Regex Password validator

Similar Messages

• Why are errors for password validation in struts 1.2.4 not being displayed

  I have the following in my validation.xml file
  <field property="passwordconfirm"
  depends="required">
  <arg0 key="registration.passwordconfirm"/>
  </field>
  In my jsp I have the following
  Password Confirm<html:password property="passwordconfirm" size="10" />
       <html:errors property="passwordconfirm"/>
  In my ApplicationResources.properties file I have the following
  errors.required={0} is required.
  registration.firstname = First name
  registration.passwordconfim= Password
  Other text fields work fine i.e. the errors are shown

  sorry this should read why no errors shown for password validation in struts 1.2.4.

• Custom password validation

  hi,
  I am trying to write a custom java file for password validation. when we load it and compile using adadmin the class file is not getting generated.
  also, i would like to know how to customize the message that appears.
  example PASSWORD-INVALID. I would like to use explanatory message. Where do i define these strings.
  package oracle.apps.fnd.security;
  import oracle.apps.fnd.common.VersionInfo;
  // Referenced classes of package oracle.apps.fnd.security:
  // PasswordValidation
  public class AppsPasswordValidationCUS
  implements PasswordValidation
  public String getErrorStackApplicationName()
  return "FND";
  public String getErrorStackMessageName()
  return m_errorStackMessageName;
  public boolean validate(String username, String password)
  if(password ==null || password.length() == 0 || username == null || username.length() == 0)
  m_errorStackMessageName = "PASSWORD-INVALID";
  return false;
  if(password.length() < 6)
  m_errorStackMessageName = "PASSWORD-INVALID-LENGTH";
  return false;
  if(!validateLettersAndDigits(password))
  m_errorStackMessageName = "PASSWORD-INVALID-LETTER-NUMBER";
  return false;
  if(!validateNoUsername(username, password))
  m_errorStackMessageName = "PASSWORD-INVALID-USERNAME";
  return false;
  if(!validateNoRepeats(password))
  m_errorStackMessageName = "PASSWORD-INVALID-REPEATS";
  return false;
  return true;
  private boolean validateLettersAndDigits(String p_password)
  boolean flag = false;
  boolean flag1 = false;
  for(int i = 0; i < p_password.length(); i++)
  if(Character.isLetter(p_password.charAt(i)))
  flag = true;
  if(Character.isDigit(p_password.charAt(i)))
  flag1 = true;
  return flag && flag1;
  private boolean validateNoUsername(String p_username, String p_password)
  return p_password.toUpperCase().indexOf(p_username.toUpperCase()) == -1;
  private boolean validateNoRepeats(String p_password)
  for(int i = 1; i < p_password.length(); i++)
  if(p_password.charAt(i) == p_password.charAt(i - 1))
  return false;
  return true;
  private String m_errorStackMessageName;
  }

  Hi Colin,
  We are able to update the password in OIM user profile now. However, after the process is done in java code, it is not redirecting to OAM Password change success page which will have a Back button. Also, we are seeing a Bug Report form page with the content given below:
  Bug Report Form
  An error has occurred while executing the application.
  Your browser doesn't support sending mail automatically!
  Please send E-Mail to <a =""></a> with the following information:
  Your Name
  Organization
  E-Mail Address
  Phone Number
  Comment
  Make sure to append the following traceback in the mail.
  Traceback Traceback is unavailable.
  Product Lost Password ManagementVersion
  Platform Linux
  Any clue as when we will witness this?
  -Mahendra.

• Bringing back an old password validation rule

  Good afternoon
  On our old 4.6C system, there was a password validation rule that stated the first three characters of the password cannot occur in the same order in the user ID. This rule was removed when we upgraded to ECC 6.0
  While the users hated that rule, that rule was a SOX requirement at our company and I would like to have it back. Before I resort to programming user exits, is there a way to reactivate or at least simulate that rule? I cannot use USR40 because not only does it effect all users on the system, it only works on the second logon and not at validation time.
  If programming user exits like EXIT_SAPLSUSF_001 is my only option, where can I get the password at logon time? From my understanding, SAP does not store this in a system value or even a global variable or table to prevent the recording of passwords. While this is a valid security reason, it would solve the resurrection of this password role through programming.
  Please advise.
  Kind Regards
  Moggie

