Passay - Quick Guide


Advertisements

Passay - Overview

Passay is a Java based Password generation and validation library. It provides comprehensive features list in order to validate/generate passwords and is highly configurable.

Passay Components

Passay API has 3 core components.

  • Rule − one or more rules which define a password policy rule set.

  • PasswordValidator − A validator component which validates a password against a given rule set.

  • PasswordGenerator − A generator component which produces passwords to satisfy a given rule set.

Rule overview

Rules are the foundation blocks for both password validation and generation. There are two broad categories of rules:

  • Positive match require that passwords satisfy a rule.

  • Negative match reject passwords that satisfy a rule.

Features

Following are some of the features that Passay library provides.

  • Password Validation − Passay library helps in enforcing a password policy by validating passwords against a configurable rule set. It has a rich set of existing rules for common use-cases. For additional cases, it provides a simple Rule interface to implement the custom rule.

  • Password Generation − It provides a configurable rule set which can be used to generate passwords as well.

  • Command Line Tools − It provides tools to automate password policy enforcement.

  • convenient − Easy to use.

  • Extensible − All Passay components are extensible.

  • Supports Internalization - Passay components are internationalization ready.

Passay - Environment Setup

Local Environment Setup

If you are still willing to set up your environment for Java programming language, then this section guides you on how to download and set up Java on your machine. Please follow the steps mentioned below to set up the environment.

Java SE is freely available from the link Download Java. So you download a version based on your operating system.

Follow the instructions to download Java and run the .exe to install Java on your machine. Once you have installed Java on your machine, you would need to set environment variables to point to correct installation directories −

Setting up the Path for Windows 2000/XP

We are assuming that you have installed Java in c:\Program Files\java\jdk directory −

  • Right-click on 'My Computer' and select 'Properties'.

  • Click on the 'Environment variables' button under the 'Advanced' tab.

  • Now, alter the 'Path' variable so that it also contains the path to the Java executable. Example, if the path is currently set to 'C:\WINDOWS\SYSTEM32', then change your path to read 'C:\WINDOWS\SYSTEM32;c:\Program Files\java\jdk\bin'.

Setting up the Path for Windows 95/98/ME

We are assuming that you have installed Java in c:\Program Files\java\jdk directory −

  • Edit the 'C:\autoexec.bat' file and add the following line at the end − 'SET PATH=%PATH%;C:\Program Files\java\jdk\bin'

Setting up the Path for Linux, UNIX, Solaris, FreeBSD

Environment variable PATH should be set to point to where the Java binaries have been installed. Refer to your shell documentation if you have trouble doing this.

Example, if you use bash as your shell, then you would add the following line to the end of your '.bashrc: export PATH=/path/to/java:$PATH'

Popular Java Editors

To write your Java programs, you need a text editor. There are many sophisticated IDEs available in the market. But for now, you can consider one of the following −

  • Notepad − On Windows machine you can use any simple text editor like Notepad (Recommended for this tutorial), TextPad.

  • Netbeans − It is a Java IDE that is open-source and free which can be downloaded from https://www.netbeans.org/index.html.

  • Eclipse − It is also a Java IDE developed by the eclipse open-source community and can be downloaded from https://www.eclipse.org/.

Download Passay Archive

Download the latest version of Passay jar file from Maven Repository - . In this tutorial, passay-1.4.0.jar is downloaded and copied into C:\> passay folder.

OS Archive name
Windows passay-1.4.0.jar
Linux passay-1.4.0.jar
Mac passay-1.4.0.jar

Set Passay Environment

Set the PASSAY environment variable to point to the base directory location where Passay jar is stored on your machine. Assuming, we've extracted passay-1.4.0.jar in Passay folder on various Operating Systems as follows.

OS Output
Windows Set the environment variable PASSAY to C:\Passay
Linux export PASSAY=/usr/local/Passay
Mac export PASSAY=/Library/Passay

Set CLASSPATH Variable

Set the CLASSPATH environment variable to point to the Passay jar location. Assuming, you have stored passay-1.4.0.jar in Passay folder on various Operating Systems as follows.

OS Output
Windows Set the environment variable CLASSPATH to %CLASSPATH%;%Passay%\passay-1.4.0.jar;.;
Linux export CLASSPATH=$CLASSPATH:$PASSAY/passay-1.4.0.jar:.
Mac export CLASSPATH=$CLASSPATH:$PASSAY/passay-1.4.0.jar:.

