- Passay Tutorial
- Passay − Home
- Passay − Overview
- Passay − environment Setup
- Validation/Generation
- Passay − Password Validation
- Passay − Customized Messages
- Passay − M of N Rules
- Passay − Password Generation
- Positive Matching Rules
- passay − AllowedCharacterRule
- Passay − AllowedRegexRule
- Passay −CharacterRule
- passay − LengthRule
- Passay − CharacterCharacteristicsRule
- Passay − LengthComplexityRule
- Negative Matching Rules
- Passay − lllegalCharacterRule
- Passay − NumberRangeRule
- Passay − WhitespaceRule
- Passay − DictionaryRule
- Passay − DictionarySubstringRule
- Passay − HistoryRule
- passay − RepeatCharacterRegexRule
- Passay − usernameRule
- Passay Useful Resources
- Passay - Quick Guide
- Passay - Resources
- Passay - Discussion
Passay − Quick Guide
Passay − Overview
Passay is a Java based Password generation and validation library. It provides comprehensive features list in order to validate/generate passwords and is highly configurable.
Passay Components
Passay API has 3 core components.
Rule − one or more rules which define a password policy rule set.
PasswordValidator − A validator component which validates a password against a given rule set.
PasswordGenerator − A generator component which produces passwords to satisfy a given rule set.
Rule overview
Rules are the foundation blocks for both password validation and generation. There are two broad categories of rules−
Positive match require that passwords satisfy a rule.
Negative match reject passwords that satisfy a rule.
Features
Following are some of the features that Passay library provides.
Password Validation Passay library helps in enforcing a password policy by validating passwords against a configurable rule set. It has a rich set of existing rules for common use-cases. For additional cases, it provides a simple Rule interface to implement the custom rule.
Password Generation − It provides a configurable rule set which can be used to generate passwords as well.
Command Line Tools − It provides tools to automate password policy enforcement.
convenient − Easy to use.
Extensible − All Passay components are extensible.
Supports Internalization − Passay components are internationalization ready.
Passay − Environment Setup
Setup Java
If you are still willing to set up your environment for Java programming language, then this section guides you on how to download and set up Java on your machine. Please follow the steps mentioned below to set up the environment.
Java SE is freely available from the link Download Java. So you download a version based on your operating system.
Follow the instructions to download Java and run the .exe to install Java on your machine. Once you have installed Java on your machine, you would need to set environment variables to point to correct installation directories −
Setting up the Path for Windows 2000/XP
We are assuming that you have installed Java in c:\Program Files\java\jdk directory −
Right-click on 'My Computer' and select 'Properties'.
Click on the 'Environment variables' button under the 'Advanced' tab.
Now, alter the 'Path' variable so that it also contains the path to the Java executable. Example, if the path is currently set to 'C:\WINDOWS\SYSTEM32', then change your path to read 'C:\WINDOWS\SYSTEM32;c:\Program Files\java\jdk\bin'.
Setting up the Path for Windows 95/98/ME
We are assuming that you have installed Java in c:\Program Files\java\jdk directory −
Edit the 'C:\autoexec.bat' file and add the following line at the end − 'SET PATH=%PATH%;C:\Program Files\java\jdk\bin'
Setting up the Path for Linux, UNIX, Solaris, FreeBSD
Environment variable PATH should be set to point to where the Java binaries have been installed. Refer to your shell documentation if you have trouble doing this.
Example, if you use bash as your shell, then you would add the following line to the end of your '.bashrc: export PATH=/path/to/java:$PATH'
Popular Java Editors
To write your Java programs, you need a text editor. There are many sophisticated IDEs available in the market. But for now, you can consider one of the following −
Notepad − On Windows machine you can use any simple text editor like Notepad (Recommended for this tutorial), TextPad.
Netbeans − It is a Java IDE that is open-source and free which can be downloaded from https://www.netbeans.org/index.html.
Eclipse − It is also a Java IDE developed by the eclipse open-source community and can be downloaded from https://www.eclipse.org/.
