Regexp Java for password validation

Question

I m creating a regexp for password validation to be used in a Java application as a configuration parameter   The regexp is           8          0-9        a-z        A-Z              amp           The password policy is    At least 8 chars Contains at least one digit Contains at least one lower alpha char and one upper alpha char Contains at least one char within a set of special chars        etc   Does not contain space  tab  etc    I   m missing just point 5  I m not able to have the regexp check for space  tab  carriage return  etc   Could anyone help me

User · Answer

You should not use overly complex Regex (if you can avoid them) because they are

hard to read (at least for everyone but yourself)
hard to extend
hard to debug

Although there might be a small performance overhead in using many small regular expressions, the points above outweight it easily.

I would implement like this:

bool matchesPolicy(pwd) {
    if (pwd.length < 8) return false;
    if (not pwd =~ /[0-9]/) return false;
    if (not pwd =~ /[a-z]/) return false;
    if (not pwd =~ /[A-Z]/) return false;
    if (not pwd =~ /[%@$^]/) return false;
    if (pwd =~ /\s/) return false;
    return true;
}

User · Answer

Thanks for all answers  based on all them but extending sphecial characters   SuppressWarnings   quot regexp quot    quot RegExpUnexpectedAnchor quot    quot RegExpRedundantEscape quot    String PASSWORD SPECIAL CHARS    quot        lt  gt  amp     quot            amp               -                             quot   int PASSWORD MIN SIZE   8  String PASSWORD REGEXP    quot        0-9        a-z        A-Z         quot    PASSWORD SPECIAL CHARS    quot        S      quot  PASSWORD MIN SIZE  quot     quot    Unit tested

User · Answer

Java Method ready for you  with parameters  Just copy and paste and set your desired parameters   If you don t want a module  just comment it or add an  if  as done by me for special char                                                                                          Validation Password                                                                                         private static boolean validation Password final String PASSWORD Arg           boolean result   false      try           if  PASSWORD Arg  null                                                          Parameteres             final String MIN LENGHT  8               final String MAX LENGHT  20               final boolean SPECIAL CHAR NEEDED true                                                         Modules             final String ONE DIGIT          0-9              0-9   a digit must occur at least once             final String LOWER CASE          a-z              a-z   a lower case letter must occur at least once             final String UPPER CASE          A-Z              A-Z   an upper case letter must occur at least once             final String NO SPACE         S              S    no whitespace allowed in the entire string               final String MIN CHAR          MIN LENGHT              8   at least 8 characters             final String MIN MAX CHAR          MIN LENGHT         MAX LENGHT             5 10  represents minimum of 5 characters and maximum of 10 characters              final String SPECIAL CHAR              if  SPECIAL CHAR NEEDED  true  SPECIAL CHAR               amp                      amp      a special character must occur at least once             else SPECIAL CHAR                                                           Pattern               String pattern          0-9        a-z        A-Z              amp          S     8                 final String PATTERN   ONE DIGIT   LOWER CASE   UPPER CASE   SPECIAL CHAR   NO SPACE   MIN MAX CHAR                                                      result   PASSWORD Arg matches PATTERN                                                                catch  Exception ex            result false             return result

User · Answer

For anyone interested in minimum requirements for each type of character  I would suggest making the following extension over Tomalak s accepted answer           0-9    d          a-z    d          A-Z    d           0-9a-zA-Z    d       S      d      Notice that this is a formatting string and not the final regex pattern  Just substitute  d with the minimum required occurrences for  digits  lowercase  uppercase  non-digit character  and entire password  respectively   Maximum occurrences are unlikely  unless you want a max of 0  effectively rejecting any such characters  but those could be easily added as well  Notice the extra grouping around each type so that the min max constraints allow for non-consecutive matches  This worked wonders for a system where we could centrally configure how many of each type of character we required and then have the website as well as two different mobile platforms fetch that information in order to construct the regex pattern based on the above formatting string

User · Answer

Sample code block for strong password         0-9        a-z        A-Z         a-zA-Z0-9       S     6 18     at least 6 digits up to 18 digits one number one lowercase one uppercase can contain all special characters

User · Answer

I think this can do it also  as a simpler mode           d       a-z        A-Z              amp        s  8       Regex Demo

User · Answer

Password Requirement     Password should be at least eight  8  characters in length where the system can support it  Passwords must include characters from at least two  2  of these groupings  alpha  numeric  and special characters           8         d       a-zA-Z        8         d              amp         8         a-zA-Z               amp          I tested it and it works

User · Answer

Also You Can Do like This    public boolean isPasswordValid String password          String regExpn                       0-9        a-z        A-Z              amp          S     8           CharSequence inputStr   password       Pattern pattern   Pattern compile regExpn Pattern CASE INSENSITIVE       Matcher matcher   pattern matcher inputStr        if matcher matches            return true      else         return false

