Re: svn commit: r1418996 - in /ofbiz/trunk/framework: common/config/SecurityextUiLabels.xml common/src/org/ofbiz/common/login/LoginServices.java security/config/security.properties

Mon, 10 Dec 2012 07:45:35 -0800 


On 12/9/2012 2:59 PM, [email protected] wrote:

Author: jleroux
Date: Sun Dec  9 14:59:52 2012
New Revision: 1418996

URL: http://svn.apache.org/viewvc?rev=1418996&view=rev
Log:
A slightly modified patch from Sumit Pandit for "Additional Validation for Password  
: Make password pattern driven" https://issues.apache.org/jira/browse/OFBIZ-4958

Provides an additional validation for password  with following capability to 
the system:

Admin can enable/disable pattern based password capability of system. 
Configuration will reside in security.property file.
  To enable : security.login.password.pattern.enable=true
  To disable: security.login.password.pattern.enable=false

Admin is flexible to provide his pattern string by making pattern more/less 
restrictive as per system requirement. Configuration will reside in 
security.property file.
  Example: security.login.password.pattern=^.*(?=. 
{5,})(?=.[a-zA-Z])(?=.[!@#$%^&*]).*$

Admin can provide custom error message string which will display to end user if 
wrong password is entered. Configuration will reside in security.properity file.

jleroux: I quickly handled the error message localisation for the OOTB case. 
It's more complicated when the pattern gets complex...

Modified:
     ofbiz/trunk/framework/common/config/SecurityextUiLabels.xml
     ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LoginServices.java
     ofbiz/trunk/framework/security/config/security.properties
Modified: ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LoginServices.java URL: http://svn.apache.org/viewvc/ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LoginServices.java?rev=1418996&r1=1418995&r2=1418996&view=diff ============================================================================== --- ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LoginServices.java (original) +++ ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LoginServices.java Sun Dec 9 14:59:52 2012 @@ -23,6 +23,8 @@ import java.sql.Timestamp; import java.util.List; import java.util.Locale; import java.util.Map; +import java.util.regex.Matcher; +import java.util.regex.Pattern; import javax.transaction.Transaction; @@ -62,6 +64,8 @@ public class LoginServices { public static final String module = LoginServices.class.getName(); public static final String resource = "SecurityextUiLabels"; + public static boolean usePasswordPattern = "true".equals(UtilProperties.getPropertyValue("security.properties", "security.login.password.pattern.enable")); + public static String passwordPattern = UtilProperties.getPropertyValue("security.properties", "security.login.password.pattern");
Please do not store property values in static class fields - that makes it impossible to change the settings at run-time. 

-Adrian

Reply via email to