{{announcement.body}}
{{announcement.title}}

Spring Boot - Custom Password Validator Using Passay Library

DZone 's Guide to

Spring Boot - Custom Password Validator Using Passay Library

Create a simple form with a registration page. Before continuing with this tutorial, you should have a basic understanding of Java with the Spring framework.

· Java Zone ·
Free Resource

Many online web platforms require users to enter a strong password during registration. This strategy helps reduce the vulnerability of user data to any hacking.

In this article, we'll create a simple form with a registration page. Before continuing with this tutorial, you should have a basic understanding of Java with the Spring framework.

What Is Passay ?

Passay is a Java-based password generation and validation library. It builds on the success of vt-password and provides a comprehensive and extensible feature set.

Technology Stack

  • Node.js.
  • Angular 9.
  • Spring Boot 2.
  • Maven 3.6.1.
  • JAVA 8.
  • Git.

Maven Dependency

Use Spring Initializr to generate the spring boot 2 project with the dependencies: web, lombok, spring-boot-starter-validation. 

Then add the Passay dependency to manage validation policies.

XML


You can find all versions here.

Use the UserData class containing the information to verify.

Java


Two important annotations:

  • @PasswordValueMatch: Check if the password and confirmation password match.
  • @ValidPassword: Contains the password validation policy.

Password Validation

Password validation involves creating a PasswordValidator from a rule set, which is simply a list of Rule objects . The @ValidPassword annotation is an annotation validated by the PasswordConstraintValidator.class

Java


Consider the following simple password policy:

  • Length of password should be in between 8 to 16 characters. 
  • A password should not contain any whitespace.
  • A password must contain at least 1 upper-case character.
  • A password must contain at least 1 lower-case character.
  • A password must contain at least 1 digit character.
  • A password must contain at least 1 symbol (special character).
  • Rejects passwords that contain a sequence of >= 5 characters alphabetical  (e.g. abcdef).
  • Rejects passwords that contain a sequence of >= 5 characters numerical   (e.g. 12345).

The PasswordConstraintValidator class contains all previously defined password rules without having to implement them manually.

Java


passay has a list of several rules to help validate passwords. The full list of rules that can be written using Passay can be found on the official website

In addition to password validation, passay allows you to generate a password using a given policy.

Create BaseExceptionHandler.class to catch all exceptions that will be thrown for data validation.

Java


Launch the Backend project. http://localhost:8080/

For this article, I created a signup form with Angular for the front-end. 

Now, Add the Angular project under the src/main folder using the command line:

ng new webapp

After adding the content of the registration form code. run frontend npm start

Open your browser on http://localhost:4200/ and enter an invalid password to verify that validation is working.

Registration error on login


The complete source code can be found in my GitHub repository.

Topics:
angular 9, java, spring boot 2.2, validation policy

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}