Applications, especially web applications, require secure passwords. However, users tend to select passwords that are easy to remember. Therefore, the responsibility for choosing a secure password cannot be left to the user. The application has to provide certain policies.

This is what the IPasswordValidator interface is for in JVx. It allows for the creation of security policies for password.

JVx provides a default implementation: DefaultPasswordValidator. The following policies are supported:

Password validation has to be configured as, by default, the system only verifies if the password contains at least one character.

The configuration is done in config.xml of the application:

<securitymanager>
  <class>com.sibvisions.rad.server.security.XmlSecurityManager</class>
 
  <passwordvalidator>
    <class>com.sibvisions.rad.server.security.validation.DefaultPasswordValidator</class>
    <minlength>10</minlength>
    <specialchar>true</specialchar>
    <digit>true</digit>
    <letter>false</letter>
    <mixedcase>false</mixedcase>
    <notequaluser>true</notequaluser>
  </passwordvalidator>
</securitymanager>