DEV Community

Cover image for Password Validator
sndp
sndp

Posted on

Password Validator

If we wanted to let the user create a password

  • According to our condition/ruleset.
  • Also enabling the user to have a strong password.

We can use a regex pattern to do this; in a web controller class action method or in user's view model and using @Pattern model validation attribute for this password field.

We have validated username requirement in previous post.
Username Validator

  • Let's assume our solution requires its user passwords to have the following password requirements.
Type Constraints
Length of password More than 10 characters
Containing a digit At least one digit
A uppercase letter At least one Uppercase letter
A lowercase letter At least one lowercase letter
A special character At least one $pecial character

Our regex pattern is as below.

String regex = 
"^(?=.*[0-9])(?=.*[a-z])(?=.*[A-Z])(?=.*[@#$%^&-+=()]).{10,}$";
Enter fullscreen mode Exit fullscreen mode
  • The classes that used in this regex pattern are explained below.
^
Enter fullscreen mode Exit fullscreen mode

This denotes the first character of the string.

[0-9]
[a-z]
[A-Z]
Enter fullscreen mode Exit fullscreen mode

To match a digit, match a lowercase letter and a uppercase letter respectively.

[@#$%^&-+=()]
Enter fullscreen mode Exit fullscreen mode

The set of special characters we let the user to have in their password.
Notice that exclamation mark and question mark are excluded.
Therefore, user is not allowed to use those.
So include all allowed special characters inside square brackets.

.
Enter fullscreen mode Exit fullscreen mode

Denotes characters except line breaks (\n or \r)

*
Enter fullscreen mode Exit fullscreen mode

Denotes one or more characters

(?=.*[0-9])
Enter fullscreen mode Exit fullscreen mode

This group contains the number match. In whole password input at least one character should be a digit.
?= is called a 'Positive Lookahead'.
A positive lookahead is a rule to denote the place in which the inside expression comes.
In our problem, the place requirement is negligible.

So in this case inside expression is ".*[0-9]" So it checks the whole input and checks if digits exist.

This applied to lowercase, uppercase, special character groups also.

.{10,}
Enter fullscreen mode Exit fullscreen mode

The length constraint which is that user password should contain 10 or more characters.

$
Enter fullscreen mode Exit fullscreen mode

This denotes the end of the pattern.

The following Java program demonstrates our problem and solution.

import java.util.regex.*;

class Main {
  public static void main(String[] args) {
    String regex = 
    "^(?=.*[0-9])(?=.*[a-z])(?=.*[A-Z])(?=.*[@#$%^&-+=()]).{10,}$";
    Pattern p = Pattern.compile(regex);
    String input = "0aA@123456";
    Matcher m = p.matcher(input);
    String isValidPassword = m.matches() 
    ? "Valid Password" : "Invalid Password";
    System.out.println(isValidPassword);
  }
}
Enter fullscreen mode Exit fullscreen mode

Discussion (1)

Collapse
larsejaas profile image
Lars Ejaas

Cool! Still trying to learn regEx. I do not need it much, but always end up thinking I should learn more about this great tool whenever I really need it!