Download Passay Archive
Download the latest version of Passay jar file from Maven Repository - . In this tutorial, passay-1.6.1.jar is downloaded and copied into C:\> passay folder.
| OS | Archive name |
|---|---|
| Windows | passay-1.6.1.jar |
| Linux | passay-1.6.1.jar |
| Mac | passay-1.6.1.jar |
Set Passay Environment
Set the PASSAY environment variable to point to the base directory location where Passay jar is stored on your machine. Assuming, we've extracted passay-1.6.1.jar in Passay folder on various Operating Systems as follows.
| OS | Output |
|---|---|
| Windows | Set the environment variable PASSAY to C:\Passay |
| Linux | export PASSAY=/usr/local/Passay |
| Mac | export PASSAY=/Library/Passay |
Set CLASSPATH Variable
Set the CLASSPATH environment variable to point to the Passay jar location. Assuming, you have stored passay-1.6.1.jar in Passay folder on various Operating Systems as follows.
| OS | Output |
|---|---|
| Windows | Set the environment variable CLASSPATH to %CLASSPATH%;%Passay%\passay-1.6.1.jar;.; |
| Linux | export CLASSPATH=$CLASSPATH:$PASSAY/passay-1.6.1.jar:. |
| Mac | export CLASSPATH=$CLASSPATH:$PASSAY/passay-1.6.1.jar:. |
Passay - Password Validation
A typical Password policy contains a set of rules to check a password if is compliant with organization rules. Consider the following policy:
Length of password should be in between 8 to 16 characters.
A password should not contain any whitespace.
A password should contains each of the following: upper, lower, digit and a symbol.
Example
The below example shows the validation of a password against above policy using Passay library.
import java.util.ArrayList;
import java.util.List;
import org.passay.CharacterRule;
import org.passay.EnglishCharacterData;
import org.passay.LengthRule;
import org.passay.PasswordData;
import org.passay.PasswordValidator;
import org.passay.Rule;
import org.passay.RuleResult;
import org.passay.WhitespaceRule;
public class PassayExample {
public static void main(String[] args) {
List<Rule> rules = new ArrayList<>();
//Rule 1: Password length should be in between
//8 and 16 characters
rules.add(new LengthRule(8, 16));
//Rule 2: No whitespace allowed
rules.add(new WhitespaceRule());
//Rule 3.a: At least one Upper-case character
rules.add(new CharacterRule(EnglishCharacterData.UpperCase, 1));
//Rule 3.b: At least one Lower-case character
rules.add(new CharacterRule(EnglishCharacterData.LowerCase, 1));
//Rule 3.c: At least one digit
rules.add(new CharacterRule(EnglishCharacterData.Digit, 1));
//Rule 3.d: At least one special character
rules.add(new CharacterRule(EnglishCharacterData.Special, 1));
PasswordValidator validator = new PasswordValidator(rules);
PasswordData password = new PasswordData("Microsoft@123");
RuleResult result = validator.validate(password);
if(result.isValid()){
System.out.println("Password validated.");
}else{
System.out.println("Invalid Password: " + validator.getMessages(result));
}
}
}
Output
Password validated.
Passay − Customized Messages
Passay libary provides a MessageResolver API to override the default messages used by the validator. It can take the path to custom properties file and use the standard keys to override the required message.
Example
The below example shows the validation of a password and show a custom message using Passay library.
messages.properties
INSUFFICIENT_UPPERCASE=Password missing at least %1$s uppercase characters.
PassayExample.java
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.net.URL;
import java.util.ArrayList;
import java.util.List;
import java.util.Properties;
import org.passay.CharacterRule;
import org.passay.EnglishCharacterData;
import org.passay.LengthRule;
import org.passay.MessageResolver;
import org.passay.PasswordData;
import org.passay.PasswordValidator;
import org.passay.PropertiesMessageResolver;
import org.passay.Rule;
import org.passay.RuleResult;
import org.passay.WhitespaceRule;
public class PassayExample {
public static void main(String[] args) throws FileNotFoundException, IOException {
List<Rule> rules = new ArrayList<>();
rules.add(new LengthRule(8, 16));
rules.add(new WhitespaceRule());
rules.add(new CharacterRule(EnglishCharacterData.UpperCase, 1));
rules.add(new CharacterRule(EnglishCharacterData.LowerCase, 1));
rules.add(new CharacterRule(EnglishCharacterData.Digit, 1));
rules.add(new CharacterRule(EnglishCharacterData.Special, 1));
Properties props = new Properties();
props.load(new FileInputStream("E:/Test/messages.properties"));
MessageResolver resolver = new PropertiesMessageResolver(props);
PasswordValidator validator = new PasswordValidator(resolver, rules);
PasswordData password = new PasswordData("microsoft@123");
RuleResult result = validator.validate(password);
if(result.isValid()){
System.out.println("Password validated.");
}else{
System.out.println("Invalid Password: " + validator.getMessages(result));
}
}
}
Output
Invalid Password: [Password missing at least 1 uppercase characters.]
