Checking whether the password is already used in your application

Posted in Passay

In this post under Passay, I will show with example how to check whether a user entered password is already used in the application or not.

Below is the complete main code for your reference

Main class

1  package defaultPackage;
2  
3  import java.util.ArrayList;
4  import java.util.List;
5  
6  import org.passay.HistoryRule;
7  import org.passay.PasswordData;
8  import org.passay.PasswordData.HistoricalReference;
9  import org.passay.PasswordValidator;
10 import org.passay.RuleResult;
11 
12 public class Example19 {
13     public static void main(String[] args) {
14         PasswordData.HistoricalReference historicalReference1 = new HistoricalReference("afajslf");
15         PasswordData.HistoricalReference historicalReference2 = new HistoricalReference("afafew");
16         PasswordData.HistoricalReference historicalReference3 = new HistoricalReference("jjjkj");
17         PasswordData.HistoricalReference historicalReference4 = new HistoricalReference("nxcvnx");
18         
19         List<PasswordData.Reference> passwordHistory = new ArrayList<>(0);
20         passwordHistory.add(historicalReference1);
21         passwordHistory.add(historicalReference2);
22         passwordHistory.add(historicalReference3);
23         passwordHistory.add(historicalReference4);
24         
25         HistoryRule historyRule = new HistoryRule();
26         PasswordValidator passwordValidator = new PasswordValidator(historyRule);
27         
28         PasswordData passwordData = new PasswordData("hello");
29         passwordData.setPasswordReferences(passwordHistory);
30         
31         RuleResult result = passwordValidator.validate(passwordData);
32         System.out.println(result.isValid());
33         
34         passwordData = new PasswordData("nxcvnx");
35         passwordData.setPasswordReferences(passwordHistory);
36         
37         result = passwordValidator.validate(passwordData);
38         System.out.println(result.isValid());
39     }
40 }

In the above code, from line 14 to 17, I create 4 instances of “PasswordData.HistoricalReference” class named “historicalReference1”, “historicalReference2” etc. Each instance of this class will store the password already used in the application.

From line 19 to 23, We create a list of type “PasswordData.Reference” named “passwordHistory” and add all 4 “historicalReference” instances created in previous step.

Basically this list will contain a list of already used passwords.

At line 25, we create a new rule named “historyRule” which is an instance of “HistoryRule” class.

At line 26, we create an instance of “PasswordValidator” and pass “historyRule” as an constructor argument.

At line 28, we create a new password “hello” and store it in an instance of “PasswordData”

At line 29, we set the list “passwordHistory” to this instance of “PasswordData”.

At line 31, we call the “validate” method available on “passwordValidator” instance and pass the instance of “PasswordDate” created a line 28 as an argument to this method.

At this point, the validator will check whether the password “hello” is already availabe in the list “passwordHistory”. If present validation fails otherwise validation is passed. In this case the password is not present in the list so it passes the validation.

At line 34 and 35, we repeat the same process with new password “nxcvnx”. This time it fails as the password is already present in the list.

In this way we can check whether the password is already used in the application or not.

Unknown's avatar

Published by sumanthprabhakar

Leave a comment