  Hi Moggie,
  > Pending the result of the contract programmer's research, placing a 3 character prefix of each new user ID in table USR40 is looking like the best option, though I do hate to place that kind of check for all user IDS when only one ID really needs that validation rule.
  A problem with that will soon arise when you have for example 10000 user ID's and want the users to have the opportunity to use strong pass-phrases (not just pass-words). Additionally, the passwords are now case-sensitive but the user ID is not. A pass-phrase for users such as "The_D0g_&_Cat_r_FAT" would go undetected even if you have any "THERON's" in the system, but why should it not be allowed? It's a good one!
  Users will soon notice that only passwords which are very cryptic can be used, and they will start writing them down on Post-It's.
  While that is going on... the "real sinners" who dish out weak or the same initial / reset passwords (like "INIT1234") or administrate the users for whom passwords don't change (like "RFC4PROD") will not have any further "idiot-proof" controls as it is only a warning, which is intentional.
  > If the passwords are cycled regularly, adhere to profile values in the instance that encourage strict password rules, and are kept private and secure, it is not a compliance issue to the auditors.
  There you have it. 
  Tell them that. Even if they do use the first 3 bname characters as the first 3 CAPS_ON password characters, they won't be able to do it for long anyway if the password rules are appropriate...
  Incase you are not aware of it, please also take a look at (and search here and SAP notes for) infos about instance parameter login/password_compliance_to_current_policy (e.g. SAP Note 862989). With appropriate minimum password rules (not overkilled - because the system must still be able to generate compliant wizard-passwords!), you will catch the bigger risks than any one 'BSM?????'s in there somewhere....
  Cheers,
  Julius

• Extend WL Authentication Provider Password Validation

  Hi folks
  I'm looking for any advice on how to extend the OOB password validation that is available and documented here:
  http://docs.oracle.com/cd/E12840_01/wls/docs103/secmanage/atn.html#wp1212100
  Specifically we'd like to test whether the desired password has been used in the last 8 they've used and also to enforce that it expire after x days. Any pointers would be much appreciated.
  Thanks,
  Paul

  1- How can an authentication provider supports password validation providers ?
  We decided to make our own authentication provider so I doubt we support it
  Yes, your custom authentication provider will not support it.
  2- How it is suppose to work ?
  Now, when a user change his password (or any of his attributes), we call a stored procedure (DB) which updates the user table ...
  The way I see it, the web application should call the password validation provider before (or instead and then the provider will call the stored procedure)
  Have u configured the a databse authenticator? Looks like you are modifying the password in the database directly ( using stored procedures) so Password Validator will not come in picture at all.

• Does setPasswordChangeRequired(FALSE) overides Password Validity Period?

  Hi,
  If I set setPasswordChangeRequired to FALSE will the Password Validity Period take efect or this users with the setPasswordChangeRequired equals to FALSE will never get asked to change their passwords again?
  Thanx in Advanced!
  Kind Regards,
  Gerardo J

  Hi Gerardo ,
  How did you got around this issue. Can you share your solution/ideas.
  Thanks
  Srinivas

• Reg ex for password validation

  hi help me for password validation......
  Password should contain 6 to 8 characters, at least one letter and at least one number, contain no spaces and no special characters (e.g. &, >, *,$)

  String[] tests = {"abc1def", "2abcdef", "abcdef", "123456"};
  for(String t: tests) {
    if(t.matches("^(?=\\D*\\d)(?=[^a-zA-Z]*[a-zA-Z]).*$")) {
      System.out.println("Accepted: "+t);
    } else {
      System.out.println("Rejected: "+t);
  // Accepted: abc1def
  // Accepted: 2abcdef
  // Rejected: abcdef
  // Rejected: 123456@OP: this does not answer your question, but it will get you started. Try to finish it yourself.