Passay - Password Validation

A typical Password policy contains a set of rules to check a password if is compliant with organization rules. Consider the following policy:

  • Length of password should be in between 8 to 16 characters.

  • A password should not contain any whitespace.

  • A password should contains each of the following: upper, lower, digit and a symbol.

Example

The below example shows the validation of a password against above policy using Passay library.

import java.util.ArrayList;
import java.util.List;

import org.passay.CharacterRule;
import org.passay.EnglishCharacterData;
import org.passay.LengthRule;
import org.passay.PasswordData;
import org.passay.PasswordValidator;
import org.passay.Rule;
import org.passay.RuleResult;
import org.passay.WhitespaceRule;

public class PassayExample {
   public static void main(String[] args) {
        
      List<Rule> rules = new ArrayList<>();        
      //Rule 1: Password length should be in between 
      //8 and 16 characters
      rules.add(new LengthRule(8, 16));        
      //Rule 2: No whitespace allowed
      rules.add(new WhitespaceRule());        
      //Rule 3.a: At least one Upper-case character
      rules.add(new CharacterRule(EnglishCharacterData.UpperCase, 1));        
      //Rule 3.b: At least one Lower-case character
      rules.add(new CharacterRule(EnglishCharacterData.LowerCase, 1));        
      //Rule 3.c: At least one digit
      rules.add(new CharacterRule(EnglishCharacterData.Digit, 1));        
      //Rule 3.d: At least one special character
      rules.add(new CharacterRule(EnglishCharacterData.Special, 1));
        
      PasswordValidator validator = new PasswordValidator(rules);        
      PasswordData password = new PasswordData("Microsoft@123");        
      RuleResult result = validator.validate(password);
        
      if(result.isValid()){
         System.out.println("Password validated.");
      } else {
         System.out.println("Invalid Password: " + validator.getMessages(result));            
        }
    }
}

Output

Password validated.

Passay - Customized Messages

Passay libary provides a MessageResolver API to override the default messages used by the validator. It can take the path to custom properties file and use the standard keys to override the required message.

Example

The below example shows the validation of a password and show a custom message using Passay library.

messages.properties

INSUFFICIENT_UPPERCASE=Password missing at least %1$s uppercase characters.
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.net.URL;
import java.util.ArrayList;
import java.util.List;
import java.util.Properties;

import org.passay.CharacterRule;
import org.passay.EnglishCharacterData;
import org.passay.LengthRule;
import org.passay.MessageResolver;
import org.passay.PasswordData;
import org.passay.PasswordValidator;
import org.passay.PropertiesMessageResolver;
import org.passay.Rule;
import org.passay.RuleResult;
import org.passay.WhitespaceRule;

public class PassayExample {
   public static void main(String[] args) throws FileNotFoundException, IOException {
      List<Rule> rules = new ArrayList<>();
      rules.add(new LengthRule(8, 16));
      rules.add(new WhitespaceRule());
      rules.add(new CharacterRule(EnglishCharacterData.UpperCase, 1));
      rules.add(new CharacterRule(EnglishCharacterData.LowerCase, 1));
      rules.add(new CharacterRule(EnglishCharacterData.Digit, 1));
      rules.add(new CharacterRule(EnglishCharacterData.Special, 1));

      Properties props = new Properties();
      props.load(new FileInputStream("E:/Test/messages.properties"));
      MessageResolver resolver = new PropertiesMessageResolver(props);

      PasswordValidator validator = new PasswordValidator(resolver, rules);
      PasswordData password = new PasswordData("microsoft@123");
      RuleResult result = validator.validate(password);
      if(result.isValid()){
         System.out.println("Password validated.");
      } else {
         System.out.println("Invalid Password: " + validator.getMessages(result));            
      }
   }
}

Output

Invalid Password: [Password missing at least 1 uppercase characters.]

Passay - M of N rules

Many times a password policy mandated compliance to minimum rules out of given rules such as a password must be compliant with at least M of N rules. Consider the following policy.

  • Length of password should be in between 8 to 16 characters.

  • A password should not contain any whitespace.

