我必須寫一個密碼驗證服務,這是accepct一定的規則要求:我寫了下面的代碼:密碼驗證服務
@Service
public class PasswordValidatonServiceImpl implements PasswordValidationService {
public static final String EMPTY_OR_NULL_PASSWORD = "Password Should not be empty";
public static final String ERROR_PASSWORD_LENGTH = "Password must be betwee 5 and 12 characters long.";
public static final String ERROR_PASSWORD_CASE = "Password must only contain lowercase letters.";
public static final String ERROR_LETTER_AND_DIGIT = "Password must contain both a letter and a digit.";
public static final String ERROR_PASSWORD_SEQUENCE_REPEATED = "Password must not contain any sequence of characters immediately followed by the same sequence.";
private Pattern checkCasePattern = Pattern.compile("[A-Z]");
private Pattern checkLetterAndDigit = Pattern
.compile("(?=.*[a-z])(?=.*[0-9])");
private Pattern checkSequenceRepetition = Pattern.compile("(\\w{2,})\\1");
/**
* @param password
* @return List<String> This method calls 4 more methods which validates
* password and return list of errors if any.
*/
public List<String> validatePassword(String password) {
List<String> failures = new ArrayList<String>();
if (StringUtils.isEmpty(password)) {
failures.add(EMPTY_OR_NULL_PASSWORD);
return failures;
} else {
checkLength(password, failures);
checkCase(password, failures);
checkLetterAndDigit(password, failures);
checkSequenceRepetition(password, failures);
return failures;
}
}
/**
* @param password
* @param failures
* This method will validate if there are any repeated character
* sequence, if found it will add error message to failures list.
*/
private void checkSequenceRepetition(String password, List<String> failures) {
Matcher matcher = checkSequenceRepetition.matcher(password);
if (matcher.find()) {
failures.add(ERROR_PASSWORD_SEQUENCE_REPEATED);
}
}
/**
* @param password
* @param failures
* This method will validate both letters and characters in
* password, if not found add a error message to the failures
* list.
*/
private void checkLetterAndDigit(String password, List<String> failures) {
Matcher matcher = checkLetterAndDigit.matcher(password);
if (!matcher.find()) {
failures.add(ERROR_LETTER_AND_DIGIT);
}
}
/**
* @param password
* @param failures
* This Method checks upper case and lower case letters in the
* password if there are any Upper case letters it will add error
* message to failures list.
*/
private void checkCase(String password, List<String> failures) {
Matcher matcher = checkCasePattern.matcher(password);
if (matcher.find()) {
failures.add(ERROR_PASSWORD_CASE);
}
}
/**
* @param string
* @param failures
* This Method will checks the length of the string, if string is
* less than 5 or more than 12 characters then it will add error
* message into failures list
*/
private void checkLength(String string, List<String> failures) {
if (string.length() < 5 || string.length() > 12) {
failures.add(ERROR_PASSWORD_LENGTH);
}
}
}
現在我的要求就是讓這個類是可擴展的,所以,在未來,如果我想添加更多規則/取出一些規則,代碼更改應該是最小的。我怎樣才能做到這一點?任何建議表示讚賞。
即使違反了規則,您似乎也會檢查每條規則。如果違反其中一條規則,檢查一個有效的密碼並返回false會更容易嗎? – hamena314
沒有得到你請你詳細說明 – user8579908
大多數只包含小寫字母?長度在5到12個字符之間?挺嚇人的!考慮一下:https://nakedsecurity.sophos.com/2016/08/18/nists-new-password-rules-what-you-need-to-know/ – TheGreatContini