• RegEx IP validation

  Hi All,
  I am using the following RegEx for validation of IP address, it is not validating
  {^(d|[1-9]d|1dd|2[0-4]d|25[0-5]).(d|[1-9]d|1dd|2[0-4]d|25[0-5])
  .(d|[1-9]d|1dd|2[0-4]d|25[0-5]).(d|[1-9]d|1dd|2[0-4]d|25[0-5])$}
  Any Info?
  a®

  Hi a®s,
  You can see a lot of example here regular-expressions.info.
  We can find the follow sample:
  IP Addresses
  - Matching an IP address is another good example of a trade-off between regex complexity and exactness.
  d{1,3}.d{1,3}.d{1,3}.d{1,3}
  will match any IP address just fine, but will also match 999.999.999.999 as if it were a valid IP address. Whether this is a problem depends on the files or data you intend to apply the regex to.
  - To restrict all 4 numbers in the IP address to 0..255, you can use this complex beast:
  (25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?) 
  Analyze this regular expression with RegexBuddy (everything on a single line). The long regex stores each of the 4 numbers of the IP address into a capturing group. You can use these groups to further process the IP number.
  - If you don't need access to the individual numbers, you can shorten the regex with a quantifier to:
  (?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)
  Analyze this regular expression with RegexBuddy. Similarly, you can shorten the quick regex to
  (?:d{1,3}.){3}d{1,3}
  Analyze this regular expression with RegexBuddy
  Font: http://www.regular-expressions.info/examples.html
  Based on this examples:
  You can do:
  REPORT  zregex.
  DATA ip TYPE string VALUE '10.10.0.10'. " Correct
  DATA ip2 TYPE string VALUE '10.10.0.'. " Incorrect
  DATA ip4 TYPE string VALUE '999.10.0.10'. " Incorrect
  DATA validation TYPE string VALUE ' (25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?) '.
  START-OF-SELECTION.
    "// Test all <IPx>
    FIND REGEX validation IN ip.
    IF sy-subrc IS NOT INITIAL.
      "// Error
    ELSE.
      "// It's OK
    ENDIF.
  As I Copy & Past the code from internet, please don't reward for me !
  Share ours knowledge with all is the SCN's goal
  Best regards.
  Marcelo Ramos

• Custom Attibute with Password Validations

  Hi,
  Is it possible to trigger the password validations for the custom attribute(who's display type as Password) which is defined in OAM objectclass of User Manager Configuration?
  However the custom attribute value passed to LDAP is stored in the form of unencrypted/clear text.
  Any inputs will be appreciated?
  Thanks,
  ABP
  Edited by: user11970322 on 14-Jan-2011 10:33

  Please post ASP.NET questions in the ASP.NET forums (http://forums.asp.net ).

• Oracle Regex Item Validation

  Can anyone give me a sample of a regex validation that checks to see whether or not a numeric field begins with 1. I have tried this to no avail.
  ^1[[:digit:]]{6}$
  I am just starting to use regex so forgive me if the above is a really bad attempt. :-)
  Skelbone

  Hi All,
  I've been playing with it a bit and i finally figured it out. I used the following code and it works fine.
  [1]+[[:digit:]]{5}$
  Thanks
  Glenroy

• UserID & Password Validation

  Dear Friends,
  I am developing one application using  module pool programming.
  The initial screen has User ID and Password fields.
  I want to keep the User ID field strictly alphanumeric and have subroutines in place to check that.
  What I want is that the cursor should remain at the User ID field whenever I press TAB or Click on the Password input field after entering a non alphanumerical User ID.
  How can I achieve this?

  That's not the nature of the SAPGui... it works in "block mode" which means the application server (and hence your ABAP) does not see the user's data values until it is sent from the front end... so unless you build your input fields in a front-end control (such as in the demo program SAPHTML_EVENTS_DEMO) and have "loss of focus" style validation in that layer (e.g. via Javascript), you won't be able to do this.
  Jonathan