  • A password should contains at least three of the following: upper, lower, digit or symbol.

Example

The below example shows the validation of a password against above policy using Passay library.

import java.io.FileNotFoundException;
import java.io.IOException;

import org.passay.CharacterCharacteristicsRule;
import org.passay.CharacterRule;
import org.passay.EnglishCharacterData;
import org.passay.LengthRule;
import org.passay.PasswordData;
import org.passay.PasswordValidator;
import org.passay.Rule;
import org.passay.RuleResult;
import org.passay.WhitespaceRule;

public class PassayExample {
   public static void main(String[] args) throws FileNotFoundException, IOException {
      //Rule 1: Password length should be in between 
      //8 and 16 characters
      Rule rule1 = new LengthRule(8, 16);        
      //Rule 2: No whitespace allowed
      Rule rule2 = new WhitespaceRule();        
      CharacterCharacteristicsRule rule3 = new CharacterCharacteristicsRule();        
      //M - Mandatory characters count
      rule3.setNumberOfCharacteristics(3);        
      //Rule 3.a: One Upper-case character
      rule3.getRules().add(new CharacterRule(EnglishCharacterData.UpperCase, 1));        
      //Rule 3.b: One Lower-case character
      rule3.getRules().add(new CharacterRule(EnglishCharacterData.LowerCase, 1));        
      //Rule 3.c: One digit
      rule3.getRules().add(new CharacterRule(EnglishCharacterData.Digit, 1));        
      //Rule 3.d: One special character
      rule3.getRules().add(new CharacterRule(EnglishCharacterData.Special, 1));

      PasswordValidator validator = new PasswordValidator(rule1, rule2, rule3);        
      PasswordData password = new PasswordData("microsoft@123");        
      RuleResult result = validator.validate(password);

      if(result.isValid()){
         System.out.println("Password validated.");
      } else {
         System.out.println("Invalid Password: " + validator.getMessages(result));            
      }
   }
}

Output

Password validated.

Passay - Password Generation

PasswordGenerator helps in generating password using given policy. Consider the following policy:

  • Length of password should be 8 characters.

  • A password should contains each of the following: upper, lower, digit and a symbol.

Example

The below example shows the generation of a password against above policy using Passay library.

import org.passay.CharacterRule;
import org.passay.EnglishCharacterData;
import org.passay.PasswordGenerator;

public class PassayExample {
   public static void main(String[] args) {
      CharacterRule alphabets = new CharacterRule(EnglishCharacterData.Alphabetical);
      CharacterRule digits = new CharacterRule(EnglishCharacterData.Digit);
      CharacterRule special = new CharacterRule(EnglishCharacterData.Special);

      PasswordGenerator passwordGenerator = new PasswordGenerator();
      String password = passwordGenerator.generatePassword(8, alphabets, digits, special);
      System.out.println(password);
   }
}

Output

?\DE~@c3

Passay - AllowedCharacterRule

AllowedCharacterRule allows to specify the characters which a password can include. Consider the following example.

Example

The below example shows the validation of a password against above policy using Passay library.

import org.passay.AllowedCharacterRule;
import org.passay.LengthRule;
import org.passay.PasswordData;
import org.passay.PasswordValidator;
import org.passay.Rule;
import org.passay.RuleResult;

public class PassayExample {
   public static void main(String[] args) {
      //Rule: Password should contains only a, b and c       
      Rule rule1 = new AllowedCharacterRule(new char[] {'a', 'b', 'c'});
      //8 and 16 characters
      Rule rule2 = new LengthRule(8, 16);    

      PasswordValidator validator = new PasswordValidator(rule1, rule2);
      PasswordData password = new PasswordData("abcabcab1");
      RuleResult result = validator.validate(password);

      if(result.isValid()){
         System.out.println("Password validated.");
      } else {
         System.out.println("Invalid Password: " + validator.getMessages(result));            
      }
   }
}

Output

Invalid Password: [Password contains the illegal character '1'.]

Passay - AllowedRegexRule

AllowedRegexRule allows to specify the regular pattern which a password should satisfy. Consider the following example.