Passay − M of N rules
Many times a password policy mandated compliance to minimum rules out of given rules such as a password must be compliant with at least M of N rules. Consider the following policy.
Length of password should be in between 8 to 16 characters.
A password should not contain any whitespace.
A password should contains at least three of the following: upper, lower, digit or symbol.
Example
The below example shows the validation of a password against above policy using Passay library.
import java.io.FileNotFoundException;
import java.io.IOException;
import org.passay.CharacterCharacteristicsRule;
import org.passay.CharacterRule;
import org.passay.EnglishCharacterData;
import org.passay.LengthRule;
import org.passay.PasswordData;
import org.passay.PasswordValidator;
import org.passay.Rule;
import org.passay.RuleResult;
import org.passay.WhitespaceRule;
public class PassayExample {
public static void main(String[] args) throws FileNotFoundException, IOException {
//Rule 1: Password length should be in between
//8 and 16 characters
Rule rule1 = new LengthRule(8, 16);
//Rule 2: No whitespace allowed
Rule rule2 = new WhitespaceRule();
CharacterCharacteristicsRule rule3 = new CharacterCharacteristicsRule();
//M - Mandatory characters count
rule3.setNumberOfCharacteristics(3);
//Rule 3.a: One Upper-case character
rule3.getRules().add(new CharacterRule(EnglishCharacterData.UpperCase, 1));
//Rule 3.b: One Lower-case character
rule3.getRules().add(new CharacterRule(EnglishCharacterData.LowerCase, 1));
//Rule 3.c: One digit
rule3.getRules().add(new CharacterRule(EnglishCharacterData.Digit, 1));
//Rule 3.d: One special character
rule3.getRules().add(new CharacterRule(EnglishCharacterData.Special, 1));
PasswordValidator validator = new PasswordValidator(rule1, rule2, rule3);
PasswordData password = new PasswordData("microsoft@123");
RuleResult result = validator.validate(password);
if(result.isValid()){
System.out.println("Password validated.");
}else{
System.out.println("Invalid Password: " + validator.getMessages(result));
}
}
}
Output
Password validated.
Passay − Password Generation
PasswordGenerator helps in generating password using given policy. Consider the following policy−
Length of password should be 8 characters.
A password should contains each of the following: upper, lower, digit and a symbol.
Example
The below example shows the generation of a password against above policy using Passay library.
import org.passay.CharacterRule;
import org.passay.EnglishCharacterData;
import org.passay.PasswordGenerator;
public class PassayExample {
public static void main(String[] args) {
CharacterRule alphabets = new CharacterRule(EnglishCharacterData.Alphabetical);
CharacterRule digits = new CharacterRule(EnglishCharacterData.Digit);
CharacterRule special = new CharacterRule(EnglishCharacterData.Special);
PasswordGenerator passwordGenerator = new PasswordGenerator();
String password = passwordGenerator.generatePassword(8, alphabets, digits, special);
System.out.println(password);
}
}
Output
?\DE~@c3
Passay - AllowedCharacterRule
AllowedCharacterRule allows to specify the characters which a password can include. Consider the following example.
Example
The below example shows the validation of a password against above policy using Passay library.
import org.passay.AllowedCharacterRule;
import org.passay.LengthRule;
import org.passay.PasswordData;
import org.passay.PasswordValidator;
import org.passay.Rule;
import org.passay.RuleResult;
public class PassayExample {
public static void main(String[] args) {
//Rule: Password should contains only a, b and c
Rule rule1 = new AllowedCharacterRule(new char[] {'a', 'b', 'c'});
//8 and 16 characters
Rule rule2 = new LengthRule(8, 16);
PasswordValidator validator = new PasswordValidator(rule1, rule2);
PasswordData password = new PasswordData("abcabcab1");
RuleResult result = validator.validate(password);
if(result.isValid()){
System.out.println("Password validated.");
}else{
System.out.println("Invalid Password: " + validator.getMessages(result));
}
}
}
Output
Invalid Password: [Password contains the illegal character '1'.]
