Bookshelf Home | Contents | Index | PDF     

Implementation Guide for Oracle Self-Service E-Billing > Customizing User Management >

Customizing End User and CSR User Passwords

You can customize the password rules for end user and CSR user passwords.

You can modify the strength of a password by customizing the regular expression rule in each form where the end user or CSR user enters a password in Oracle Self-Service E-Billing. You can specify different password validation rules for end user and CSR user passwords. The default password rules requires that the password have at least one capital letter, one lowercase letter, one number, and no spaces.

You can also change the minimum and maximum password lengths, though the minimum password length cannot be less than 7 as required by the Payment Card Industry Data Security Standard (PCI DSS).

You must use the same password validation rule each time an end user or a CSR user enters his or her password. Table 5 lists the form elements you must update in the validation.xml files for each type of password.

Table 5. End User and CSR User XML Form Elements for Validating the Password
Password Type
Use Case
XML Form Element to Update

End User

Enrollment

<form name="setSecQuestionForm">

 

Forgot Password and Reset Password

<form name="ResetPwdForm">

 

Manage Profile

<form name="changePwdForm">

CSR User

CSR Enrollment

<form name="csrAdministratorForm">

 

Manage CSR Profile

<form name="updateSecQuestionForm">

 

CSR Forgot Password and Reset Password

<form name="ResetPwdForm">

 

Reset an Expired CSR Password

<form name="resetExpPwdForm">

To customize end user or CSR user passwords

  1. Edit the validation.xml files, found in the following directories.

    End user passwords:

    • Oracle WebLogic. EDX_HOME\J2EEApps\ebilling\weblogic\ebilling-weblogic-10-6.0.4.ear\ebilling-web-1.0-SNAPSHOT.war\WEB-INF
    • IBM WebSphere. EDX_HOME\J2EEApps\ebilling\websphere\ebilling-websphere-6-6.0.4.ear\ebilling-web-1.0-SNAPSHOT.war\WEB-INF

      CSR user passwords:

    • Oracle WebLogic. EDX_HOME\J2EEApps\csr\weblogic\csr-app-6.0.4.ear\csr-web-1.0-SNAPSHOT.war\WEB-INF
    • IBM WebSphere. EDX_HOME\J2EEApps\csr\websphere\csr-app-6.0.4.ear\csr-web-1.0-SNAPSHOT.war\WEB-INF
  2. In the validation.xml file, modify the following regular expression that validates the password input in each form element for the type of password rule you are setting (end user or CSR user). See Table 5 for a list of form elements to update for each type of password.

    <constant>

    <constant-name>pwd</constant-name>

    <constant-value>^(?=.*?[A-Z])(?=.*?[a-z])(?=.*?[0-9])[^\s]*$</constant-value>

    </constant>

  3. To customize the minimum and maximum password length, update the following code for each form element for the type of password rule you are setting (end user or CSR user):

    <var>

    <var-name>minlength</var-name>

    <var-value>8</var-value> <!-Password minimum length -->

    </var>

    <var>

    <var-name>maxlength</var-name>

    <var-value>24</var-value> <!-Password maximum length -->

    </var>

    <var>

    <var-name>mask</var-name>

    <var-value>${pwd}</var-value>

    </var>

    
Implementation Guide for Oracle Self-Service E-Billing Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Legal Notices.