1/*2 * Licensed to the Apache Software Foundation (ASF) under one or more3 * contributor license agreements. See the NOTICE file distributed with4 * this work for additional information regarding copyright ownership.5 * The ASF licenses this file to You under the Apache License, Version 2.06 * (the "License"); you may not use this file except in compliance with7 * the License. You may obtain a copy of the License at8*9* http://www.apache.org/licenses/LICENSE-2.010*11* Unless required by applicable law or agreed to in writing, software12* distributed under the License is distributed on an "AS IS" BASIS,13* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.14* See the License for the specific language governing permissions and15* limitations under the License.16*/17packageorg.apache.jetspeed.security.spi.impl;
1819import java.util.regex.Matcher;
20import java.util.regex.Pattern;
2122import org.apache.jetspeed.security.InvalidPasswordException;
23import org.apache.jetspeed.security.SecurityException;
24import org.apache.jetspeed.security.spi.CredentialPasswordValidator;
2526/***27 * <p>28 * DefaultCredentialPasswordValidator29 * </p>30 * 31 * @author <a href="mailto:ate@apache.org">Ate Douma</a>32 * @version $Id: DefaultCredentialPasswordValidator.java 601032 2007-12-04 18:45:55Z taylor $33 */34publicclassDefaultCredentialPasswordValidator implements CredentialPasswordValidator
35 {
36private String passwordPattern;
37privateboolean strictPassword = false;
38/* Example:39 * Must be at least 6 characters40 * Must contain at least one one lower case letter, one upper case letter, one digit and one special character41 * Valid special characters are @#$%^&+=42 */43privatefinalstatic String defaultPasswordPattern = "[^.*(?=.{6,})(?=.*//d)(?=.*[a-z])(?=.*[A-Z])(?=.*[@#$%^&+=]).*$]";
4445publicDefaultCredentialPasswordValidator(String passwordPattern)
46 {
47this.passwordPattern = passwordPattern;
48this.strictPassword = true;
49 }
50publicDefaultCredentialPasswordValidator()
51 {
52 strictPassword = false;
53 }
5455/***56 * @see org.apache.jetspeed.security.spi.CredentialPasswordValidator#validate(java.lang.String)57 */58publicvoid validate(String clearTextPassword) throws SecurityException
59 {
60if (strictPassword)
61 {
62 Pattern p = Pattern.compile(passwordPattern);
63//Match the given string with the pattern64 Matcher m = p.matcher(clearTextPassword);
65if(!m.matches())
66thrownew InvalidPasswordException();
67 }
68else69 {
70if ( clearTextPassword == null || clearTextPassword.length() == 0)
71thrownew InvalidPasswordException();
72 }
7374 }
75 }