portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From tay...@apache.org
Subject svn commit: r601034 - in /portals/jetspeed-2/trunk: components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/ jetspeed-portal-resources/src/main/resources/webapp/WEB-INF/assembly/
Date Tue, 04 Dec 2007 18:46:40 GMT
Author: taylor
Date: Tue Dec  4 10:46:39 2007
New Revision: 601034

URL: http://svn.apache.org/viewvc?rev=601034&view=rev
Log:
https://issues.apache.org/jira/browse/JS2-805
Credential pattern regex enforcement example:
Must be at least 6 characters
Must contain at least one one lower case letter, one upper case letter, one digit and one
special character
Valid special characters are @#$%^&+=

Default turned off as before

Modified:
    portals/jetspeed-2/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/DefaultCredentialPasswordValidator.java
    portals/jetspeed-2/trunk/jetspeed-portal-resources/src/main/resources/webapp/WEB-INF/assembly/security-spi-atn.xml

Modified: portals/jetspeed-2/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/DefaultCredentialPasswordValidator.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/DefaultCredentialPasswordValidator.java?rev=601034&r1=601033&r2=601034&view=diff
==============================================================================
--- portals/jetspeed-2/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/DefaultCredentialPasswordValidator.java
(original)
+++ portals/jetspeed-2/trunk/components/jetspeed-security/src/main/java/org/apache/jetspeed/security/spi/impl/DefaultCredentialPasswordValidator.java
Tue Dec  4 10:46:39 2007
@@ -16,6 +16,9 @@
 */
 package org.apache.jetspeed.security.spi.impl;
 
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
 import org.apache.jetspeed.security.InvalidPasswordException;
 import org.apache.jetspeed.security.SecurityException;
 import org.apache.jetspeed.security.spi.CredentialPasswordValidator;
@@ -30,16 +33,43 @@
  */
 public class DefaultCredentialPasswordValidator implements CredentialPasswordValidator
 {
+    private String passwordPattern;
+    private boolean strictPassword = false;
+    /* Example:
+        * Must be at least 6 characters
+        * Must contain at least one one lower case letter, one upper case letter, one digit
and one special character
+        * Valid special characters are @#$%^&+=
+     */
+    private final static String defaultPasswordPattern = "[^.*(?=.{6,})(?=.*\\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[@#$%^&+=]).*$]";
+    
+    public DefaultCredentialPasswordValidator(String passwordPattern)
+    {
+        this.passwordPattern = passwordPattern;
+        this.strictPassword = true;
+    }
     public DefaultCredentialPasswordValidator()
     {
+        strictPassword = false;
     }
-
+    
     /**
      * @see org.apache.jetspeed.security.spi.CredentialPasswordValidator#validate(java.lang.String)
      */
     public void validate(String clearTextPassword) throws SecurityException
     {
+       if (strictPassword)
+       {
+           Pattern p = Pattern.compile(passwordPattern);
+           //Match the given string with the pattern
+           Matcher m = p.matcher(clearTextPassword);
+           if(!m.matches())
+               throw new InvalidPasswordException();
+       }
+       else
+       {
         if ( clearTextPassword == null || clearTextPassword.length() == 0)
-            throw new InvalidPasswordException();
+             throw new InvalidPasswordException();
+       }
+ 
     }
 }

Modified: portals/jetspeed-2/trunk/jetspeed-portal-resources/src/main/resources/webapp/WEB-INF/assembly/security-spi-atn.xml
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/jetspeed-portal-resources/src/main/resources/webapp/WEB-INF/assembly/security-spi-atn.xml?rev=601034&r1=601033&r2=601034&view=diff
==============================================================================
--- portals/jetspeed-2/trunk/jetspeed-portal-resources/src/main/resources/webapp/WEB-INF/assembly/security-spi-atn.xml
(original)
+++ portals/jetspeed-2/trunk/jetspeed-portal-resources/src/main/resources/webapp/WEB-INF/assembly/security-spi-atn.xml
Tue Dec  4 10:46:39 2007
@@ -23,6 +23,12 @@
   <!-- require a non-empty password -->
   <bean id="org.apache.jetspeed.security.spi.CredentialPasswordValidator" 
        class="org.apache.jetspeed.security.spi.impl.DefaultCredentialPasswordValidator"/>
+   <!-- UNCOMMENT TO TURN ON Regex-based password validation. The pattern below gives:
+        * Must be at least 6 characters
+        * Must contain at least one one lower case letter, one upper case letter, one digit
and one special character
+        * Valid special characters are @#$%^&+=
+		<constructor-arg index="1"><value><![CDATA[^.*(?=.{6,})(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[@#$%^&+=]).*$]]></value></constructor-arg>
      
+    -->       
 
   <!-- MessageDigest encode passwords using SHA-1 -->
   <bean id="org.apache.jetspeed.security.spi.CredentialPasswordEncoder" 



---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org


Mime
View raw message