You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-dev@portals.apache.org by ta...@apache.org on 2007/12/04 19:45:57 UTC
svn commit: r601032 - in /portals/jetspeed-2/branches/JETSPEED-2.1.3:
components/security/src/java/org/apache/jetspeed/security/spi/impl/DefaultCredentialPasswordValidator.java
src/webapp/WEB-INF/assembly/security-spi-atn.xml
Author: taylor
Date: Tue Dec 4 10:45:55 2007
New Revision: 601032
URL: http://svn.apache.org/viewvc?rev=601032&view=rev
Log:
https://issues.apache.org/jira/browse/JS2-805
Credential pattern regex enforcement example:
Must be at least 6 characters
Must contain at least one one lower case letter, one upper case letter, one digit and one special character
Valid special characters are @#$%^&+=
Default turned off as before
Modified:
portals/jetspeed-2/branches/JETSPEED-2.1.3/components/security/src/java/org/apache/jetspeed/security/spi/impl/DefaultCredentialPasswordValidator.java
portals/jetspeed-2/branches/JETSPEED-2.1.3/src/webapp/WEB-INF/assembly/security-spi-atn.xml
Modified: portals/jetspeed-2/branches/JETSPEED-2.1.3/components/security/src/java/org/apache/jetspeed/security/spi/impl/DefaultCredentialPasswordValidator.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/branches/JETSPEED-2.1.3/components/security/src/java/org/apache/jetspeed/security/spi/impl/DefaultCredentialPasswordValidator.java?rev=601032&r1=601031&r2=601032&view=diff
==============================================================================
--- portals/jetspeed-2/branches/JETSPEED-2.1.3/components/security/src/java/org/apache/jetspeed/security/spi/impl/DefaultCredentialPasswordValidator.java (original)
+++ portals/jetspeed-2/branches/JETSPEED-2.1.3/components/security/src/java/org/apache/jetspeed/security/spi/impl/DefaultCredentialPasswordValidator.java Tue Dec 4 10:45:55 2007
@@ -16,6 +16,9 @@
*/
package org.apache.jetspeed.security.spi.impl;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
import org.apache.jetspeed.security.InvalidPasswordException;
import org.apache.jetspeed.security.SecurityException;
import org.apache.jetspeed.security.spi.CredentialPasswordValidator;
@@ -30,16 +33,43 @@
*/
public class DefaultCredentialPasswordValidator implements CredentialPasswordValidator
{
+ private String passwordPattern;
+ private boolean strictPassword = false;
+ /* Example:
+ * Must be at least 6 characters
+ * Must contain at least one one lower case letter, one upper case letter, one digit and one special character
+ * Valid special characters are @#$%^&+=
+ */
+ private final static String defaultPasswordPattern = "[^.*(?=.{6,})(?=.*\\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[@#$%^&+=]).*$]";
+
+ public DefaultCredentialPasswordValidator(String passwordPattern)
+ {
+ this.passwordPattern = passwordPattern;
+ this.strictPassword = true;
+ }
public DefaultCredentialPasswordValidator()
{
+ strictPassword = false;
}
-
+
/**
* @see org.apache.jetspeed.security.spi.CredentialPasswordValidator#validate(java.lang.String)
*/
public void validate(String clearTextPassword) throws SecurityException
{
+ if (strictPassword)
+ {
+ Pattern p = Pattern.compile(passwordPattern);
+ //Match the given string with the pattern
+ Matcher m = p.matcher(clearTextPassword);
+ if(!m.matches())
+ throw new InvalidPasswordException();
+ }
+ else
+ {
if ( clearTextPassword == null || clearTextPassword.length() == 0)
- throw new InvalidPasswordException();
+ throw new InvalidPasswordException();
+ }
+
}
}
Modified: portals/jetspeed-2/branches/JETSPEED-2.1.3/src/webapp/WEB-INF/assembly/security-spi-atn.xml
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/branches/JETSPEED-2.1.3/src/webapp/WEB-INF/assembly/security-spi-atn.xml?rev=601032&r1=601031&r2=601032&view=diff
==============================================================================
--- portals/jetspeed-2/branches/JETSPEED-2.1.3/src/webapp/WEB-INF/assembly/security-spi-atn.xml (original)
+++ portals/jetspeed-2/branches/JETSPEED-2.1.3/src/webapp/WEB-INF/assembly/security-spi-atn.xml Tue Dec 4 10:45:55 2007
@@ -23,7 +23,12 @@
<!-- require a non-empty password -->
<bean id="org.apache.jetspeed.security.spi.CredentialPasswordValidator"
class="org.apache.jetspeed.security.spi.impl.DefaultCredentialPasswordValidator"/>
-
+ <!-- UNCOMMENT TO TURN ON Regex-based password validation. The pattern below gives:
+ * Must be at least 6 characters
+ * Must contain at least one one lower case letter, one upper case letter, one digit and one special character
+ * Valid special characters are @#$%^&+=
+ <constructor-arg index="1"><value><![CDATA[^.*(?=.{6,})(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[@#$%^&+=]).*$]]></value></constructor-arg>
+ -->
<!-- MessageDigest encode passwords using SHA-1 -->
<bean id="org.apache.jetspeed.security.spi.CredentialPasswordEncoder"
class="org.apache.jetspeed.security.spi.impl.MessageDigestCredentialPasswordEncoder">
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org