Example

The below example shows the validation of a password against above policy using Passay library.

import org.passay.AllowedRegexRule;
import org.passay.LengthRule;
import org.passay.PasswordData;
import org.passay.PasswordValidator;
import org.passay.Rule;
import org.passay.RuleResult;

public class PassayExample {
   public static void main(String[] args) {
      //Rule: Password should contains alphabets only
      Rule rule1 = new AllowedRegexRule("^[A-Za-z]+$");
      //8 and 16 characters
      Rule rule2 = new LengthRule(8, 16);    

      PasswordValidator validator = new PasswordValidator(rule1, rule2);
      PasswordData password = new PasswordData("microsoft@123");
      RuleResult result = validator.validate(password);

      if(result.isValid()){
         System.out.println("Password validated.");
      } else {
         System.out.println("Invalid Password: " + validator.getMessages(result));            
      }
   }
}

Output

Invalid Password: [Password must match pattern '^[A-Za-z]+$'.]

Passay - CharacterRule

CharacterRule helps in defining a set of characters and minimum no. of characters required in a password.

Example

The below example shows the validation of a password against above policy using Passay library.

import java.util.ArrayList;
import java.util.List;

import org.passay.CharacterRule;
import org.passay.EnglishCharacterData;
import org.passay.LengthRule;
import org.passay.PasswordData;
import org.passay.PasswordValidator;
import org.passay.Rule;
import org.passay.RuleResult;
import org.passay.WhitespaceRule;

public class PassayExample {
   public static void main(String[] args) {
        
      List<Rule> rules = new ArrayList<>();        
      //Rule 1: Password length should be in between 
      //8 and 16 characters
      rules.add(new LengthRule(8, 16));        
      //Rule 2: No whitespace allowed
      rules.add(new WhitespaceRule());        
      //Rule 3.a: At least one Upper-case character
      rules.add(new CharacterRule(EnglishCharacterData.UpperCase, 1));        
      //Rule 3.b: At least one Lower-case character
      rules.add(new CharacterRule(EnglishCharacterData.LowerCase, 1));        
      //Rule 3.c: At least one digit
      rules.add(new CharacterRule(EnglishCharacterData.Digit, 1));        
      //Rule 3.d: At least one special character
      rules.add(new CharacterRule(EnglishCharacterData.Special, 1));

      PasswordValidator validator = new PasswordValidator(rules);        
      PasswordData password = new PasswordData("Microsoft@123");        
      RuleResult result = validator.validate(password);

      if(result.isValid()){
         System.out.println("Password validated.");
      } else {
         System.out.println("Invalid Password: " + validator.getMessages(result));            
      }
   }
}

Output

Password validated.

Passay - LengthRule

LengthRule helps in defining the minimum and maximum length of a password.

Example

The below example shows the validation of a password against above policy using Passay library.

import java.util.ArrayList;
import java.util.List;

import org.passay.CharacterRule;
import org.passay.EnglishCharacterData;
import org.passay.LengthRule;
import org.passay.PasswordData;
import org.passay.PasswordValidator;
import org.passay.Rule;
import org.passay.RuleResult;
import org.passay.WhitespaceRule;

public class PassayExample {
   public static void main(String[] args) {
        
      List<Rule> rules = new ArrayList<>();        
      //Rule 1: Password length should be in between 
      //8 and 16 characters
      rules.add(new LengthRule(8, 16));        
      //Rule 2: No whitespace allowed
      rules.add(new WhitespaceRule());        
      //Rule 3.a: At least one Upper-case character
      rules.add(new CharacterRule(EnglishCharacterData.UpperCase, 1));        
      //Rule 3.b: At least one Lower-case character
      rules.add(new CharacterRule(EnglishCharacterData.LowerCase, 1));        
      //Rule 3.c: At least one digit
      rules.add(new CharacterRule(EnglishCharacterData.Digit, 1));        
      //Rule 3.d: At least one special character
      rules.add(new CharacterRule(EnglishCharacterData.Special, 1));
        
      PasswordValidator validator = new PasswordValidator(rules);        
      PasswordData password = new PasswordData("Microsoft@123");        
      RuleResult result = validator.validate(password);
        
      if(result.isValid()){
         System.out.println("Password validated.");
      }else{
         System.out.println("Invalid Password: " + validator.getMessages(result));            
      }
   }
}

Output

Password validated.

Passay - CharacterCharacteristicsRule

CharacterCharacteristicsRule helps in defining whether a password satisfy given N defined rules or not.

