Examples of org.apache.jackrabbit.core.security.user.action.PasswordValidationAction

• org.apache.jackrabbit.core.security.user.action.PasswordValidationAction
  PasswordValidationAction provides a simple password validation mechanism with the following configurable option:

  • constraint: a regular expression that can be compiled to a {@link Pattern} defining validation rules for a password.

  The password validation is executed on user creation and upon password change. It throws a ConstraintViolationException if the password validation fails.

  Example configuration:

   <UserManager class="org.apache.jackrabbit.core.security.user.UserPerWorkspaceUserManager"> <AuthorizableAction class="org.apache.jackrabbit.core.security.user.action.PasswordValidationAction"> <!-- password length must be at least 8 chars and it must contain at least one upper and one lowercase ASCII character. --> <param name="constraint" value="^.*(?=.{8,})(?=.*[a-z])(?=.*[A-Z]).*"/> </AuthorizableAction> </UserManager> 

  @see org.apache.jackrabbit.api.security.user.UserManager#createUser(String,String) @see User#changePassword(String) @see User#changePassword(String,String)

        try {
            String uid = getTestPrincipal().getName();
            u = impl.createUser(uid, buildPassword(uid));

            PasswordValidationAction pwAction = new PasswordValidationAction();
            pwAction.setConstraint("^.*(?=.{8,})(?=.*[a-z])(?=.*[A-Z]).*");
            setActions(pwAction);

            List<String> invalid = new ArrayList<String>();
            invalid.add("pw1");
            invalid.add("only6C");

    public void testPasswordValidationActionIgnoresHashedPwStringOnCreate() throws Exception {
        User u = null;

        try {
            PasswordValidationAction pwAction = new PasswordValidationAction();
            pwAction.setConstraint("^.*(?=.{8,})(?=.*[a-z])(?=.*[A-Z]).*");
            setActions(pwAction);

            String uid = getTestPrincipal().getName();
            String hashed = PasswordUtility.buildPasswordHash("DWkej32H");
            u = impl.createUser(uid, hashed);

        try {
            String uid = getTestPrincipal().getName();
            u = impl.createUser(uid, buildPassword(uid));

            PasswordValidationAction pwAction = new PasswordValidationAction();
            pwAction.setConstraint("abc");
            setActions(pwAction);

            String hashed = PasswordUtility.buildPasswordHash("abc");
            u.changePassword(hashed);

        try {
            String uid = getTestPrincipal().getName();
            u = impl.createUser(uid, buildPassword(uid));

            PasswordValidationAction pwAction = new PasswordValidationAction();
            pwAction.setConstraint("^.*(?=.{8,})(?=.*[a-z])(?=.*[A-Z]).*");
            setActions(pwAction);

            List<String> invalid = new ArrayList<String>();
            invalid.add("pw1");
            invalid.add("only6C");

        try {
            String uid = getTestPrincipal().getName();
            u = impl.createUser(uid, buildPassword(uid));

            PasswordValidationAction pwAction = new PasswordValidationAction();
            pwAction.setConstraint("^.*(?=.{8,})(?=.*[a-z])(?=.*[A-Z]).*");
            setActions(pwAction);

            String hashed = ((UserImpl) u).buildPasswordValue("DWkej32H");
            u.changePassword(hashed);

        try {
            String uid = getTestPrincipal().getName();
            u = impl.createUser(uid, buildPassword(uid));

            PasswordValidationAction pwAction = new PasswordValidationAction();
            pwAction.setConstraint("^.*(?=.{8,})(?=.*[a-z])(?=.*[A-Z]).*");
            setActions(pwAction);

            List<String> invalid = new ArrayList<String>();
            invalid.add("pw1");
            invalid.add("only6C");