On 12/11/2012 6:34 PM, Adam Heath wrote:
On 12/11/2012 03:46 AM, adrian.c...@sandglass-software.com wrote:
Quoting Jacques Le Roux <jacques.le.r...@les7arts.com>:
Adrian Crum wrote:
On 12/9/2012 2:59 PM, jler...@apache.org wrote:
Author: jleroux
Date: Sun Dec 9 14:59:52 2012
New Revision: 1418996
URL: http://svn.apache.org/viewvc?rev=1418996&view=rev
Log:
A slightly modified patch from Sumit Pandit for "Additional
Validation for Password : Make password pattern driven"
https://issues.apache.org/jira/browse/OFBIZ-4958
Provides an additional validation for password with following
capability to the system:
Admin can enable/disable pattern based password capability of
system. Configuration will reside in security.property file.
To enable : security.login.password.pattern.enable=true
To disable: security.login.password.pattern.enable=false
Admin is flexible to provide his pattern string by making pattern
more/less restrictive as per system requirement. Configuration
will reside in security.property file. Example:
security.login.password.pattern=^.*(?=.
{5,})(?=.[a-zA-Z])(?=.[!@#$%^&*]).*$
Admin can provide custom error message string which will display
to end user if wrong password is entered. Configuration will
reside in security.properity file.
jleroux: I quickly handled the error message localisation for the
OOTB case. It's more complicated when the pattern gets
complex...
Modified:
ofbiz/trunk/framework/common/config/SecurityextUiLabels.xml
ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LoginServices.java
ofbiz/trunk/framework/security/config/security.properties
Modified:
ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LoginServices.java
URL:
http://svn.apache.org/viewvc/ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LoginServices.java?rev=1418996&r1=1418995&r2=1418996&view=diff
==============================================================================
---
ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LoginServices.java
(original) +++
ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LoginServices.java
Sun Dec 9 14:59:52 2012 @@ -23,6 +23,8 @@ import java.sql.Timestamp;
import java.util.List; import java.util.Locale; import java.util.Map;
+import java.util.regex.Matcher; +import java.util.regex.Pattern;
import
javax.transaction.Transaction; @@ -62,6 +64,8 @@ public class
LoginServices { public static final String module =
LoginServices.class.getName(); public static final String resource =
"SecurityextUiLabels"; + public static boolean usePasswordPattern =
"true".equals(UtilProperties.getPropertyValue("security.properties",
"security.login.password.pattern.enable")); + public static String
passwordPattern =
UtilProperties.getPropertyValue("security.properties",
"security.login.password.pattern");
Please do not store property values in static class fields - that
makes
it impossible to change the settings at run-time.
-Adrian
Sorry it's a bit more involved than expected for this morning, could
you please adapt it to follow your need?
Just curious, are you using PropertyUtils class of Apache commons
beanutils to modify properties of Java object at runtime?
Read more:
http://javarevisited.blogspot.com/2012/04/java-propertyutils-example-getting-and.html#ixzz2Ej9FUJIY
No, I use a text editor to modify the properties file.
And then you go to /webtools/ and clear a cache item, and expect
anything that has previously read the .properties file to get the new
value.
The way this code is written, is that the value will be read *once*
when the class is loaded, and then no new value will ever be read.
(this is not directed at Adrian)
Thanks Adam.
-Adrian