Example

The below example shows the validation of a password against above policy using Passay library.

import java.io.FileNotFoundException;
import java.io.IOException;

import org.passay.CharacterCharacteristicsRule;
import org.passay.CharacterRule;
import org.passay.EnglishCharacterData;
import org.passay.LengthRule;
import org.passay.PasswordData;
import org.passay.PasswordValidator;
import org.passay.Rule;
import org.passay.RuleResult;
import org.passay.WhitespaceRule;

public class PassayExample {
   public static void main(String[] args) throws FileNotFoundException, IOException {
      //Rule 1: Password length should be in between 
      //8 and 16 characters
      Rule rule1 = new LengthRule(8, 16);        
      //Rule 2: No whitespace allowed
      Rule rule2 = new WhitespaceRule();        
      CharacterCharacteristicsRule rule3 = new CharacterCharacteristicsRule();        
      //M - Mandatory characters count
      rule3.setNumberOfCharacteristics(3);        
      //Rule 3.a: One Upper-case character
      rule3.getRules().add(new CharacterRule(EnglishCharacterData.UpperCase, 1));        
      //Rule 3.b: One Lower-case character
      rule3.getRules().add(new CharacterRule(EnglishCharacterData.LowerCase, 1));        
      //Rule 3.c: One digit
      rule3.getRules().add(new CharacterRule(EnglishCharacterData.Digit, 1));        
      //Rule 3.d: One special character
      rule3.getRules().add(new CharacterRule(EnglishCharacterData.Special, 1));

      PasswordValidator validator = new PasswordValidator(rule1, rule2, rule3);        
      PasswordData password = new PasswordData("microsoft@123");        
      RuleResult result = validator.validate(password);

      if(result.isValid()){
         System.out.println("Password validated.");
      } else {
         System.out.println("Invalid Password: " + validator.getMessages(result));            
      }
   }
}

Output

Password validated.

Passay - LengthComplexityRule

LengthComplexityRule helps in defining the applicable rule on a password based on its length. Consider the following policy.

  • If length of password is in between 1 to 5 characters, only lower case alphabets are allowed.

  • If length of password is in between 6 to 8 characters, then only a, b and c are allowed.

Example

The below example shows the validation of a password against above policy using Passay library.

import org.passay.AllowedCharacterRule;
import org.passay.CharacterRule;
import org.passay.EnglishCharacterData;
import org.passay.LengthComplexityRule;
import org.passay.PasswordData;
import org.passay.PasswordValidator;
import org.passay.RuleResult;

public class PassayExample {
   public static void main(String[] args) {
      LengthComplexityRule lengthComplexityRule = new LengthComplexityRule();
      //Rule: Password of 1 to 5 characters should contains lower case alphabets only
      lengthComplexityRule.addRules("[1,5]", 
         new CharacterRule(EnglishCharacterData.LowerCase, 5));
      //8 and 16 characters
      lengthComplexityRule.addRules("[6,8]", 
         new AllowedCharacterRule(new char[] { 'a', 'b', 'c' }));    
      PasswordValidator validator = new PasswordValidator(lengthComplexityRule);
      PasswordData password = new PasswordData("abcdef");
      RuleResult result = validator.validate(password);
      if(result.isValid()){
         System.out.println("Password validated.");
      }else{
         System.out.println("Invalid Password: " + validator.getMessages(result));            
      }
   }
}

Output

Invalid Password: [
Password contains the illegal character 'd'., 
Password contains the illegal character 'e'., 
Password contains the illegal character 'f'., 
Password meets 0 complexity rules, but 1 are required.]

Passay - IllegalCharacterRule

IllegalCharacterRule allows to specify the characters which are not allowed in a password. Consider the following example.

