The following example is a custom policy password extension.
The interface com.sterlingcommerce.woodstock.security.PasswordPolicyExtension
was added to the system as follows:
public interface IPasswordPolicyExtension {
/**
* Implements extended validation on passwords and
returns null if password
* validation is successful. If validation fails,
an error message key
* that may be looked up in Login_*.properties* should
be returned.
* @param password - The password string to validate
* @param policyId - The PWD_POLICY.POLICY_NAME of
the policy associated with the user in case the extension needs
it.
* @return String Return null if password validation
was successful, the error message key if password validation fails
*/
public String validateNewPassword (String password,
String policyName);
}
|
Returning null from the method indicates that the password was
accepted. Returning anything else means the password was not valid.
Example
Implementation
package test.policy.extension;
import java.util.regex.Pattern;
public class PwdPolExtnImpl implements com.sterlingcommerce.woodstock.security.IPasswordPolicyExtension
{
public String validateNewPassword(String
pwd,
String policyName) {
// Additional password validation checks
boolean match=Pattern.matches(".*[a-z].*",
pwd) && Pattern.matches(".*[A-Z].*", pwd) && (Pattern.matches(".*[0-9].*",
pwd) || Pattern.matches(".*[^A-Za-z0-9].*",pwd));
if (match==true) return null;
else return "nogood";
}
}
|