一、Passay密码验证框架
<dependency>
<groupId>org.passay</groupId>
<artifactId>passay</artifactId>
<version>1.6.0</version>
</dependency>
二、使用
2.1、新建PasswordConstraintValidator校验器
package com.moss.uaa_security.validation;
import com.moss.uaa_security.annotation.ValidPassword;
import lombok.val;
import org.passay.*;
import javax.validation.ConstraintValidator;
import javax.validation.ConstraintValidatorContext;
import java.util.Arrays;
public class PasswordConstraintValidator implements ConstraintValidator<ValidPassword, String> {
@Override
public void initialize(ValidPassword constraintAnnotation) {
}
@Override
public boolean isValid(String password, ConstraintValidatorContext constraintValidatorContext) {
val validator = new PasswordValidator(Arrays.asList(
new LengthRule(8, 30),
new CharacterRule(EnglishCharacterData.UpperCase, 1),
new CharacterRule(EnglishCharacterData.LowerCase, 1),
new CharacterRule(EnglishCharacterData.Special, 1),
new IllegalSequenceRule(EnglishSequenceData.Alphabetical, 5, false),
new IllegalSequenceRule(EnglishSequenceData.Numerical, 5, false),
new IllegalSequenceRule(EnglishSequenceData.USQwerty, 5, false),
new WhitespaceRule()
));
val result = validator.validate(new PasswordData(password));
return result.isValid();
}
}
2.2、新建ValidPassword注解
package com.moss.uaa_security.annotation;
import com.moss.uaa_security.validation.PasswordConstraintValidator;
import javax.validation.Constraint;
import javax.validation.Payload;
import java.lang.annotation.*;
@Documented
@Retention(RetentionPolicy.RUNTIME)
@Constraint(validatedBy = PasswordConstraintValidator.class)
@Target({ElementType.TYPE, ElementType.FIELD, ElementType.ANNOTATION_TYPE})
public @interface ValidPassword {
String message() default "Invalid Password";
Class<?>[] groups() default {};
Class<? extends Payload>[] payload() default {};
}
2.3、UserDto
package com.moss.uaa_security.domain.dto;
import com.moss.uaa_security.annotation.ValidEmail;
import com.moss.uaa_security.annotation.ValidPassword;
import lombok.Data;
import javax.validation.constraints.NotBlank;
import javax.validation.constraints.NotNull;
import javax.validation.constraints.Size;
import java.io.Serializable;
@Data
public class UserDto implements Serializable {
@NotNull
@NotBlank
@Size(min = 4, max = 50, message = "用户名长度必须在4~50个字符之间")
private String username;
@NotNull
@ValidPassword
private String password;
@NotNull
private String matchingPassword;
@NotNull
@ValidEmail
private String email;
@NotNull
@NotBlank
@Size(min = 4, max = 50, message = "用户名长度必须在4~50个字符之间")
private String name;
}
三、校验密码和重复密码是否相同
3.1、UserDto
package com.moss.uaa_security.domain.dto;
import com.moss.uaa_security.annotation.ValidEmail;
import com.moss.uaa_security.annotation.ValidPassword;
import com.moss.uaa_security.annotation.ValidPasswordMatch;
import lombok.Data;
import javax.validation.constraints.NotBlank;
import javax.validation.constraints.NotNull;
import javax.validation.constraints.Size;
import java.io.Serializable;
@Data
@ValidPasswordMatch
public class UserDto implements Serializable {
@NotNull
@NotBlank
@Size(min = 4, max = 50, message = "用户名长度必须在4~50个字符之间")
private String username;
@NotNull
@ValidPassword
private String password;
private String matchingPassword;
@NotNull
@ValidEmail
private String email;
@NotNull
@NotBlank
@Size(min = 4, max = 50, message = "用户名长度必须在4~50个字符之间")
private String name;
}
3.2、PasswordMatchValidator
package com.moss.uaa_security.validation;
import com.moss.uaa_security.annotation.ValidPasswordMatch;
import com.moss.uaa_security.domain.dto.UserDto;
import javax.validation.ConstraintValidator;
import javax.validation.ConstraintValidatorContext;
public class PasswordMatchValidator implements ConstraintValidator<ValidPasswordMatch, UserDto> {
@Override
public void initialize(ValidPasswordMatch constraintAnnotation) {
}
@Override
public boolean isValid(UserDto userDto, ConstraintValidatorContext constraintValidatorContext) {
return userDto.getPassword().equals(userDto.getMatchingPassword());
}
}
3.3、ValidPasswordMatch
package com.moss.uaa_security.annotation;
import com.moss.uaa_security.validation.PasswordMatchValidator;
import javax.validation.Constraint;
import javax.validation.Payload;
import java.lang.annotation.*;
@Documented
@Retention(RetentionPolicy.RUNTIME)
@Constraint(validatedBy = PasswordMatchValidator.class)
@Target({ElementType.TYPE, ElementType.FIELD, ElementType.ANNOTATION_TYPE})
public @interface ValidPasswordMatch {
String message() default "Password Not Match";
Class<?>[] groups() default {};
Class<? extends Payload>[] payload() default {};
}