On 12/11/2012 03:46 AM, adrian.c...@sandglass-software.com wrote: > Quoting Jacques Le Roux <jacques.le.r...@les7arts.com>: > >> Adrian Crum wrote: >>> On 12/9/2012 2:59 PM, jler...@apache.org wrote: >>>> Author: jleroux >>>> Date: Sun Dec 9 14:59:52 2012 >>>> New Revision: 1418996 >>>> >>>> URL: http://svn.apache.org/viewvc?rev=1418996&view=rev >>>> Log: >>>> A slightly modified patch from Sumit Pandit for "Additional >>>> Validation for Password : Make password pattern driven" >>>> https://issues.apache.org/jira/browse/OFBIZ-4958 >>>> >>>> Provides an additional validation for password with following >>>> capability to the system: >>>> >>>> Admin can enable/disable pattern based password capability of >>>> system. Configuration will reside in security.property file. >>>> To enable : security.login.password.pattern.enable=true >>>> To disable: security.login.password.pattern.enable=false >>>> >>>> Admin is flexible to provide his pattern string by making pattern >>>> more/less restrictive as per system requirement. Configuration >>>> will reside in security.property file. Example: >>>> security.login.password.pattern=^.*(?=. >>>> {5,})(?=.[a-zA-Z])(?=.[!@#$%^&*]).*$ >>>> >>>> Admin can provide custom error message string which will display >>>> to end user if wrong password is entered. Configuration will >>>> reside in security.properity file. >>>> >>>> jleroux: I quickly handled the error message localisation for the >>>> OOTB case. It's more complicated when the pattern gets >>>> complex... >>>> >>>> Modified: >>>> ofbiz/trunk/framework/common/config/SecurityextUiLabels.xml >>>> >>>> ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LoginServices.java >>>> >>>> ofbiz/trunk/framework/security/config/security.properties >>>> >>> >>> Modified: >>> ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LoginServices.java >>> >>> URL: >>> http://svn.apache.org/viewvc/ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LoginServices.java?rev=1418996&r1=1418995&r2=1418996&view=diff >>> >>> ============================================================================== >>> >>> --- >>> ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LoginServices.java >>> >>> (original) +++ >>> ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LoginServices.java >>> >>> Sun Dec 9 14:59:52 2012 @@ -23,6 +23,8 @@ import java.sql.Timestamp; >>> import java.util.List; import java.util.Locale; import java.util.Map; >>> +import java.util.regex.Matcher; +import java.util.regex.Pattern; >>> import >>> javax.transaction.Transaction; @@ -62,6 +64,8 @@ public class >>> LoginServices { public static final String module = >>> LoginServices.class.getName(); public static final String resource = >>> "SecurityextUiLabels"; + public static boolean usePasswordPattern = >>> "true".equals(UtilProperties.getPropertyValue("security.properties", >>> "security.login.password.pattern.enable")); + public static String >>> passwordPattern = >>> UtilProperties.getPropertyValue("security.properties", >>> "security.login.password.pattern"); >>> >>> >>> Please do not store property values in static class fields - that >>> makes >>> it impossible to change the settings at run-time. >>> >>> -Adrian >> >> Sorry it's a bit more involved than expected for this morning, could >> you please adapt it to follow your need? >> Just curious, are you using PropertyUtils class of Apache commons >> beanutils to modify properties of Java object at runtime? >> >> Read more: >> http://javarevisited.blogspot.com/2012/04/java-propertyutils-example-getting-and.html#ixzz2Ej9FUJIY >> >> > > No, I use a text editor to modify the properties file.
And then you go to /webtools/ and clear a cache item, and expect anything that has previously read the .properties file to get the new value. The way this code is written, is that the value will be read *once* when the class is loaded, and then no new value will ever be read. (this is not directed at Adrian)