Passay − AllowedRegexRule
AllowedRegexRule allows to specify the regular pattern which a password should satisfy. Consider the following example.
Example
The below example shows the validation of a password against above policy using Passay library.
import org.passay.AllowedRegexRule;
import org.passay.LengthRule;
import org.passay.PasswordData;
import org.passay.PasswordValidator;
import org.passay.Rule;
import org.passay.RuleResult;
public class PassayExample {
public static void main(String[] args) {
//Rule: Password should contains alphabets only
Rule rule1 = new AllowedRegexRule("^[A-Za-z]+$");
//8 and 16 characters
Rule rule2 = new LengthRule(8, 16);
PasswordValidator validator = new PasswordValidator(rule1, rule2);
PasswordData password = new PasswordData("microsoft@123");
RuleResult result = validator.validate(password);
if(result.isValid()){
System.out.println("Password validated.");
}else{
System.out.println("Invalid Password: " + validator.getMessages(result));
}
}
}
Output
Invalid Password: [Password must match pattern '^[A-Za-z]+$'.]
Passay − CharacterRule
CharacterRule helps in defining a set of characters and minimum no. of characters required in a password.
Example
The below example shows the validation of a password against above policy using Passay library.
import java.util.ArrayList;
import java.util.List;
import org.passay.CharacterRule;
import org.passay.EnglishCharacterData;
import org.passay.LengthRule;
import org.passay.PasswordData;
import org.passay.PasswordValidator;
import org.passay.Rule;
import org.passay.RuleResult;
import org.passay.WhitespaceRule;
public class PassayExample {
public static void main(String[] args) {
List<Rule> rules = new ArrayList<>();
//Rule 1: Password length should be in between
//8 and 16 characters
rules.add(new LengthRule(8, 16));
//Rule 2: No whitespace allowed
rules.add(new WhitespaceRule());
//Rule 3.a: At least one Upper-case character
rules.add(new CharacterRule(EnglishCharacterData.UpperCase, 1));
//Rule 3.b: At least one Lower-case character
rules.add(new CharacterRule(EnglishCharacterData.LowerCase, 1));
//Rule 3.c: At least one digit
rules.add(new CharacterRule(EnglishCharacterData.Digit, 1));
//Rule 3.d: At least one special character
rules.add(new CharacterRule(EnglishCharacterData.Special, 1));
PasswordValidator validator = new PasswordValidator(rules);
PasswordData password = new PasswordData("Microsoft@123");
RuleResult result = validator.validate(password);
if(result.isValid()){
System.out.println("Password validated.");
}else{
System.out.println("Invalid Password: " + validator.getMessages(result));
}
}
}
Output
Password validated.
Passay − LengthRule
LengthRule helps in defining the minimum and maximum length of a password.
Example
The below example shows the validation of a password against above policy using Passay library.
import java.util.ArrayList;
import java.util.List;
import org.passay.CharacterRule;
import org.passay.EnglishCharacterData;
import org.passay.LengthRule;
import org.passay.PasswordData;
import org.passay.PasswordValidator;
import org.passay.Rule;
import org.passay.RuleResult;
import org.passay.WhitespaceRule;
public class PassayExample {
public static void main(String[] args) {
List<Rule> rules = new ArrayList<>();
//Rule 1: Password length should be in between
//8 and 16 characters
rules.add(new LengthRule(8, 16));
//Rule 2: No whitespace allowed
rules.add(new WhitespaceRule());
//Rule 3.a: At least one Upper-case character
rules.add(new CharacterRule(EnglishCharacterData.UpperCase, 1));
//Rule 3.b: At least one Lower-case character
rules.add(new CharacterRule(EnglishCharacterData.LowerCase, 1));
//Rule 3.c: At least one digit
rules.add(new CharacterRule(EnglishCharacterData.Digit, 1));
//Rule 3.d: At least one special character
rules.add(new CharacterRule(EnglishCharacterData.Special, 1));
PasswordValidator validator = new PasswordValidator(rules);
PasswordData password = new PasswordData("Microsoft@123");
RuleResult result = validator.validate(password);
if(result.isValid()){
System.out.println("Password validated.");
}else{
System.out.println("Invalid Password: " + validator.getMessages(result));
}
}
}
Output
Password validated.
