org.apache.jackrabbit.core.security.user.action
Class PasswordValidationAction

java.lang.Object
  org.apache.jackrabbit.core.security.user.action.AbstractAuthorizableAction
      org.apache.jackrabbit.core.security.user.action.PasswordValidationAction

All Implemented Interfaces:

AuthorizableAction

public class PasswordValidationAction
extends AbstractAuthorizableAction

PasswordValidationAction provides a simple password validation mechanism with the following configurable option:

• constraint: a regular expression that can be compiled to a Pattern defining validation rules for a password.

The password validation is executed on user creation and upon password change. It throws a ConstraintViolationException if the password validation fails.

Example configuration:

    <UserManager class="org.apache.jackrabbit.core.security.user.UserPerWorkspaceUserManager">
       <AuthorizableAction class="org.apache.jackrabbit.core.security.user.action.PasswordValidationAction">
          <!--
          password length must be at least 8 chars and it must contain at least
          one upper and one lowercase ASCII character.
          -->
          <param name="constraint" value="^.*(?=.{8,})(?=.*[a-z])(?=.*[A-Z]).*"/>
       </AuthorizableAction>
    </UserManager>
 

See Also:

UserManager.createUser(String, String), User.changePassword(String), User.changePassword(String, String)

Constructor Summary

PasswordValidationAction()

Method Summary

void	onCreate(org.apache.jackrabbit.api.security.user.User user, String password, Session session) Doesn't perform any action.
void	onPasswordChange(org.apache.jackrabbit.api.security.user.User user, String newPassword, Session session) Doesn't perform any action.
void	setConstraint(String constraint) Set the password constraint.

Methods inherited from class org.apache.jackrabbit.core.security.user.action.AbstractAuthorizableAction

onCreate, onRemove

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

PasswordValidationAction

public PasswordValidationAction()

Method Detail

onCreate

public void onCreate(org.apache.jackrabbit.api.security.user.User user,
                     String password,
                     Session session)
              throws RepositoryException

Description copied from class: AbstractAuthorizableAction

Doesn't perform any action.

Specified by:

onCreate in interface AuthorizableAction

Overrides:

onCreate in class AbstractAuthorizableAction

Parameters:

user - The new user that has not yet been persisted; e.g. the associated node is still 'NEW'.

password - The password that was specified upon user creation.

session - The editing session associated with the user manager.

Throws:

RepositoryException - If an error occurs.

See Also:

AuthorizableAction.onCreate(org.apache.jackrabbit.api.security.user.User, String, javax.jcr.Session)

onPasswordChange

public void onPasswordChange(org.apache.jackrabbit.api.security.user.User user,
                             String newPassword,
                             Session session)
                      throws RepositoryException

Description copied from class: AbstractAuthorizableAction

Doesn't perform any action.

Specified by:

onPasswordChange in interface AuthorizableAction

Overrides:

onPasswordChange in class AbstractAuthorizableAction

Parameters:

user - The user that whose password is going to change.

newPassword - The new password as specified in User.changePassword(java.lang.String)

session - The editing session associated with the user manager.

Throws:

RepositoryException - If an exception or error occurs.

See Also:

AuthorizableAction.onPasswordChange(org.apache.jackrabbit.api.security.user.User, String, javax.jcr.Session)

setConstraint

public void setConstraint(String constraint)

Set the password constraint.

Parameters:

constraint - A regular expression that can be used to validate a new password.