π announcement - icon
If you're working on a Spring Security (and especially an OAuth) implementation, definitely have a look at the Learn Spring Security course:
>> LEARN SPRING SECURITYeBook β Guide Spring Cloud β NPI EA (cat=Spring Cloud)
eBook β Mockito β NPI EA (tag = Mockito)
π announcement - icon
Mocking is an essential part of unit testing, and the Mockito library makes it easy to write clean and intuitive unit tests for your Java code.
Get started with mocking and improve your application tests using our Mockito guide:
eBook β Java Concurrency β NPI EA (cat=Java Concurrency)
π announcement - icon
Handling concurrency in an application can be a tricky process with many potential pitfalls. A solid grasp of the fundamentals will go a long way to help minimize these issues.
Get started with understanding multi-threaded applications with our Java Concurrency guide:
eBook β Reactive β NPI EA (cat=Reactive)
π announcement - icon
Spring 5 added support for reactive programming with the Spring WebFlux module, which has been improved upon ever since. Get started with the Reactor project basics and reactive programming in Spring Boot:
eBook β Java Streams β NPI EA (cat=Java Streams)
π announcement - icon
Since its introduction in Java 8, the Stream API has become a staple of Java development. The basic operations like iterating, filtering, mapping sequences of elements are deceptively simple to use.
But these can also be overused and fall into some common pitfalls.
To get a better understanding on how Streams work and how to combine them with other language features, check out our guide to Java Streams:
eBook β Jackson β NPI EA (cat=Jackson)
eBook β HTTP Client β NPI EA (cat=Http Client-Side)
eBook β Maven β NPI EA (cat = Maven)
eBook β Persistence β NPI EA (cat=Persistence)
eBook β RwS β NPI EA (cat=Spring MVC)
Course β LS β NPI EA (cat=Jackson)
π announcement - icon
Get started with Spring and Spring Boot, through the Learn Spring course:
>> LEARN SPRINGCourse β RWSB β NPI EA (cat=REST)
π announcement - icon
Explore Spring Boot 3 and Spring 6 in-depth through building a full REST API with the framework:
Course β LSS β NPI EA (cat=Spring Security)
π announcement - icon
Yes, Spring Security can be complex, from the more advanced functionality within the Core to the deep OAuth support in the framework.
I built the security material as two full courses - Core and OAuth, to get practical with these more complex scenarios. We explore when and how to use each feature and code through it on the backing project.
You can explore the course here:
Course β LSD β NPI EA (tag=Spring Data JPA)
π announcement - icon
Spring Data JPA is a great way to handle the complexity of JPA with the powerful simplicity of Spring Boot.
Get started with Spring Data JPA through the guided reference course:
Partner β Moderne β NPI EA (cat=Spring Boot)
π announcement - icon
Refactor Java code safely β and automatically β with OpenRewrite.
Refactoring big codebases by hand is slow, risky, and easy to put off. Thatβs where OpenRewrite comes in. The open-source framework for large-scale, automated code transformations helps teams modernize safely and consistently.
Each month, the creators and maintainers of OpenRewrite at Moderne run live, hands-on training sessions β one for newcomers and one for experienced users. Youβll see how recipes work, how to apply them across projects, and how to modernize code with confidence.
Join the next session, bring your questions, and learn how to automate the kind of work that usually eats your sprint time.
Course β LJB β NPI EA (cat = Core Java)
This article is part of a series:
β’ Spring Security Registration Series
β’ The Registration Process With Spring Security
β’ Registration β Activate a New Account by Email
β’ Spring Security Registration β Resend Verification Email
β’ Registration with Spring Security β Password Encoding
β’ The Registration API becomes RESTful
β’ Spring Security β Reset Your Password
β’ Notify User of Login From New Device or Location
β’ The Registration Process With Spring Security
β’ Registration β Activate a New Account by Email
β’ Spring Security Registration β Resend Verification Email
β’ Registration with Spring Security β Password Encoding
β’ The Registration API becomes RESTful
β’ Spring Security β Reset Your Password
β’ Registration β Password Strength and Rules (current article)
β’ Updating Your Passwordβ’ Notify User of Login From New Device or Location
1. Overview
In this quick tutorial, weβll look at how to implement and show proper password constraints during registration. Things like β the password should contain a special character, or it should be at least 8 characters long.