Passay − CharacterCharacteristicsRule
CharacterCharacteristicsRule helps in defining whether a password satisfy given N defined rules or not.
Example
The below example shows the validation of a password against above policy using Passay library.
import java.io.FileNotFoundException;
import java.io.IOException;
import org.passay.CharacterCharacteristicsRule;
import org.passay.CharacterRule;
import org.passay.EnglishCharacterData;
import org.passay.LengthRule;
import org.passay.PasswordData;
import org.passay.PasswordValidator;
import org.passay.Rule;
import org.passay.RuleResult;
import org.passay.WhitespaceRule;
public class PassayExample {
public static void main(String[] args) throws FileNotFoundException, IOException {
//Rule 1: Password length should be in between
//8 and 16 characters
Rule rule1 = new LengthRule(8, 16);
//Rule 2: No whitespace allowed
Rule rule2 = new WhitespaceRule();
CharacterCharacteristicsRule rule3 = new CharacterCharacteristicsRule();
//M - Mandatory characters count
rule3.setNumberOfCharacteristics(3);
//Rule 3.a: One Upper-case character
rule3.getRules().add(new CharacterRule(EnglishCharacterData.UpperCase, 1));
//Rule 3.b: One Lower-case character
rule3.getRules().add(new CharacterRule(EnglishCharacterData.LowerCase, 1));
//Rule 3.c: One digit
rule3.getRules().add(new CharacterRule(EnglishCharacterData.Digit, 1));
//Rule 3.d: One special character
rule3.getRules().add(new CharacterRule(EnglishCharacterData.Special, 1));
PasswordValidator validator = new PasswordValidator(rule1, rule2, rule3);
PasswordData password = new PasswordData("microsoft@123");
RuleResult result = validator.validate(password);
if(result.isValid()){
System.out.println("Password validated.");
}else{
System.out.println("Invalid Password: " + validator.getMessages(result));
}
}
}
Output
Password validated.
Passay − LengthComplexityRule
LengthComplexityRule helps in defining the applicable rule on a password based on its length. Consider the following policy.
If length of password is in between 1 to 5 characters, only lower case alphabets are allowed.
If length of password is in between 6 to 8 characters, then only a, b and c are allowed.
Example
The below example shows the validation of a password against above policy using Passay library.
import org.passay.AllowedCharacterRule;
import org.passay.CharacterRule;
import org.passay.EnglishCharacterData;
import org.passay.LengthComplexityRule;
import org.passay.PasswordData;
import org.passay.PasswordValidator;
import org.passay.RuleResult;
public class PassayExample {
public static void main(String[] args) {
LengthComplexityRule lengthComplexityRule = new LengthComplexityRule();
//Rule: Password of 1 to 5 characters should contains lower case alphabets only
lengthComplexityRule.addRules("[1,5]",
new CharacterRule(EnglishCharacterData.LowerCase, 5));
//8 and 16 characters
lengthComplexityRule.addRules("[6,8]",
new AllowedCharacterRule(new char[] { 'a', 'b', 'c' }));
PasswordValidator validator = new PasswordValidator(lengthComplexityRule);
PasswordData password = new PasswordData("abcdef");
RuleResult result = validator.validate(password);
if(result.isValid()){
System.out.println("Password validated.");
}else{
System.out.println("Invalid Password: " + validator.getMessages(result));
}
}
}
Output
Invalid Password: [ Password contains the illegal character 'd'., Password contains the illegal character 'e'., Password contains the illegal character 'f'., Password meets 0 complexity rules, but 1 are required.]
