters
+        * Must contain at least one one lower case letter, one upper case letter, one digit and one special character
+        * Valid special characters are @#$%^&+=
+		<constructor-arg index="1"><value><![CDATA[^.*(?=.{6,})(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[@#$%^&+=]).*$]]></value></constructor-arg>       
+    -->       
 
   <!-- MessageDigest encode passwords using SHA-1 -->
   <bean id="org.apache.jetspeed.security.spi.CredentialPasswordEncoder" 



---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org