Example

import org.passay.IllegalCharacterRule;
import org.passay.NumberRangeRule;
import org.passay.PasswordData;
import org.passay.PasswordValidator;
import org.passay.RuleResult;
import org.passay.WhitespaceRule;

public class PassayExample {
   public static void main(String[] args) {
      //Rule: Special characters like &, <, > are not allowed in a password 
      IllegalCharacterRule illegalCharacterRule 
         = new IllegalCharacterRule(new char[] {'&', '<', '>'});

      //Rule: 1 to 5 numbers are not allowed
      NumberRangeRule numberRangeRule = new NumberRangeRule(1, 5);

      //Rule: White spaces are not allowed
      WhitespaceRule whitespaceRule = new WhitespaceRule();

      PasswordValidator validator 
         = new PasswordValidator(illegalCharacterRule,numberRangeRule,whitespaceRule);
      PasswordData password = new PasswordData("abc&4d  ef6");
      RuleResult result = validator.validate(password);

      if(result.isValid()){
         System.out.println("Password validated.");
      }else{
         System.out.println("Invalid Password: " + validator.getMessages(result));            
      }
   }
}

Output

Invalid Password: [
Password contains the illegal character '&'.,
Password contains the number '4'.,
Password contains a whitespace character.]

Passay - NumberRangeRule

NumberRangeRule allows to specify the range of numbers which are not allowed in a password. Consider the following example.

Example

import org.passay.IllegalCharacterRule;
import org.passay.NumberRangeRule;
import org.passay.PasswordData;
import org.passay.PasswordValidator;
import org.passay.RuleResult;
import org.passay.WhitespaceRule;

public class PassayExample {
   public static void main(String[] args) {
      //Rule: Special characters like &, <, > are not allowed in a password 
      IllegalCharacterRule illegalCharacterRule 
         = new IllegalCharacterRule(new char[] {'&', '<', '>'});

      //Rule: 1 to 5 numbers are not allowed
      NumberRangeRule numberRangeRule = new NumberRangeRule(1, 5);

      //Rule: White spaces are not allowed
      WhitespaceRule whitespaceRule = new WhitespaceRule();

      PasswordValidator validator 
         = new PasswordValidator(illegalCharacterRule,numberRangeRule,whitespaceRule);
      PasswordData password = new PasswordData("abc&4d  ef6");
      RuleResult result = validator.validate(password);

      if(result.isValid()){
         System.out.println("Password validated.");
      } else {
         System.out.println("Invalid Password: " + validator.getMessages(result));            
      }
   }
}

Output

Invalid Password: [
Password contains the illegal character '&'.,
Password contains the number '4'.,
Password contains a whitespace character.]

Passay - WhitespaceRule

WhitespaceRule allows to specify that the white spaces are not allowed in a password. Consider the following example.

Example

import org.passay.IllegalCharacterRule;
import org.passay.NumberRangeRule;
import org.passay.PasswordData;
import org.passay.PasswordValidator;
import org.passay.RuleResult;
import org.passay.WhitespaceRule;

public class PassayExample {
   public static void main(String[] args) {
      //Rule: Special characters like &, <, > are not allowed in a password 
      IllegalCharacterRule illegalCharacterRule 
         = new IllegalCharacterRule(new char[] {'&', '<', '>'});

      //Rule: 1 to 5 numbers are not allowed
      NumberRangeRule numberRangeRule = new NumberRangeRule(1, 5);

      //Rule: White spaces are not allowed
      WhitespaceRule whitespaceRule = new WhitespaceRule();

      PasswordValidator validator 
         = new PasswordValidator(illegalCharacterRule,numberRangeRule,whitespaceRule);
      PasswordData password = new PasswordData("abc&4d  ef6");
      RuleResult result = validator.validate(password);

      if(result.isValid()){
         System.out.println("Password validated.");
      } else {
         System.out.println("Invalid Password: " + validator.getMessages(result));            
      }
   }
}

Output

Invalid Password: [
Password contains the illegal character '&'.,
Password contains the number '4'.,
Password contains a whitespace character.]

Passay - DictionaryRule

DictionaryRule allows to check if certain words are not specified as password. Consider the following example.

Example

import org.passay.DictionaryRule;
import org.passay.PasswordData;
import org.passay.PasswordValidator;
import org.passay.RuleResult;
import org.passay.dictionary.ArrayWordList;
import org.passay.dictionary.WordListDictionary;

public class PassayExample {
   public static void main(String[] args) {
      WordListDictionary wordListDictionary = new WordListDictionary(
         new ArrayWordList(new String[] { "password", "username" }));
      DictionaryRule dictionaryRule = new DictionaryRule(wordListDictionary);
      PasswordValidator validator = new PasswordValidator(dictionaryRule);
      PasswordData password = new PasswordData("password");
      RuleResult result = validator.validate(password);

      if(result.isValid()){
         System.out.println("Password validated.");
      }else{
         System.out.println("Invalid Password: " + validator.getMessages(result));            
      }
   }
}

Output

Invalid Password: [Password contains the dictionary word 'password'.]