Passay - IllegalCharacterRule
IllegalCharacterRule allows to specify the characters which are not allowed in a password. Consider the following example.
import org.passay.IllegalCharacterRule;
import org.passay.NumberRangeRule;
import org.passay.PasswordData;
import org.passay.PasswordValidator;
import org.passay.RuleResult;
import org.passay.WhitespaceRule;
public class PassayExample {
public static void main(String[] args) {
//Rule: Special characters like &, <, > are not allowed in a password
IllegalCharacterRule illegalCharacterRule
= new IllegalCharacterRule(new char[] {'&', '<', '>'});
//Rule: 1 to 5 numbers are not allowed
NumberRangeRule numberRangeRule = new NumberRangeRule(1, 5);
//Rule: White spaces are not allowed
WhitespaceRule whitespaceRule = new WhitespaceRule();
PasswordValidator validator
= new PasswordValidator(illegalCharacterRule,numberRangeRule,whitespaceRule);
PasswordData password = new PasswordData("abc&4d ef6");
RuleResult result = validator.validate(password);
if(result.isValid()){
System.out.println("Password validated.");
}else{
System.out.println("Invalid Password: " + validator.getMessages(result));
}
}
}
Output
Invalid Password: [ Password contains the illegal character '&'., Password contains the number '4'., Password contains a whitespace character.]
Passay − NumberRangeRule
NumberRangeRule allows to specify the range of numbers which are not allowed in a password. Consider the following example.
import org.passay.IllegalCharacterRule;
import org.passay.NumberRangeRule;
import org.passay.PasswordData;
import org.passay.PasswordValidator;
import org.passay.RuleResult;
import org.passay.WhitespaceRule;
public class PassayExample {
public static void main(String[] args) {
//Rule: Special characters like &, <, > are not allowed in a password
IllegalCharacterRule illegalCharacterRule
= new IllegalCharacterRule(new char[] {'&', '<', '>'});
//Rule: 1 to 5 numbers are not allowed
NumberRangeRule numberRangeRule = new NumberRangeRule(1, 5);
//Rule: White spaces are not allowed
WhitespaceRule whitespaceRule = new WhitespaceRule();
PasswordValidator validator
= new PasswordValidator(illegalCharacterRule,numberRangeRule,whitespaceRule);
PasswordData password = new PasswordData("abc&4d ef6");
RuleResult result = validator.validate(password);
if(result.isValid()){
System.out.println("Password validated.");
}else{
System.out.println("Invalid Password: " + validator.getMessages(result));
}
}
}
Output
Invalid Password: [ Password contains the illegal character '&'., Password contains the number '4'., Password contains a whitespace character.]
Passay − WhitespaceRule
WhitespaceRule allows to specify that the white spaces are not allowed in a password. Consider the following example.
Example
import org.passay.IllegalCharacterRule;
import org.passay.NumberRangeRule;
import org.passay.PasswordData;
import org.passay.PasswordValidator;
import org.passay.RuleResult;
import org.passay.WhitespaceRule;
public class PassayExample {
public static void main(String[] args) {
//Rule: Special characters like &, <, > are not allowed in a password
IllegalCharacterRule illegalCharacterRule
= new IllegalCharacterRule(new char[] {'&', '<', '>'});
//Rule: 1 to 5 numbers are not allowed
NumberRangeRule numberRangeRule = new NumberRangeRule(1, 5);
//Rule: White spaces are not allowed
WhitespaceRule whitespaceRule = new WhitespaceRule();
PasswordValidator validator
= new PasswordValidator(illegalCharacterRule,numberRangeRule,whitespaceRule);
PasswordData password = new PasswordData("abc&4d ef6");
RuleResult result = validator.validate(password);
if(result.isValid()){
System.out.println("Password validated.");
}else{
System.out.println("Invalid Password: " + validator.getMessages(result));
}
}
}
Output
Invalid Password: [ Password contains the illegal character '&'., Password contains the number '4'., Password contains a whitespace character.]
Passay − DictionaryRule
DictionaryRule allows to check if certain words are not specified as password. Consider the following example.
