2

I need password validation (for example a password must contain at least 4 chars, max 8 and min 1 numeric digit). I have model (of course with getters and setters):

   @Entity
public class User implements Serializable{


    /**
     * 
     */
    private static final long serialVersionUID = 5534441879591858724L;

    @Id
    @GeneratedValue
    private long id;

    @NotBlank
    @Email
    private String email;

    @Pattern(regexp = "^(?=.*\\d).{4,8}$", flags = Flag.UNICODE_CASE)
    private String password;

    @NotBlank
    @Size(min=2, max=30)
    private String name;

I'm catching ConstraintViolationException during saving user info to database and use informations from this exception to inform the user during registration what fields must be corrected because of invalid length etc.

Everything is ok with validation, but not with password. I checked regex expression out of this model class and it works ok, but when i put this regex into annotation parameter ( @Pattern(regexp = "^(?=.*\\d).{4,8}$", flags = Flag.UNICODE_CASE)) it doesn't work and I have an error:

HHH000346: Error during managed flush [Validation failed for classes [pl.rpf.kingdom.models.User] during persist time for groups [javax.validation.groups.Default, ] List of constraint violations:[ ConstraintViolationImpl{interpolatedMessage='must match "^(?=.*\d).{4,8}$"', propertyPath=password, rootBeanClass=class pl.rpf.kingdom.models.User, messageTemplate='{javax.validation.constraints.Pattern.message}'} ]]

Please help me with understanding this error and maybe you have some idea how to solve this problem.

Improve this question
4
  • You may benefit from reading Reference - Password Validation. I'm not sure why you're capping passwords between 4 and 8 characters... Commented Feb 14, 2018 at 19:49
  • Which password failed the check? Commented Feb 14, 2018 at 19:49
  • Ok. It's only example, regex is not so important now. If it will works with one correct regex i will find better regex for stronger password ;) Commented Feb 14, 2018 at 19:51
  • actualy p.ex pass123 will not work too (it has at least 4, max 8 chars, one number). But I tested it in other class with normal matches() method and it was ok. Only with my annotation it doesn't work. Commented Feb 14, 2018 at 19:54

1 Answer 1

Reset to default
2

Problem was with password encrypting, I forgot about it. Regex matches mathod was always false, because it was trying to compare password after encrypting. I solved problem by putting validation out of model class, before password encrypting. Other way to resolve problem could be using spring @Valid annotation to validate form before trying save it to database (in my situation it could be problematic from other cases).

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

The passwords should be hashed not encrypted.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.