• Password validation with regular expression

  I'm trying to use a regular expression to validate a password. I've tried a number of different regex's that seem to work elsewhere but do not work in HTML DB. This includes a couple that I wrote and that I found on regex web sites. Specifically, I'm trying to validate that a string has:
  1. at least one special character
  2. at least one numeric character
  3. no more than 6 consecutive characters
  4. has a length between 8 and 14
  Does anyone know why some regular expressions do not work in HTML DB that work elsewhere or has anyone done a regex similar to this in HTML DB.
  Thanks!
  - Brian

  I see, I will use the [0-9] instead. The expression still does not work though. I simplified the expression down to try and figure out what doesn't work and it seems like it's the "?=".
  1. I first entered the expression:
  ([:alnum:]*[0-9])
  This expression just says there must be a number and it works fine in HTML DB.
  2. I extended it to:
  ([:alnum:]*[0-9])([:alnum:]*[a-z])
  This expression says that there must be a number followed by a letter. In this example "1a" works but "a1" does not.
  3. To make it not care about the order I would normally add "?=" like so:
  (?=[:alnum:]*[0-9])(?=[:alnum:]*[a-z])
  This should work for "a1" or "1a" because the ? says the order doesn't matter. When I try this in HTML DB neither "1a" or "a1" work.
  Any ideas?
  Thanks
  - Brian

• Regular Expression needed for a password validator

  Business Rules:
  Password must be at least 8 characters
  Contain at least 1 non alpha character and no spaces.
  Here is what I got so far:
    String regex = "(?=^.{8,}$)((?!.*\\s)(?=.*[^a-zA-Z])(?=.*[a-zA-Z0-9]))^.*$";
          String [] password = new String [7];
          password [0] = "H@ffman1";
          password [1] = "hoffman1";
          password [2] = "Hoffman1";
          password [3] = "Hoffman 1";
          password [4] = "hoffman 1";
          password [5] = "hoffmans";
          password [6] = "123456789";
          for(int i=0; i<password.length; i++){
              Pattern pattern = Pattern.compile(regex.trim());
              Matcher matcher = pattern.matcher(password);
  System.out.println(password[i] + " == " + matcher.matches());
  }Output:
  H@ffman1 == true
  hoffman1 == true
  Hoffman1 == true
  Hoffman 1 == false
  hoffman 1 == false
  hoffmans == true // (This is a problem)
  123456789 == true // (This is a problem)

  YoungWinston wrote:
  prometheuzz wrote:
  which is pretty much what our OldWinston suggested...Actually, I was thinking more along the lines of
  System.out.println( password.matches("^[^\\s]{8,}$")
  && password[i].matches("[^a-zA-Z]") );
  (I may have got the number of backslahes wrong; 'always forget that stuff).Ah, I see. But you probably meant:
  password.matches(".*[^a-zA-Z].*")and they're cryptic enough as it is :-).
  Cryptic? Nah...

• Password validation requirement

  Hi all,
  --> I got a pop up window in which some fields and Save button i s present. Password field also present in them.
  Requirement:
  When Password is changed, it has to be compared to the previous passwords in the Database. If matched wont accept, otherwise accept.
  Problem to be solved:
  The Jsp in which it is present is already directed to some other servlet thru form action attribute.
  Where can i put my java validation code?
  onclick of the save button, a javascript function is called in which some validations are written and if succed then submit() is called.
  Can anyone please give some idea on how to do this?
  Thanks

  Problem to be solved:
  The Jsp in which it is present is already directed to
  some other servlet thru form action attribute.
  Where can i put my java validation code?
  onclick of the save button, a javascript function is
  called in which some validations are written and if
  succed then submit() is called.
  Can anyone please give some idea on how to do this?
  ThanksWell, there's no way to do this securely with JavaScript on the client side. I would do it in the servlet that the page is redirected to. Otherwise, you'll have to write the previous passwords (either plaintext or hashed) to the page so that they can be matched against.

• Confirm password validation

  How can I create confirm password form validation, is there a tool in ADDT to do this?
  User enters password twice to confirm there is no mistake
  Thanks
  Bert

  You may use PL/SQL function returning error text or boolean functions validations to do this.
  something like
  if :P1_email = :P1_emai1 AND :P1_password =:P1_password1 THEN
  return TRUE;
  else
  return FALSE;
  end if;cheers,
  Hari