We want to be able to use powerful password rules β but we donβt want to actually implement these rules manually. So, weβre going to make good use of the mature Passay library.
2. Custom Password Constraint
First β letβs create a custom constraint ValidPassword:
@Documented
@Constraint(validatedBy = PasswordConstraintValidator.class)
@Target({ TYPE, FIELD, ANNOTATION_TYPE })
@Retention(RUNTIME)
public @interface ValidPassword {
String message() default "Invalid Password";
Class<?>[] groups() default {};
Class<? extends Payload>[] payload() default {};
}And use it in the UserDto:
@ValidPassword
private String password;3. Custom Password Validator
Now β letβs use the library to create some powerful password rules without having to actually manually implement any of them.
Weβll create the password validator PasswordConstraintValidator β and weβll define the rules for the password:
public class PasswordConstraintValidator implements ConstraintValidator<ValidPassword, String> {
@Override
public void initialize(ValidPassword arg0) {
}
@Override
public boolean isValid(String password, ConstraintValidatorContext context) {
PasswordValidator validator = new PasswordValidator(Arrays.asList(
new LengthRule(8, 30),
new UppercaseCharacterRule(1),
new DigitCharacterRule(1),
new SpecialCharacterRule(1),
new NumericalSequenceRule(3,false),
new AlphabeticalSequenceRule(3,false),
new QwertySequenceRule(3,false),
new WhitespaceRule()));
RuleResult result = validator.validate(new PasswordData(password));
if (result.isValid()) {
return true;
}
context.disableDefaultConstraintViolation();
context.buildConstraintViolationWithTemplate(
Joiner.on(",").join(validator.getMessages(result)))
.addConstraintViolation();
return false;
}
}Notice how weβre creating the new constraint violation here and disabling the default one as well β in case the password is not valid.
Finally, letβs also add the Passay library into our pom:
<dependency>
<groupId>org.passay</groupId>
<artifactId>passay</artifactId>
<version>1.0</version>
</dependency>For a bit of historical info, Passay is the descendant of the venerable vt-password Java library.
4. JS Password Meter
Now that the server side is done, letβs take a look at the client side and implement a simple βPassword Strengthβ functionality with JavaScript.
Weβll use a simple jQuery plugin β jQuery Password Strength Meter for Twitter Bootstrap β to show the password strength in registration.html:
<input id="password" name="password" type="password"/>
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.11.2/jquery.min.js"></script>
<script src="pwstrength.js"></script>
<script type="text/javascript">
$(document).ready(function () {
options = {
common: {minChar:8},
ui: {
showVerdictsInsideProgressBar:true,
showErrors:true,
errorMessages:{
wordLength: '<spring:message code="error.wordLength"/>',
wordNotEmail: '<spring:message code="error.wordNotEmail"/>',
wordSequences: '<spring:message code="error.wordSequences"/>',
wordLowercase: '<spring:message code="error.wordLowercase"/>',
wordUppercase: '<spring:message code="error.wordUppercase"/>',
wordOneNumber: '<spring:message code="error.wordOneNumber"/>',
wordOneSpecialChar: '<spring:message code="error.wordOneSpecialChar"/>'
}
}
};
$('#password').pwstrength(options);
});
</script>5. Conclusion
And thatβs it β a simple but very useful way to show the strength of the password on the client side and enforce certain password rules on the server side.
The code backing this article is available on GitHub. Once you're logged in as a Baeldung Pro Member, start learning and coding on the project.
Next Β»
Updating Your PasswordΒ« Previous
Spring Security β Reset Your Password