Example
import org.passay.DictionaryRule;
import org.passay.PasswordData;
import org.passay.PasswordValidator;
import org.passay.RuleResult;
import org.passay.dictionary.ArrayWordList;
import org.passay.dictionary.WordListDictionary;
public class PassayExample {
public static void main(String[] args) {
WordListDictionary wordListDictionary = new WordListDictionary(
new ArrayWordList(new String[] { "password", "username" }));
DictionaryRule dictionaryRule = new DictionaryRule(wordListDictionary);
PasswordValidator validator
= new PasswordValidator(dictionaryRule);
PasswordData password = new PasswordData("password");
RuleResult result = validator.validate(password);
if(result.isValid()){
System.out.println("Password validated.");
}else{
System.out.println("Invalid Password: " + validator.getMessages(result));
}
}
}
Output
Invalid Password: [Password contains the dictionary word 'password'.]
Passay − DictionarySubstringRule
DictionarySubstringRule allows to check if certain words are not part of a password. Consider the following example.
Example
import org.passay.DictionarySubstringRule;
import org.passay.PasswordData;
import org.passay.PasswordValidator;
import org.passay.RuleResult;
import org.passay.dictionary.ArrayWordList;
import org.passay.dictionary.WordListDictionary;
public class PassayExample {
public static void main(String[] args) {
WordListDictionary wordListDictionary = new WordListDictionary(
new ArrayWordList(new String[] { "password", "username" }));
DictionarySubstringRule dictionaryRule = new DictionarySubstringRule(wordListDictionary);
PasswordValidator validator
= new PasswordValidator(dictionaryRule);
PasswordData password = new PasswordData("password@123");
RuleResult result = validator.validate(password);
if(result.isValid()){
System.out.println("Password validated.");
}else{
System.out.println("Invalid Password: " + validator.getMessages(result));
}
}
}
Output
Invalid Password: [Password contains the dictionary word 'password'.]
Passay − HistoryRule
HistoryRule allows to check if given password has not been in use in near past. Consider the following example.
Example
import org.passay.HistoryRule;
import org.passay.PasswordData;
import org.passay.PasswordValidator;
import org.passay.RuleResult;
import org.passay.SourceRule;
public class PassayExample {
public static void main(String[] args) {
SourceRule sourceRule = new SourceRule();
HistoryRule historyRule = new HistoryRule();
PasswordValidator validator
= new PasswordValidator(sourceRule, historyRule);
PasswordData password = new PasswordData("password@123");
password.setPasswordReferences(
new PasswordData.SourceReference("source", "password"),
new PasswordData.HistoricalReference("password@123")
);
RuleResult result = validator.validate(password);
if(result.isValid()){
System.out.println("Password validated.");
}else{
System.out.println("Invalid Password: " + validator.getMessages(result));
}
}
}
Output
Invalid Password: [Password matches one of 1 previous passwords.]
Passay − RepeatCharacterRegexRule
RepeatCharacterRegexRule allows to check if given password has repeated ascii characters. Consider the following example.
Example
import org.passay.LengthRule;
import org.passay.PasswordData;
import org.passay.PasswordValidator;
import org.passay.RepeatCharacterRegexRule;
import org.passay.Rule;
import org.passay.RuleResult;
public class PassayExample {
public static void main(String[] args) {
//Rule: Password should not contain repeated entries
Rule rule1 = new RepeatCharacterRegexRule(3);
//8 and 16 characters
Rule rule2 = new LengthRule(8, 16);
PasswordValidator validator = new PasswordValidator(rule1, rule2);
PasswordData password = new PasswordData("aaefhehhhhh");
RuleResult result = validator.validate(password);
if(result.isValid()){
System.out.println("Password validated.");
}else{
System.out.println("Invalid Password: " + validator.getMessages(result));
}
}
}
Output
Invalid Password: [Password matches the illegal pattern 'hhh'.]
Passay − UsernameRule
UsernameRule ensures that password is not containing the username. Consider the following example.
Example
import org.passay.PasswordData;
import org.passay.PasswordValidator;
import org.passay.Rule;
import org.passay.RuleResult;
import org.passay.UsernameRule;
public class PassayExample {
public static void main(String[] args) {
//Rule: Password should not contain user-name
Rule rule = new UsernameRule();
PasswordValidator validator = new PasswordValidator(rule);
PasswordData password = new PasswordData("microsoft");
password.setUsername("micro");
RuleResult result = validator.validate(password);
if(result.isValid()){
System.out.println("Password validated.");
}else{
System.out.println("Invalid Password: " + validator.getMessages(result));
}
}
}
Output
Invalid Password: [Password contains the user id 'micro'.]