Spring Security密码验证(密码中的特殊字符)

时间:2011-08-10 15:47:48

标签: grails spring-security grails-plugin

我最近试图在spring-security-core grails插件中为密码找到 ALLOW 特殊字符的方法。 任何人都可以看到提示在哪里看?

澄清:当我安装spring-security-core时,spring-security-ui grails插件并尝试注册用户提供的简单密码包含[\ w \ d] {,8}我收到错误: Password must have at least one letter, number, and special character: !@#$%^&

4 个答案:

答案 0 :(得分:2)

我认为您应该创建自己的RegisterController,扩展Spring Security UI,如下所示:http://burtbeckwith.github.com/grails-spring-security-ui/docs/manual/guide/10%20Customization.html 

grails s2ui-override Register com.my.package

然后覆盖passwordValidator方法,将验证方法替换为您想要的内容:

if (password && password.length() >= 8 && password.length() <= 64 &&
    (!password.matches('^.*\\p{Alpha}.*$') ||
    !password.matches('^.*\\p{Digit}.*$') || {
    return 'command.password.error.strength'
}

如果您不想在密码中强制使用特殊字符(?!)

吉姆。

答案 1 :(得分:2)

创建的类似问题:http://jira.grails.org/browse/GPSPRINGSECURITYUI-25 更好的解决方案是:

class RegisterController extends grails.plugins.springsecurity.ui.RegisterController {
def index = {
    [command: new RegisterCommand()]
}

static final myPasswordValidator = { String password, command ->
        if (command.username && command.username.equals(password)) {
        return 'command.password.error.username'
    }

    if (password && password.length() >= 8 && password.length() <= 64 &&
            (!password.matches('^.*\\p{Alpha}.*$') ||
                 !password.matches('^.*\\p{Digit}.*$')
             )) {
        return 'command.password.error.strength'
    }
}
 }

      class RegisterCommand {

String username
String email
String password
String password2

static constraints = {
    username blank: false, validator: { value, command ->
    if (value) {
    def User = AH.application.getDomainClass(
                                                     SpringSecurityUtils.securityConfig.userLookup.userDomainClassName).clazz
            if (User.findByUsername(value)) {
                return 'registerCommand.username.unique'
            }
        }
}
    email blank: false, email: true, validator: { value, command ->                                                                                                                                                                                                          
            if (value) {
            def User = AH.application.getDomainClass(
                                                     SpringSecurityUtils.securityConfig.userLookup.userDomainClassName).clazz
            if (User.findByEmail(value)) {
                return 'registerCommand.email.unique'
    }
        }    
}
    password blank: false, minSize: 8, maxSize: 64, validator: RegisterController.myPasswordValidator
password2 validator: RegisterController.password2Validator
}
}



class ResetPasswordCommand {
String username
String password
String password2

static constraints = {
password blank: false, minSize: 8, maxSize: 64, validator: RegisterController.myPasswordValidator
password2 validator: RegisterController.password2Validator
}
}

答案 2 :(得分:1)

做这样的事情呢?

将此添加到您的Config.groovy:

grails.plugin.springsecurity.ui.password.validationRegex='^([a-zA-Z0-9@*#_%])$'
grails.plugin.springsecurity.ui.password.minLength=8
grails.plugin.springsecurity.ui.password.maxLength=64

答案 3 :(得分:0)

您可以在config.groovy中设置参数。这些将覆盖默认参数。例如:

grails.plugin.springsecurity.ui.password.validationRegex='^([a-zA-Z0-9@*#_%])*$'
grails.plugin.springsecurity.ui.password.minLength=8
grails.plugin.springsecurity.ui.password.maxLength=64

这与Jeff先前提供的答案类似,但是在他的qnswer中,有一个星号丢失,这意味着它只会匹配一个字符串。

(我不能将此作为评论添加,因为我没有足够的声誉)

相关问题
最新问题