In previous post under Passay, I showed with example how to use “HaveIBeenPwnedRule” rule.
Just for recap, there is a website “haveibeenpwned.com” that contains a list of real world passwords that were previously used and exposed as part of data breaches. This rule will check user entered
password against that database. If password is already present, the rule validation fails otherwise it passes.
In this post I will explain the purpose of “setAllowOnException” method of “HaveIBeenPwnedRule” rule.
When we validate user entered password using this rule, the tool will make an api call to the website “haveibeenpwned.com”.
Sometimes the api call will be successful sometimes it doesn’t, this depends upon the internet.
When the api call fails due to some reason an exception is thrown and by default the validation fails.
We can change this behavior, we can tell the tool to pass the validation even if there is an error while accessing the api.
We do this by calling “setAllowOnException” method on “HaveIBeenPwnedRule” rule class and pass “true” as an argument.
Below is the main class for your reference.
Main class
package defaultPackage;
import java.util.Scanner;
import org.passay.HaveIBeenPwnedRule;
import org.passay.PasswordData;
import org.passay.PasswordValidator;
import org.passay.RuleResult;
public class Example11 {
public static void main(String[] args) {
HaveIBeenPwnedRule haveIBeenPwnedRule = new HaveIBeenPwnedRule("appName");
haveIBeenPwnedRule.setAllowOnException(true);
PasswordValidator passwordValidator = new PasswordValidator(haveIBeenPwnedRule);
Scanner scanner = new Scanner(System.in);
System.out.println("First test");
System.out.println("Enter password");
String data = scanner.next();
PasswordData passwordData = new PasswordData(data);
RuleResult ruleResult = passwordValidator.validate(passwordData);
System.out.println("Result of password validation: " + ruleResult.isValid());
System.out.println("--------------------------------------");
}
}
Code Recipes Blog 