IBM Support

Impose stricter password restrictions on user accounts through custom password policies

Technical Blog Post


Abstract

Impose stricter password restrictions on user accounts through custom password policies

Body

As you aware SB2Bi allows admins/users to create system defined password policies through SB2Bi dashboard's Accounts menu -> Password Policy screen. A policy can be associated with SB2Bi User or SFG Trading Partner. Often times, System admins want to know if these password policy capabilities could be extendable such a way password rules are far stricter. This blog aims to help such requirement.

SB2Bi offers a way to define and integrate custom password policy by implementing a java class for exposed interface. Link to documentation can be accessed here. I am going walk you through sample implementation and steps involved to integrate with SB2Bi.

 

1) Create a java class implementing the SB2Bi Interface "com.sterlingcommerce.woodstock.security.IPasswordPolicyExtension" and define it's API "validateNewPassword(String password, String policyName)" to  meet password requirements. This class doesn't necessarily be defined in SB2Bi installation directory. It could happen in any Java IDE and any folder structure.

Here is sample java class for my password requirements

- must be at least 9 character long. must contain at least once upper-case letter and at least one lower case letter and at least a number and one of special characters from !@#$%&*

I created my class on SB2Bi host machine itself but under a different standalone directory e.g., /opt/workdir/

 

package kk.pwdpolicy.extension;

 

import java.util.regex.Matcher;
import java.util.regex.Pattern;

 

public class IBMPasswordExtension implements com.sterlingcommerce.woodstock.security.IPasswordPolicyExtension {

 

        private static Pattern lowerAlpha = Pattern.compile("[a-z]");
        private static Pattern upperAlpha = Pattern.compile("[A-Z]");
        private static Pattern digit = Pattern.compile("[0-9]");
        private static Pattern special = Pattern.compile ("[!@#$%&*]");
        private static Pattern len = Pattern.compile (".{9,}");

 

        public String validateNewPassword(String password, String policyName) {

                Matcher hasAlpha = lowerAlpha.matcher(password);
                Matcher hasAlpha2 = upperAlpha.matcher(password);
                Matcher hasNumber = digit.matcher(password);
                Matcher hasSp = special.matcher(password);
                Matcher hasNine = len.matcher(password);

                boolean alp = hasAlpha.find();
                boolean alp2 = hasAlpha2.find();
                boolean num = hasNumber.find();
                boolean sp = hasSp.find();
                boolean cnt = hasNine.matches();

                //DEBUG Lines into noapp.log.<datestamp>
                System.out.println("***********\nIBMPasswordExtension.validateNewPassword(S,S) triggered with password : " + password);
                System.out.println(alp?"has lower-case letter":"NO lower-case letter");
                System.out.println(alp2?"has upper-case letter":"NO upper-case letter");
                System.out.println(num?"has number":"NO number");
                System.out.println(sp?"has special character":"NO special character");
                System.out.println(cnt?"has min. of 9 chars":"Less than 9 char long");

                if(alp && alp2 && num && sp && cnt) {
                        System.out.println("password Matches requirement\n***********");
                        return null;
                }
                else {
                        System.out.println("Failing. Due to week password\n************");
                        return "Password must be at least 9 character long with one from each of these 'Uppercase letter', 'Lowercase letter','Number','!@#$%&*'";
                }
        }
}

 

Note : validateNewPassword API returns a String. If it returns null  meaning, password meets requirement. Otherwise it must return error String.

 

2) Compile and create jar file. Sample commands that I ran from /opt/workdir/

<sb2bi_install>/jdk/bin/javac -cp <sb2bi_install>/jar/platform_ifcbase/1_3/platform_ifcbase.jar -d . *.java
<sb2bi_install>/jdk/bin/jar cvf IBMPasswordExtn.jar kk*

 

3) Install jar produced in #2 using install3rdParty.sh script available under <sb2bi_install>/bin folder.

./install3rdParty.sh userExit 1_0 -j /opt/workdir/IBMPasswordExtn.jar

 

4) Enter following line in <sb2bi_install>/properties/customer_overrides.properties. Make sure you enter absolute class name including package name.

security.passwordPolicyExtensionImpl=kk.pwdpolicy.extension.IBMPasswordExtension

 

5) Restart SB2Bi/SFG application

 

This custom password policy would not be listed in dashboard. It is global policy and imposed on all those user accounts that had one of system password policies associated.

 

Note : A password policy created through SB2Bi dashboard must be assigned to user account in order this custom password policy take effect for that particular user. In other words, Custom password policy does not apply to User account unless user has "Policy" assigned (on SB2Bi dashboard).

 

----Testing ---

As you see TestUser had "Sample User Policy" assigned and when admin tries to change his password not meeting password requirements from custom policy, It reported error.

image

Similarly while SFG partner user trying to change password through myfilegateway UI login, it is forcing user to use string password.

image

On similar lines, when TestUser tred to change password through mailbox UI, it is forcing string password requirement as show below.

image

 

System.out lines in custom java class printed in noapp.log.<datetime> file. Sample log for these change password tests look as below.

[2017-06-06 09:27:54.222] ALL 000000000000 GLOBAL_SCOPE ***********
IBMPasswordExtension.validateNewPassword(S,S) triggered with password : Password1
[2017-06-06 09:27:54.222] ALL 000000000000 GLOBAL_SCOPE has lower-case letter
[2017-06-06 09:27:54.222] ALL 000000000000 GLOBAL_SCOPE has upper-case letter
[2017-06-06 09:27:54.222] ALL 000000000000 GLOBAL_SCOPE has number
[2017-06-06 09:27:54.222] ALL 000000000000 GLOBAL_SCOPE NO special character
[2017-06-06 09:27:54.222] ALL 000000000000 GLOBAL_SCOPE has min. of 9 chars
[2017-06-06 09:27:54.222] ALL 000000000000 GLOBAL_SCOPE Failing. Due to week password
************

[2017-06-06 09:28:23.873] ALL 000000000000 GLOBAL_SCOPE ***********
IBMPasswordExtension.validateNewPassword(S,S) triggered with password : Password1#
[2017-06-06 09:28:23.873] ALL 000000000000 GLOBAL_SCOPE has lower-case letter
[2017-06-06 09:28:23.873] ALL 000000000000 GLOBAL_SCOPE has upper-case letter
[2017-06-06 09:28:23.873] ALL 000000000000 GLOBAL_SCOPE has number
[2017-06-06 09:28:23.873] ALL 000000000000 GLOBAL_SCOPE has special character
[2017-06-06 09:28:23.873] ALL 000000000000 GLOBAL_SCOPE has min. of 9 chars
[2017-06-06 09:28:23.873] ALL 000000000000 GLOBAL_SCOPE password Matches requirement
***********

 

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SS3JSW","label":"IBM Sterling B2B Integrator"},"Component":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"","Edition":"","Line of Business":{"code":"LOB59","label":"Sustainability Software"}}]

UID

ibm11121097

Page Feedback