Strong password checking lets you define criteria for new passwords; for example, you can specify that new passwords cannot be duplicates of old ones or contain the same characters as login names.
You can configure and enable rules to define criteria for new passwords, whether created as part of the forced password expiration process or by a user who has just registered.
Setting Required Criteria for New Passwords
The Nucleus components that represent the default rules are shown below. All password rule components are implementations of the atg.security.PasswordRule interface, and they have the Nucleus address /atg/userprofiling/passwordchecker/<RuleName>, for example /atg/userprofiling/passwordchecker/PasswordNotInPreviousNRule.
Rule | Description | Default Value |
|---|---|---|
| The password length must be at least n characters. | 8 |
| The password cannot include the same sequence of characters as the value of the user’s | none |
| The password must include at least one numeric character. The rule is an instance of the class | none |
| The password must include at least one special character such as a question mark. The rule is an instance of the class |
|
| The password must contain both upper- and lowercase characters. | none |
| The password cannot be equal to the previous n passwords. | 3 |
Enabling Password Rule Checking
To enable password rule checking, set the enabled property to true in the /atg/userprofiling/passwordchecker/PasswordRuleChecker component. The following example shows a properties file for this component, which includes an array that lists the rules you want to use to check passwords:
$class.atg.security.PasswordRuleCheckerImpl enabled=true rules+=/atg/userprofiling/passwordchecker/PasswordMinLengthRule,\ /atg/userprofiling/passwordchecker/PasswordMixedCaseRule,\ /atg/userprofiling/passwordchecker/PasswordMustIncludeNumberRule,\ /atg/userprofiling/passwordchecker/PasswordMustIncludeSymbolRule,\ /atg/userprofiling/passwordchecker/PasswordMustNotIncludeLoginRule,\ /atg/userprofiling/passwordchecker/PasswordNotInPreviousNRule
Exclude rules as needed by removing the appropriate line from the array.
Adding New Password Rules
If the preconfigured rules described in the previous section are not sufficient for your sites, you can add additional rules by following the procedures described here.
Create a Java class that follows the template below. It should extend atg.nucleus.GenericService and implement atg.security.PasswordRule.
package customPackage;
import atg.nucleus.GenericService;
import atg.servlet.ServletUtil;
import atg.security.PasswordRule;
public class myPasswordRule extends GenericService implements
PasswordRule {
/**
*
* Checks the given password against a rule
*
* @param password
* @return true if password passes the rule
*/
public boolean checkRule(String password, Map map) {
boolean passed = false;
if (password==null)
return false;
//Do some test
passed = true;
return passed;
}
/**
* Returns the rule description as a message for use in
* a droplet exception for display to user
*/
public String getRuleDescription() {
return ProfileUserMessage.format("myPasswordRule",
ServletUtil.getUserLocale());
}
}Complete the following steps to configure the new class.
Add code to the
CheckRule()method to test the given password according to your criteria.Edit the
getRuleDescription()method to replacemyPasswordRulewith a resource. Set up that resource.Compile the class.
Create a Nucleus properties file for this rule and save to a Nucleus path similar to
/customPackage/MyPasswordRule.properties.Example:
$class=customstuff.myPasswordRuleEdit the Nucleus properties file for the
PasswordCheckerat/atg/userprofiling/passwordchecker/PasswordRuleChecker.properties. Include the new rule in the list of rules to check.$class=atg.userprofiling.PasswordRuleCheckerImpl
rules+=/atg/userprofiling/passwordchecker/PasswordMinLengthRule,\
/atg/userprofiling/passwordchecker/PasswordMixedCaseRule,\
/atg/userprofiling/passwordchecker/PasswordMustIncludeNumberRule,\
/atg/userprofiling/passwordchecker/PasswordMustIncludeSymbolRule,\
/atg/userprofiling/passwordchecker/
PasswordMustNotIncludeLoginRule,\
/atg/userprofiling/passwordchecker/PasswordNotInPreviousNRule,\
/mycustomstuff/MyPasswordRule.properties
