Unlike positive matching rules, negative matching rules reject passwords that contain provided characters, regular expressions, entries, etc.
Let's find out what are the negative matching rules:
IllegalCharacterRule – defines all characters that a password mustn't contain
IllegalRegexRule – defines a regular expression which mustn't match
IllegalSequenceRule – checks whether a password has an illegal sequence of characters
NumberRangeRule – defines a range of numbers which a password mustn't contain
WhitespaceRule – checks whether a password contains whitespaces
DictionaryRule – checks whether a password is equal to any dictionary record
DictionarySubstringRule – checks whether a password contain any dictionary record
HistoryRule – checks whether a password contains any historical password reference
DigestHistoryRule – checks whether a password contains any digested historical password reference
SourceRule – checks whether a password contains any source password reference
DigestSourceRule – checks whether a password contains any digest source password reference
UsernameRule – checks whether a password contains a username
RepeatCharacterRegexRule – checks whether a password contains repeated ASCII characters
6.1. Simple Negative Matching Rules
Firstly, we're going to see how we can use simple rules such as IllegalCharacterRule, IllegalRegexRule, etc. Here is a short example:
PasswordValidator passwordValidator = new PasswordValidator(
new IllegalCharacterRule(new char[] { 'a' }),
new NumberRangeRule(1, 10),
new WhitespaceRule()
);
RuleResult validate = passwordValidator.validate(new PasswordData("abcd22 "));
assertFalse(validate.isValid());
assertEquals(
"ILLEGAL_CHAR:{illegalCharacter=a, matchBehavior=contains}",
getDetail(validate, 0));
assertEquals(
"ILLEGAL_NUMBER_RANGE:{number=2, matchBehavior=contains}",
getDetail(validate, 4));
assertEquals(
"ILLEGAL_WHITESPACE:{whitespaceCharacter= , matchBehavior=contains}",
getDetail(validate, 5));
The example shows us how the described rules work. Similarly to positive matching rules, they give us full feedback about validation.
6.2. Dictionary Rules
What if we want to check whether a password is not equal to provided words.
For that reason, the Passay library gives us excellent tools for that. Let's discover DictionaryRule and DictionarySubstringRule:
WordListDictionary wordListDictionary = new WordListDictionary(
new ArrayWordList(new String[] { "bar", "foobar" }));
DictionaryRule dictionaryRule = new DictionaryRule(wordListDictionary);
DictionarySubstringRule dictionarySubstringRule = new DictionarySubstringRule(wordListDictionary);
Do'stlaringiz bilan baham: |