Example - Custom Policy Password

The following example is a custom policy password extension.

The interface com.sterlingcommerce.woodstock.security.PasswordPolicyExtension was added to the system as follows:

public interface IPasswordPolicyExtension {
     * Implements extended validation on passwords and
returns null if password
     * validation is successful. If validation fails,
an error message key
     * that may be looked up in Login_*.properties* should
be returned.
     * @param password - The password string to validate
     * @param policyId - The PWD_POLICY.POLICY_NAME of
the policy associated with the user in case the extension needs
     * @return String Return null if password validation
was successful, the error message key if password validation fails
    public String validateNewPassword (String password,
String policyName);

Returning null from the method indicates that the password was accepted. Returning anything else means the password was not valid.

Example Implementation

package test.policy.extension;
import java.util.regex.Pattern;
public class PwdPolExtnImpl implements com.sterlingcommerce.woodstock.security.IPasswordPolicyExtension
   public String validateNewPassword(String
                  String policyName) {
           // Additional password validation checks
                  boolean match=Pattern.matches(".*[a-z].*",
pwd) && Pattern.matches(".*[A-Z].*", pwd) && (Pattern.matches(".*[0-9].*",
pwd) || Pattern.matches(".*[^A-Za-z0-9].*",pwd));
                  if (match==true) return null;
                  else return "nogood";