This website uses cookies for visitor traffic analysis. By using the website, you agree with storing the cookies on your computer.More information

--Password policy integration

Documents for the development of and with JVx.

--Password policy integration

Postby Development@SIB » Thu Sep 16, 2010 12:22 pm



This article is outdated - please use our new system at

https://doc.sibvisions.com




Applications, especially web applications, require secure passwords. However, users tend to select passwords that are easy to remember. Therefore the responsibility for chosing a secure password can not be left to the user. The application has to provide certain policies.

This is what the IPasswordValidator interface is for in JVx. It allows the creation of security policies for password.

JVx provides a default implementation: DefaultPasswordValidator. The following policies are supported:

  • Minimum number of characters
  • At least one number
  • At least one letter
  • At least one lowercase letter and one uppercase letter
  • At least one special character (not a number or letter)
  • The username cannot be the password

Password validation has to be configured since by default the system only verifies if the password contains at least one character.

The configuration is done in config.xml of the application:

Code: Select all
<securitymanager>
  <class>com.sibvisions.rad.server.security.XmlSecurityManager</class>

  <passwordvalidator>
    <class>com.sibvisions.rad.server.security.validation.DefaultPasswordValidator</class>
    <minlength>10</minlength>
    <specialchar>true</specialchar>
    <digit>true</digit>
    <letter>false</letter>
    <mixedcase>false</mixedcase>
    <notequaluser>true</notequaluser>
  </passwordvalidator>
</securitymanager>
User avatar
Development@SIB
 
Posts: 325
Joined: Mon Sep 28, 2009 1:54 pm

Return to Documentation