You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-dev@portals.apache.org by ta...@apache.org on 2007/12/04 19:45:57 UTC

svn commit: r601032 - in /portals/jetspeed-2/branches/JETSPEED-2.1.3: components/security/src/java/org/apache/jetspeed/security/spi/impl/DefaultCredentialPasswordValidator.java src/webapp/WEB-INF/assembly/security-spi-atn.xml

Author: taylor
Date: Tue Dec  4 10:45:55 2007
New Revision: 601032

URL: http://svn.apache.org/viewvc?rev=601032&view=rev
Log:
https://issues.apache.org/jira/browse/JS2-805
Credential pattern regex enforcement example:
Must be at least 6 characters
Must contain at least one one lower case letter, one upper case letter, one digit and one special character
Valid special characters are @#$%^&+=

Default turned off as before

Modified:
    portals/jetspeed-2/branches/JETSPEED-2.1.3/components/security/src/java/org/apache/jetspeed/security/spi/impl/DefaultCredentialPasswordValidator.java
    portals/jetspeed-2/branches/JETSPEED-2.1.3/src/webapp/WEB-INF/assembly/security-spi-atn.xml

Modified: portals/jetspeed-2/branches/JETSPEED-2.1.3/components/security/src/java/org/apache/jetspeed/security/spi/impl/DefaultCredentialPasswordValidator.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/branches/JETSPEED-2.1.3/components/security/src/java/org/apache/jetspeed/security/spi/impl/DefaultCredentialPasswordValidator.java?rev=601032&r1=601031&r2=601032&view=diff
==============================================================================
--- portals/jetspeed-2/branches/JETSPEED-2.1.3/components/security/src/java/org/apache/jetspeed/security/spi/impl/DefaultCredentialPasswordValidator.java (original)
+++ portals/jetspeed-2/branches/JETSPEED-2.1.3/components/security/src/java/org/apache/jetspeed/security/spi/impl/DefaultCredentialPasswordValidator.java Tue Dec  4 10:45:55 2007
@@ -16,6 +16,9 @@
 */
 package org.apache.jetspeed.security.spi.impl;
 
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
 import org.apache.jetspeed.security.InvalidPasswordException;
 import org.apache.jetspeed.security.SecurityException;
 import org.apache.jetspeed.security.spi.CredentialPasswordValidator;
@@ -30,16 +33,43 @@
  */
 public class DefaultCredentialPasswordValidator implements CredentialPasswordValidator
 {
+    private String passwordPattern;
+    private boolean strictPassword = false;
+    /* Example:
+     * Must be at least 6 characters
+     * Must contain at least one one lower case letter, one upper case letter, one digit and one special character
+     * Valid special characters are @#$%^&+=
+      */    
+    private final static String defaultPasswordPattern = "[^.*(?=.{6,})(?=.*\\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[@#$%^&+=]).*$]";
+    
+    public DefaultCredentialPasswordValidator(String passwordPattern)
+    {
+    	this.passwordPattern = passwordPattern;
+        this.strictPassword = true;
+    }
     public DefaultCredentialPasswordValidator()
     {
+        strictPassword = false;
     }
-
+    
     /**
      * @see org.apache.jetspeed.security.spi.CredentialPasswordValidator#validate(java.lang.String)
      */
     public void validate(String clearTextPassword) throws SecurityException
     {
+       if (strictPassword)
+       {
+           Pattern p = Pattern.compile(passwordPattern);
+           //Match the given string with the pattern
+           Matcher m = p.matcher(clearTextPassword);
+           if(!m.matches())
+               throw new InvalidPasswordException();
+       }
+       else
+       {
         if ( clearTextPassword == null || clearTextPassword.length() == 0)
-            throw new InvalidPasswordException();
+             throw new InvalidPasswordException();
+       }
+ 
     }
 }

Modified: portals/jetspeed-2/branches/JETSPEED-2.1.3/src/webapp/WEB-INF/assembly/security-spi-atn.xml
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/branches/JETSPEED-2.1.3/src/webapp/WEB-INF/assembly/security-spi-atn.xml?rev=601032&r1=601031&r2=601032&view=diff
==============================================================================
--- portals/jetspeed-2/branches/JETSPEED-2.1.3/src/webapp/WEB-INF/assembly/security-spi-atn.xml (original)
+++ portals/jetspeed-2/branches/JETSPEED-2.1.3/src/webapp/WEB-INF/assembly/security-spi-atn.xml Tue Dec  4 10:45:55 2007
@@ -23,7 +23,12 @@
   <!-- require a non-empty password -->
   <bean id="org.apache.jetspeed.security.spi.CredentialPasswordValidator" 
        class="org.apache.jetspeed.security.spi.impl.DefaultCredentialPasswordValidator"/>
-
+   <!-- UNCOMMENT TO TURN ON Regex-based password validation. The pattern below gives:
+        * Must be at least 6 characters
+        * Must contain at least one one lower case letter, one upper case letter, one digit and one special character
+        * Valid special characters are @#$%^&+=
+		<constructor-arg index="1"><value><![CDATA[^.*(?=.{6,})(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[@#$%^&+=]).*$]]></value></constructor-arg>       
+    -->       
   <!-- MessageDigest encode passwords using SHA-1 -->
   <bean id="org.apache.jetspeed.security.spi.CredentialPasswordEncoder" 
        class="org.apache.jetspeed.security.spi.impl.MessageDigestCredentialPasswordEncoder">



---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org