Best IT Recipes

Password Strength Check Library

Can anyone recommend a Java library that contains methods that are suitable for checking server-side password strength in webapp. Ideally, the controller should be:

  • customizable, allowing the developer to supply various dictionaries, adjust the weight of various criteria, etc.
  • extensible, allowing to fulfill new criteria if necessary
  • implemented in pure Java
  • fundamentally not interwoven with tag libraries, user interface components or password management functionality
  • compatible with GPL 3 project
  • compatible with spring wiring
  • mavenized (ideally accessible through Maven Central)
+55
java passwords
Jul 08 '10 at 2:21
source share
2 answers

Take a look at vt-password :

  • customizable, allowing the developer to supply various dictionaries, adjust the weight of various criteria, etc. - Partially (yes for custom dictionaries, without weighted criteria)
  • extensible, allowing to apply new criteria if necessary - Yes
  • implemented in pure Java - Yes (and decent javadoc)
  • not fundamentally intertwined with tag libraries, user interface components or password management functionality - Yes
  • compatible with the GPL 3 project - Yes (LGPLv3 / APLv2 with two licenses as of November 2013)
  • compatible with Spring wiring - Looks like
  • mavenized (ideally accessible through Maven Central) - Yes (in the center since version 3.0)


Update using @Stephen C.

The guys who make vt-password have made a number of API improvements since the question was originally given, and one of the results is that classes are much easier to configure using Spring IoC. They also uploaded it to Maven Central: http://mvnrepository.com/artifact/edu.vt.middleware/vt-password

+65
Jul 08 2018-10-10T00:
source share

This is the follow-up answer to say that I used vt-password and I am pleased with the results.

I started with vt-password version 2.0 and hacked it a bit to make it work with Spring wiring and solve thread safety issues that I mentioned in my comments to @Pascal's answer. That was enough to continue.

A few weeks ago, the vt-middleware team released vt-password 3.0, based (in a small part) on my feedback on 2.0. In this new release, all the problems that I was hacked were considered, and now I deleted my local mods and use vt-password 3.0 as is. They also uploaded their materials to Maven Central and improved online documentation.

+10
Dec 09 '10 at 6:54
source share


More articles:


All Articles