Regex Password validator
I faced some problem while validating a password that will contain minimum 5 characters using regex.
I am using a very simple regex as below:
String REGEX_PATTERN = "(?=.*[a-z|A-Z]{5,}).{8,}";
It says password must contains minimum 5 characters(a-z|A-Z), and password length will be minimum 8 chars.
It is working fine for the string "aasaT124". But fails for the string "aa12sa4T".
Clearly the difference is regex matches only if the characters are sequential.
The String for which validation fails also contains minimum 5 characters but characters are not sequential.
Pls tell me where is the problem in my regex that introduces this problem. I just need to validate simply whether my string contains minimum 5 characters or not independent of any position or sequence.
836548 wrote:
masijade wrote:
836548 wrote:
The regex pattern should be like below :
"(?=.*[a-z|0-9|A-Z]{5,}+).{8,}"
it will work.
That does not fulfill the requirements, however.
Yes you are right..
I think this cannot be achieved using regex (not sure) . You can use the javascript function or java method to validate the password.
As I explained in my first response it most definitely can be achieved using a regex. The change to the OP's original regex is almost trivial!
P.S. Why do people think they need to use '|' inside a character class to mean 'or' ?
Similar Messages
-
Why are errors for password validation in struts 1.2.4 not being displayed
I have the following in my validation.xml file
<field property="passwordconfirm"
depends="required">
<arg0 key="registration.passwordconfirm"/>
</field>
In my jsp I have the following
Password Confirm<html:password property="passwordconfirm" size="10" />
<html:errors property="passwordconfirm"/>
In my ApplicationResources.properties file I have the following
errors.required={0} is required.
registration.firstname = First name
registration.passwordconfim= Password
Other text fields work fine i.e. the errors are shownsorry this should read why no errors shown for password validation in struts 1.2.4.
-
hi,
I am trying to write a custom java file for password validation. when we load it and compile using adadmin the class file is not getting generated.
also, i would like to know how to customize the message that appears.
example PASSWORD-INVALID. I would like to use explanatory message. Where do i define these strings.
package oracle.apps.fnd.security;
import oracle.apps.fnd.common.VersionInfo;
// Referenced classes of package oracle.apps.fnd.security:
// PasswordValidation
public class AppsPasswordValidationCUS
implements PasswordValidation
public String getErrorStackApplicationName()
return "FND";
public String getErrorStackMessageName()
return m_errorStackMessageName;
public boolean validate(String username, String password)
if(password ==null || password.length() == 0 || username == null || username.length() == 0)
m_errorStackMessageName = "PASSWORD-INVALID";
return false;
if(password.length() < 6)
m_errorStackMessageName = "PASSWORD-INVALID-LENGTH";
return false;
if(!validateLettersAndDigits(password))
m_errorStackMessageName = "PASSWORD-INVALID-LETTER-NUMBER";
return false;
if(!validateNoUsername(username, password))
m_errorStackMessageName = "PASSWORD-INVALID-USERNAME";
return false;
if(!validateNoRepeats(password))
m_errorStackMessageName = "PASSWORD-INVALID-REPEATS";
return false;
return true;
private boolean validateLettersAndDigits(String p_password)
boolean flag = false;
boolean flag1 = false;
for(int i = 0; i < p_password.length(); i++)
if(Character.isLetter(p_password.charAt(i)))
flag = true;
if(Character.isDigit(p_password.charAt(i)))
flag1 = true;
return flag && flag1;
private boolean validateNoUsername(String p_username, String p_password)
return p_password.toUpperCase().indexOf(p_username.toUpperCase()) == -1;
private boolean validateNoRepeats(String p_password)
for(int i = 1; i < p_password.length(); i++)
if(p_password.charAt(i) == p_password.charAt(i - 1))
return false;
return true;
private String m_errorStackMessageName;
}Hi Colin,
We are able to update the password in OIM user profile now. However, after the process is done in java code, it is not redirecting to OAM Password change success page which will have a Back button. Also, we are seeing a Bug Report form page with the content given below:
Bug Report Form
An error has occurred while executing the application.
Your browser doesn't support sending mail automatically!
Please send E-Mail to <a =""></a> with the following information:
Your Name
Organization
E-Mail Address
Phone Number
Comment
Make sure to append the following traceback in the mail.
Traceback Traceback is unavailable.
Product Lost Password ManagementVersion
Platform Linux
Any clue as when we will witness this?
