Package org.apache.jackrabbit.core.security.user.action

Class PasswordValidationAction

java.lang.Object

org.apache.jackrabbit.core.security.user.action.AbstractAuthorizableAction

org.apache.jackrabbit.core.security.user.action.PasswordValidationAction

All Implemented Interfaces:

AuthorizableAction

public class PasswordValidationAction
extends AbstractAuthorizableAction

PasswordValidationAction provides a simple password validation mechanism with the following configurable option:

• constraint: a regular expression that can be compiled to a Pattern defining validation rules for a password.

The password validation is executed on user creation and upon password change. It throws a ConstraintViolationException if the password validation fails.

Example configuration:

    <UserManager class="org.apache.jackrabbit.core.security.user.UserPerWorkspaceUserManager">
       <AuthorizableAction class="org.apache.jackrabbit.core.security.user.action.PasswordValidationAction">
          <!--
          password length must be at least 8 chars and it must contain at least
          one upper and one lowercase ASCII character.
          -->
          <param name="constraint" value="^.*(?=.{8,})(?=.*[a-z])(?=.*[A-Z]).*"/>
       </AuthorizableAction>
    </UserManager>
 

See Also:

UserManager.createUser(String, String), User.changePassword(String), User.changePassword(String, String)

Constructor Summary

Constructors

Constructor	Description
PasswordValidationAction()

Method Summary

Modifier and Type	Method	Description
void	onCreate(User user, String password, Session session)	Doesn't perform any action.
void	onPasswordChange(User user, String newPassword, Session session)	Doesn't perform any action.
void	setConstraint(String constraint)	Set the password constraint.

Methods inherited from class org.apache.jackrabbit.core.security.user.action.AbstractAuthorizableAction

onCreate, onRemove

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

PasswordValidationAction

public PasswordValidationAction()

Method Detail

onCreate

public void onCreate(User user,
                     String password,
                     Session session)
              throws RepositoryException

Description copied from class: AbstractAuthorizableAction

Doesn't perform any action.

Specified by:

onCreate in interface AuthorizableAction

Overrides:

onCreate in class AbstractAuthorizableAction

Parameters:

user - The new user that has not yet been persisted; e.g. the associated node is still 'NEW'.

password - The password that was specified upon user creation.

session - The editing session associated with the user manager.

Throws:

RepositoryException - If an error occurs.

See Also:

AuthorizableAction.onCreate(org.apache.jackrabbit.api.security.user.User, String, javax.jcr.Session)

onPasswordChange

public void onPasswordChange(User user,
                             String newPassword,
                             Session session)
                      throws RepositoryException

Description copied from class: AbstractAuthorizableAction

Doesn't perform any action.

Specified by:

onPasswordChange in interface AuthorizableAction

Overrides:

onPasswordChange in class AbstractAuthorizableAction

Parameters:

user - The user that whose password is going to change.

newPassword - The new password as specified in User.changePassword(java.lang.String)

session - The editing session associated with the user manager.

Throws:

RepositoryException - If an exception or error occurs.

See Also:

AuthorizableAction.onPasswordChange(org.apache.jackrabbit.api.security.user.User, String, javax.jcr.Session)

setConstraint

public void setConstraint(String constraint)

Set the password constraint.

Parameters:

constraint - A regular expression that can be used to validate a new password.