Code Recipes Blog

In this post under Passay, I will show with example the purpose and how to use “UsernameRule” class.

When a user register on a website they come up with username and password. They tend to create a password that is easy to remember for example using DOB as password, nick name as password etc.

Sometimes they include the username itself in the password. So for example if the username is “admin”, the password will be “admin@1234”. Here part of the password contains the username itself.

We the application developers shouldn’t allow these kind of passwords. We should instruct the user to create a more strong password.

But how to check whether the user entered password also has username as substring or the string itself or not.

That is where Passay’s “UsernameRule” class come into picture. This class verifies that the password doesn’t contain the username itself.

Below is the complete code that shows how to use “UsernameRule” class.

Main class

1  package defaultPackage;
2  
3  import org.passay.PasswordData;
4  import org.passay.PasswordValidator;
5  import org.passay.RuleResult;
6  import org.passay.UsernameRule;
7  
8  public class Example14 {
9      public static void main(String[] args) {
10         UsernameRule usernameRule = new UsernameRule();
11         PasswordValidator passwordValidator = new PasswordValidator(usernameRule);
12         
13         String username = "rocky";
14         String password = "packard_124";
15         PasswordData passwordData = new PasswordData(username, password);
16         RuleResult ruleResult = passwordValidator.validate(passwordData);
17         System.out.println("Result of password validation: " + ruleResult.isValid());
18         System.out.println("--------------------------------------");
19         
20         password = "rocky_packard_124";
21         passwordData = new PasswordData(username, password);
22         ruleResult = passwordValidator.validate(passwordData);
23         System.out.println("Result of password validation: " + ruleResult.isValid());
24         System.out.println("--------------------------------------");
25     }
26 }

In the above code, at line 10, I create an instance of “UsernameRule” class.

At line 11, I create an instance of “PasswordValidator” class passing the “UsernameRule” class instance as an argument.

At line 13 and 14, I create username and password fields. Here the password doesn’t contain ther username.

At line 15, I created an instance of “PasswordData” class passing the username and password as arguments.

At line 16, I validate the password. Since the password doesn’t contain the username, the result is true.

At line 20, I created another password containing username as a part of the password.

At line 21, I created a new instance of “PasswordData” class passing the same username and new password as arguments.

At line 22, I validate the password. Since the password contains the username, the result is false.

In this way we can verify whether the password contains username or not.