-Mahendra. -
Bringing back an old password validation rule
Good afternoon
On our old 4.6C system, there was a password validation rule that stated the first three characters of the password cannot occur in the same order in the user ID. This rule was removed when we upgraded to ECC 6.0
While the users hated that rule, that rule was a SOX requirement at our company and I would like to have it back. Before I resort to programming user exits, is there a way to reactivate or at least simulate that rule? I cannot use USR40 because not only does it effect all users on the system, it only works on the second logon and not at validation time.
If programming user exits like EXIT_SAPLSUSF_001 is my only option, where can I get the password at logon time? From my understanding, SAP does not store this in a system value or even a global variable or table to prevent the recording of passwords. While this is a valid security reason, it would solve the resurrection of this password role through programming.
Please advise.
Kind Regards
MoggieHi Moggie,
> Pending the result of the contract programmer's research, placing a 3 character prefix of each new user ID in table USR40 is looking like the best option, though I do hate to place that kind of check for all user IDS when only one ID really needs that validation rule.
A problem with that will soon arise when you have for example 10000 user ID's and want the users to have the opportunity to use strong pass-phrases (not just pass-words). Additionally, the passwords are now case-sensitive but the user ID is not. A pass-phrase for users such as "The_D0g_&_Cat_r_FAT" would go undetected even if you have any "THERON's" in the system, but why should it not be allowed? It's a good one!
Users will soon notice that only passwords which are very cryptic can be used, and they will start writing them down on Post-It's.
While that is going on... the "real sinners" who dish out weak or the same initial / reset passwords (like "INIT1234") or administrate the users for whom passwords don't change (like "RFC4PROD") will not have any further "idiot-proof" controls as it is only a warning, which is intentional.
> If the passwords are cycled regularly, adhere to profile values in the instance that encourage strict password rules, and are kept private and secure, it is not a compliance issue to the auditors.
There you have it.
Tell them that. Even if they do use the first 3 bname characters as the first 3 CAPS_ON password characters, they won't be able to do it for long anyway if the password rules are appropriate...
Incase you are not aware of it, please also take a look at (and search here and SAP notes for) infos about instance parameter login/password_compliance_to_current_policy (e.g. SAP Note 862989). With appropriate minimum password rules (not overkilled - because the system must still be able to generate compliant wizard-passwords!), you will catch the bigger risks than any one 'BSM?????'s in there somewhere....
Cheers,
Julius -
Extend WL Authentication Provider Password Validation
Hi folks
I'm looking for any advice on how to extend the OOB password validation that is available and documented here:
http://docs.oracle.com/cd/E12840_01/wls/docs103/secmanage/atn.html#wp1212100
Specifically we'd like to test whether the desired password has been used in the last 8 they've used and also to enforce that it expire after x days. Any pointers would be much appreciated.
Thanks,
Paul1- How can an authentication provider supports password validation providers ?
We decided to make our own authentication provider so I doubt we support it
Yes, your custom authentication provider will not support it.
2- How it is suppose to work ?
Now, when a user change his password (or any of his attributes), we call a stored procedure (DB) which updates the user table ...
The way I see it, the web application should call the password validation provider before (or instead and then the provider will call the stored procedure)
Have u configured the a databse authenticator? Looks like you are modifying the password in the database directly ( using stored procedures) so Password Validator will not come in picture at all. -
Does setPasswordChangeRequired(FALSE) overides Password Validity Period?
Hi,
If I set setPasswordChangeRequired to FALSE will the Password Validity Period take efect or this users with the setPasswordChangeRequired equals to FALSE will never get asked to change their passwords again?
Thanx in Advanced!
Kind Regards,
Gerardo JHi Gerardo ,
How did you got around this issue. Can you share your solution/ideas.
Thanks
Srinivas -
Reg ex for password validation
hi help me for password validation......
Password should contain 6 to 8 characters, at least one letter and at least one number, contain no spaces and no special characters (e.g. &, >, *,$)String[] tests = {"abc1def", "2abcdef", "abcdef", "123456"};
for(String t: tests) {
if(t.matches("^(?=\\D*\\d)(?=[^a-zA-Z]*[a-zA-Z]).*$")) {
System.out.println("Accepted: "+t);
} else {
System.out.println("Rejected: "+t);
// Accepted: abc1def
// Accepted: 2abcdef
// Rejected: abcdef
// Rejected: 123456@OP: this does not answer your question, but it will get you started. Try to finish it yourself. -
Hi All,
I am using the following RegEx for validation of IP address, it is not validating
{^(d|[1-9]d|1dd|2[0-4]d|25[0-5]).(d|[1-9]d|1dd|2[0-4]d|25[0-5])
.(d|[1-9]d|1dd|2[0-4]d|25[0-5]).(d|[1-9]d|1dd|2[0-4]d|25[0-5])$}
Any Info?
a®Hi a®s,
You can see a lot of example here regular-expressions.info.