User · Answer

String s pwd  int n 0  for int i 0 i lt s length   i          if  Character isDigit s charAt i                   n 5          break            else                for int i 0 i lt s length   i          if  Character isLetter s charAt i                   n  5          break            else                  if n  10        out print  Password format correct  lt b gt Accepted lt  b gt  lt br gt        else       out print  Password must be alphanumeric  lt b gt Declined lt  b gt  lt br gt         Explanation    First set the password as a string and create integer set o  Then check the each and every char by for loop  If it finds number in the string then the n add 5  Then jump to the next for loop  Character isDigit s charAt i   This loop check any alphabets placed in the string  If its find then add one more 5 in n  Character isLetter s charAt i   Now check the integer n by the way of if condition  If n 10 is true given string is alphanumeric else its not

User · Answer

This one checks for every special character           0-9        a-z        A-Z      S      A-Za-z0-9   8

User · Answer

Use Passay library which is powerful api

User · Answer

A more general answer which accepts all the special characters including   would be slightly different         0-9        a-z        A-Z         W         S     8    The difference        W      translates to  quot at least one of all the special characters including the underscore quot

User · Answer

easy one   quot          0-9          a-z          A-Z            W      S  8 10   quot         anything     - gt means positive looks forward in all input string and make sure for this condition is written  sample      0-9  - gt  means ensure one digit number is written in the all string if not written return false         anything   - gt  vise versa  means negative looks forward if condition is written return false  close meaning   condition  condition  condition  condition   S  8 10

User · Answer

Try this          0-9        a-z        A-Z              amp         S     8      Explanation                       start-of-string       0-9           a digit must occur at least once       a-z           a lower case letter must occur at least once       A-Z           an upper case letter must occur at least once             amp         a special character must occur at least once     S               no whitespace allowed in the entire string   8                 anything  at least eight places though                     end-of-string   It s easy to add  modify or remove individual rules  since every rule is an independent  module    The       xyz   construct eats the entire string      and backtracks to the first occurrence where  xyz  can match  It succeeds if  xyz  is found  it fails otherwise    The alternative would be using a reluctant qualifier         xyz    For a password check  this will hardly make any difference  for much longer strings it could be the more efficient variant   The most efficient variant  but hardest to read and maintain  therefore the most error-prone  would be      xyz   xyz    of course  For a regex of this length and for this purpose  I would dis-recommend doing it that way  as it has no real benefits

User · Answer

All the previously given answers use the same  correct  technique to use a separate lookahead for each requirement   But they contain a couple of inefficiencies and a potentially massive bug  depending on the back end that will actually use the password   I ll start with the regex from the accepted answer          0-9        a-z        A-Z              amp         S     8      First of all  since Java supports  A and  z I prefer to use those to make sure the entire string is validated  independently of Pattern MULTILINE   This doesn t affect performance  but avoids mistakes when regexes are recycled    A      0-9        a-z        A-Z              amp         S     8   z   Checking that the password does not contain whitespace and checking its minimum length can be done in a single pass by using the all at once by putting variable quantifier  8   on the shorthand  S that limits the allowed characters    A      0-9        a-z        A-Z              amp      S 8   z   If the provided password does contain a space  all the checks will be done  only to have the final check fail on the space   This can be avoided by replacing all the dots with  S    A    S  0-9      S  a-z      S  A-Z      S        amp      S 8   z   The dot should only be used if you really want to allow any character   Otherwise  use a  negated  character class to limit your regex to only those characters that are really permitted   Though it makes little difference in this case  not using the dot when something else is more appropriate is a very good habit   I see far too many cases of catastrophic backtracking because the developer was too lazy to use something more appropriate than the dot   Since there s a good chance the initial tests will find an appropriate character in the first half of the password  a lazy quantifier can be more efficient    A    S   0-9      S   a-z      S   A-Z      S         amp      S 8   z   But now for the really important issue  none of the answers mentions the fact that the original question seems to be written by somebody who thinks in ASCII   But in Java strings are Unicode   Are non-ASCII characters allowed in passwords   If they are  are only ASCII spaces disallowed  or should all Unicode whitespace be excluded   By default  s matches only ASCII whitespace  so its inverse  S matches all Unicode characters  whitespace or not  and all non-whitespace ASCII characters   If Unicode characters are allowed but Unicode spaces are not  the UNICODE CHARACTER CLASS flag can be specified to make  S exclude Unicode whitespace   If Unicode characters are not allowed  then   x21- x7E  can be used instead of  S to match all ASCII characters that are not a space or a control character   Which brings us to the next potential issue  do we want to allow control characters   The first step in writing a proper regex is to exactly specify what you want to match and what you don t   The only 100  technically correct answer is that the password specification in the question is ambiguous because it does not state whether certain ranges of characters like control characters or non-ASCII characters are permitted or not

User · Answer

simple example using regex  public class passwordvalidation       public static void main String   args          String passwd    aaZZa44           String pattern          0-9        a-z        A-Z              amp          S     8           System out println passwd matches pattern             Explanations          0-9   a digit must occur at least once       a-z   a lower case letter must occur at least once       A-Z   an upper case letter must occur at least once             amp      a special character must occur at least once      S    no whitespace allowed in the entire string   8   at least 8 characters

User · Answer

RegEx is -            d       a-z        A-Z              amp           s  8       at least 8 digits  8   at least one number       d  at least one lowercase       a-z   at least one uppercase        A-Z   at least one special character             amp      No space    s

[java] Regexp Java for password validation

Examples related to java

Examples related to regex