Passay - DictionarySubstringRule

DictionarySubstringRule allows to check if certain words are not part of a password. Consider the following example.

Example

import org.passay.DictionarySubstringRule;
import org.passay.PasswordData;
import org.passay.PasswordValidator;
import org.passay.RuleResult;
import org.passay.dictionary.ArrayWordList;
import org.passay.dictionary.WordListDictionary;

public class PassayExample {
   public static void main(String[] args) {
      WordListDictionary wordListDictionary = new WordListDictionary(
         new ArrayWordList(new String[] { "password", "username" }));
      DictionarySubstringRule dictionaryRule = new DictionarySubstringRule(wordListDictionary);
      PasswordValidator validator = new PasswordValidator(dictionaryRule);
      PasswordData password = new PasswordData("password@123");
      RuleResult result = validator.validate(password);

      if(result.isValid()){
         System.out.println("Password validated.");
      }else{
         System.out.println("Invalid Password: " + validator.getMessages(result));            
      }
   }
}

Output

Invalid Password: [Password contains the dictionary word 'password'.]

Passay - HistoryRule

HistoryRule allows to check if given password has not been in use in near past. Consider the following example.

Example

import org.passay.HistoryRule;
import org.passay.PasswordData;
import org.passay.PasswordValidator;
import org.passay.RuleResult;
import org.passay.SourceRule;

public class PassayExample {
   public static void main(String[] args) {
      SourceRule sourceRule = new SourceRule();
      HistoryRule historyRule = new HistoryRule();
      PasswordValidator validator = new PasswordValidator(sourceRule, historyRule);
      PasswordData password = new PasswordData("password@123");
      password.setPasswordReferences(
         new PasswordData.SourceReference("source", "password"), 
         new PasswordData.HistoricalReference("password@123")
      );
      RuleResult result = validator.validate(password);

      if(result.isValid()){
         System.out.println("Password validated.");
      }else{
         System.out.println("Invalid Password: " + validator.getMessages(result));            
      }
   }
}

Output

Invalid Password: [Password matches one of 1 previous passwords.]

Passay - RepeatCharacterRegexRule

RepeatCharacterRegexRule allows to check if given password has repeated ascii characters. Consider the following example.

Example

import org.passay.LengthRule;
import org.passay.PasswordData;
import org.passay.PasswordValidator;
import org.passay.RepeatCharacterRegexRule;
import org.passay.Rule;
import org.passay.RuleResult;

public class PassayExample {
   public static void main(String[] args) {
      //Rule: Password should not contain repeated entries
      Rule rule1 = new RepeatCharacterRegexRule(3);
      //8 and 16 characters
      Rule rule2 = new LengthRule(8, 16);    

      PasswordValidator validator = new PasswordValidator(rule1, rule2);
      PasswordData password = new PasswordData("aaefhehhhhh");
      RuleResult result = validator.validate(password);

      if(result.isValid()){
         System.out.println("Password validated.");
      }else{
         System.out.println("Invalid Password: " + validator.getMessages(result));            
      }
   }
}

Output

Invalid Password: [Password matches the illegal pattern 'hhh'.]

Passay - UsernameRule

UsernameRule ensures that password is not containing the username. Consider the following example.

Example

import org.passay.PasswordData;
import org.passay.PasswordValidator;
import org.passay.Rule;
import org.passay.RuleResult;
import org.passay.UsernameRule;

public class PassayExample {
   public static void main(String[] args) {
      //Rule: Password should not contain user-name
      Rule rule = new UsernameRule();
      
      PasswordValidator validator = new PasswordValidator(rule);
      PasswordData password = new PasswordData("microsoft");
      password.setUsername("micro");
      RuleResult result = validator.validate(password);

      if(result.isValid()){
         System.out.println("Password validated.");
      }else{
         System.out.println("Invalid Password: " + validator.getMessages(result));            
      }
   }
}

Output

Invalid Password: [Password contains the user id 'micro'.]
Advertisements