We can find the follow sample:
IP Addresses
- Matching an IP address is another good example of a trade-off between regex complexity and exactness.
d{1,3}.d{1,3}.d{1,3}.d{1,3}
will match any IP address just fine, but will also match 999.999.999.999 as if it were a valid IP address. Whether this is a problem depends on the files or data you intend to apply the regex to.
- To restrict all 4 numbers in the IP address to 0..255, you can use this complex beast:
(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)
Analyze this regular expression with RegexBuddy (everything on a single line). The long regex stores each of the 4 numbers of the IP address into a capturing group. You can use these groups to further process the IP number.
- If you don't need access to the individual numbers, you can shorten the regex with a quantifier to:
(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)
Analyze this regular expression with RegexBuddy. Similarly, you can shorten the quick regex to
(?:d{1,3}.){3}d{1,3}
Analyze this regular expression with RegexBuddy
Font: http://www.regular-expressions.info/examples.html
Based on this examples:
You can do:
REPORT zregex.
DATA ip TYPE string VALUE '10.10.0.10'. " Correct
DATA ip2 TYPE string VALUE '10.10.0.'. " Incorrect
DATA ip4 TYPE string VALUE '999.10.0.10'. " Incorrect
DATA validation TYPE string VALUE ' (25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?) '.
START-OF-SELECTION.
"// Test all <IPx>
FIND REGEX validation IN ip.
IF sy-subrc IS NOT INITIAL.
"// Error
ELSE.
"// It's OK
ENDIF.
As I Copy & Past the code from internet, please don't reward for me !
Share ours knowledge with all is the SCN's goal
Best regards.
Marcelo Ramos -
Custom Attibute with Password Validations
Hi,
Is it possible to trigger the password validations for the custom attribute(who's display type as Password) which is defined in OAM objectclass of User Manager Configuration?
However the custom attribute value passed to LDAP is stored in the form of unencrypted/clear text.
Any inputs will be appreciated?
Thanks,
ABP
Edited by: user11970322 on 14-Jan-2011 10:33Please post ASP.NET questions in the ASP.NET forums (http://forums.asp.net ).
-
Can anyone give me a sample of a regex validation that checks to see whether or not a numeric field begins with 1. I have tried this to no avail.
^1[[:digit:]]{6}$
I am just starting to use regex so forgive me if the above is a really bad attempt. :-)
SkelboneHi All,
I've been playing with it a bit and i finally figured it out. I used the following code and it works fine.
[1]+[[:digit:]]{5}$
Thanks
Glenroy -
Dear Friends,
I am developing one application using module pool programming.
The initial screen has User ID and Password fields.
I want to keep the User ID field strictly alphanumeric and have subroutines in place to check that.
What I want is that the cursor should remain at the User ID field whenever I press TAB or Click on the Password input field after entering a non alphanumerical User ID.
How can I achieve this?That's not the nature of the SAPGui... it works in "block mode" which means the application server (and hence your ABAP) does not see the user's data values until it is sent from the front end... so unless you build your input fields in a front-end control (such as in the demo program SAPHTML_EVENTS_DEMO) and have "loss of focus" style validation in that layer (e.g. via Javascript), you won't be able to do this.
Jonathan -
Password validation with regular expression
I'm trying to use a regular expression to validate a password. I've tried a number of different regex's that seem to work elsewhere but do not work in HTML DB. This includes a couple that I wrote and that I found on regex web sites. Specifically, I'm trying to validate that a string has:
1. at least one special character
2. at least one numeric character
3. no more than 6 consecutive characters
4. has a length between 8 and 14
Does anyone know why some regular expressions do not work in HTML DB that work elsewhere or has anyone done a regex similar to this in HTML DB.
Thanks!
- BrianI see, I will use the [0-9] instead. The expression still does not work though. I simplified the expression down to try and figure out what doesn't work and it seems like it's the "?=".
