From: "Adrian Crum" <adrian.c...@sandglass-software.com> > On 12/11/2012 6:34 PM, Adam Heath wrote: >> On 12/11/2012 03:46 AM, adrian.c...@sandglass-software.com wrote: >>> Quoting Jacques Le Roux <jacques.le.r...@les7arts.com>: >>> >>>> Adrian Crum wrote: >>>>> On 12/9/2012 2:59 PM, jler...@apache.org wrote: >>>>>> Author: jleroux >>>>>> Date: Sun Dec 9 14:59:52 2012 >>>>>> New Revision: 1418996 >>>>>> >>>>>> URL: http://svn.apache.org/viewvc?rev=1418996&view=rev >>>>>> Log: >>>>>> A slightly modified patch from Sumit Pandit for "Additional >>>>>> Validation for Password : Make password pattern driven" >>>>>> https://issues.apache.org/jira/browse/OFBIZ-4958 >>>>>> >>>>>> Provides an additional validation for password with following >>>>>> capability to the system: >>>>>> >>>>>> Admin can enable/disable pattern based password capability of >>>>>> system. Configuration will reside in security.property file. >>>>>> To enable : security.login.password.pattern.enable=true >>>>>> To disable: security.login.password.pattern.enable=false >>>>>> >>>>>> Admin is flexible to provide his pattern string by making pattern >>>>>> more/less restrictive as per system requirement. Configuration >>>>>> will reside in security.property file. Example: >>>>>> security.login.password.pattern=^.*(?=. >>>>>> {5,})(?=.[a-zA-Z])(?=.[!@#$%^&*]).*$ >>>>>> >>>>>> Admin can provide custom error message string which will display >>>>>> to end user if wrong password is entered. Configuration will >>>>>> reside in security.properity file. >>>>>> >>>>>> jleroux: I quickly handled the error message localisation for the >>>>>> OOTB case. It's more complicated when the pattern gets >>>>>> complex... >>>>>> >>>>>> Modified: >>>>>> ofbiz/trunk/framework/common/config/SecurityextUiLabels.xml >>>>>> >>>>>> ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LoginServices.java >>>>>> >>>>>> ofbiz/trunk/framework/security/config/security.properties >>>>>> >>>>> Modified: >>>>> ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LoginServices.java >>>>> >>>>> URL: >>>>> http://svn.apache.org/viewvc/ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LoginServices.java?rev=1418996&r1=1418995&r2=1418996&view=diff >>>>> >>>>> ============================================================================== >>>>> >>>>> --- >>>>> ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LoginServices.java >>>>> >>>>> (original) +++ >>>>> ofbiz/trunk/framework/common/src/org/ofbiz/common/login/LoginServices.java >>>>> >>>>> Sun Dec 9 14:59:52 2012 @@ -23,6 +23,8 @@ import java.sql.Timestamp; >>>>> import java.util.List; import java.util.Locale; import java.util.Map; >>>>> +import java.util.regex.Matcher; +import java.util.regex.Pattern; >>>>> import >>>>> javax.transaction.Transaction; @@ -62,6 +64,8 @@ public class >>>>> LoginServices { public static final String module = >>>>> LoginServices.class.getName(); public static final String resource = >>>>> "SecurityextUiLabels"; + public static boolean usePasswordPattern = >>>>> "true".equals(UtilProperties.getPropertyValue("security.properties", >>>>> "security.login.password.pattern.enable")); + public static String >>>>> passwordPattern = >>>>> UtilProperties.getPropertyValue("security.properties", >>>>> "security.login.password.pattern"); >>>>> >>>>> >>>>> Please do not store property values in static class fields - that >>>>> makes >>>>> it impossible to change the settings at run-time. >>>>> >>>>> -Adrian >>>> Sorry it's a bit more involved than expected for this morning, could >>>> you please adapt it to follow your need? >>>> Just curious, are you using PropertyUtils class of Apache commons >>>> beanutils to modify properties of Java object at runtime? >>>> >>>> Read more: >>>> http://javarevisited.blogspot.com/2012/04/java-propertyutils-example-getting-and.html#ixzz2Ej9FUJIY >>>> >>>> >>> No, I use a text editor to modify the properties file. >> And then you go to /webtools/ and clear a cache item, and expect >> anything that has previously read the .properties file to get the new >> value. >> >> The way this code is written, is that the value will be read *once* >> when the class is loaded, and then no new value will ever be read. >> >> (this is not directed at Adrian) > > Thanks Adam. > > -Adrian
Ha yes indeed, forgot properties are also cached in OFBiz. OK, clearing all properties.UtilProperties*Cache is enough. I will have a new look when I will get a chance, it needs some refactoring... There are a handful of others but none of them seem important Jacques