1. I first entered the expression:
([:alnum:]*[0-9])
This expression just says there must be a number and it works fine in HTML DB.
2. I extended it to:
([:alnum:]*[0-9])([:alnum:]*[a-z])
This expression says that there must be a number followed by a letter. In this example "1a" works but "a1" does not.
3. To make it not care about the order I would normally add "?=" like so:
(?=[:alnum:]*[0-9])(?=[:alnum:]*[a-z])
This should work for "a1" or "1a" because the ? says the order doesn't matter. When I try this in HTML DB neither "1a" or "a1" work.
Any ideas?
Thanks
- Brian -
Regular Expression needed for a password validator
Business Rules:
Password must be at least 8 characters
Contain at least 1 non alpha character and no spaces.
Here is what I got so far:
String regex = "(?=^.{8,}$)((?!.*\\s)(?=.*[^a-zA-Z])(?=.*[a-zA-Z0-9]))^.*$";
String [] password = new String [7];
password [0] = "H@ffman1";
password [1] = "hoffman1";
password [2] = "Hoffman1";
password [3] = "Hoffman 1";
password [4] = "hoffman 1";
password [5] = "hoffmans";
password [6] = "123456789";
for(int i=0; i<password.length; i++){
Pattern pattern = Pattern.compile(regex.trim());
Matcher matcher = pattern.matcher(password);
System.out.println(password[i] + " == " + matcher.matches());
}Output:
H@ffman1 == true
hoffman1 == true
Hoffman1 == true
Hoffman 1 == false
hoffman 1 == false
hoffmans == true // (This is a problem)
123456789 == true // (This is a problem)YoungWinston wrote:
prometheuzz wrote:
which is pretty much what our OldWinston suggested...Actually, I was thinking more along the lines of
System.out.println( password.matches("^[^\\s]{8,}$")
&& password[i].matches("[^a-zA-Z]") );
(I may have got the number of backslahes wrong; 'always forget that stuff).Ah, I see. But you probably meant:
password.matches(".*[^a-zA-Z].*")and they're cryptic enough as it is :-).
Cryptic? Nah... -
Password validation requirement
Hi all,
--> I got a pop up window in which some fields and Save button i s present. Password field also present in them.
Requirement:
When Password is changed, it has to be compared to the previous passwords in the Database. If matched wont accept, otherwise accept.
Problem to be solved:
The Jsp in which it is present is already directed to some other servlet thru form action attribute.
Where can i put my java validation code?
onclick of the save button, a javascript function is called in which some validations are written and if succed then submit() is called.
Can anyone please give some idea on how to do this?
ThanksProblem to be solved:
The Jsp in which it is present is already directed to
some other servlet thru form action attribute.
Where can i put my java validation code?
onclick of the save button, a javascript function is
called in which some validations are written and if
succed then submit() is called.
Can anyone please give some idea on how to do this?
ThanksWell, there's no way to do this securely with JavaScript on the client side. I would do it in the servlet that the page is redirected to. Otherwise, you'll have to write the previous passwords (either plaintext or hashed) to the page so that they can be matched against. -
How can I create confirm password form validation, is there a tool in ADDT to do this?
User enters password twice to confirm there is no mistake
Thanks
BertYou may use PL/SQL function returning error text or boolean functions validations to do this.
something like
if :P1_email = :P1_emai1 AND :P1_password =:P1_password1 THEN
return TRUE;
else
return FALSE;
end if;cheers,
Hari
Maybe you are looking for
-
List all fonts used in the illustrator document
Hi All, Having searched google I can't seem to find what I am after but am hoping someone here might be able to help me. Due to a recent issue with a designer using a font that wasn't part of the brand guidelines for a particular company we would now
-
Hi we have to place Now of Rows Option in Classic Report, Like in Interactive Report Select Creteria We can Choose Rows any idea Please many thanks
-
I'm having this error when I try to remove a blob that was used for a VM in the pass, the VM was already removed and there's nothing using that blob nor even the storage account wh ere the blob is stored. There is currently a lease on the blob and no
-
JConsole not showing notifications
Hi, what could be the reason that JConsole is not showing notifications from a Timer (javax.management.timer.Timer) despite I logged the notifications within the MBean in handleNotification ? Is JConsole even able to show these type of notifications
-
Does anybody have an example to startup a deployed application automatically? For example when your backup is completed at night and want the application to be ready for use. I know that it starts up automatically when the first user tries to use the