“您必须输入密码,密码中至少包含一个小写数字和一个符号” Java EE

我想加强用户注册时的密码要求。

我在servlet Registration.java中编写了以下代码:

  public static boolean checkpassword(password){
        boolean hasNum = false; boolean hasCap = false; boolean hasLow = false; char c; 
        for (int i = 0; i< password.length();i++)
        {
            c = password.charAt(i);
            if (Character.isDigit(c))
            {
                hasNum = true;
            }
            else if (Character.isUpperCase(c)) {

                hasCap = true;
            }
            else if (Character.isLowerCase(c)){

                hasLow = true;
                                }
            else if (hasNum && hasCap && hasLow) {
                return true;
            }

        }
        return false;

    }

但是,我不知道将其放在下面的servlet中的位置:

public class Register extends HttpServlet {
    public void doPost(HttpServletRequest request, HttpServletResponse response)
        throws ServletException, IOException {

        response.setContentType("text/html");
        PrintWriter out = response.getWriter();

        String firstname = request.getParameter("firstname");
        String lastname = request.getParameter("lastname");
        String email = request.getParameter("email");
        String password = request.getParameter("password");
        String password1 = request.getParameter("password1");
        String country = request.getParameter("country");
        String city = request.getParameter("city");
        String address = request.getParameter("address");
        String postalcode = request.getParameter("postalcode");



        if (password == password1 && email.contains("@")) {

            try {
                Class.forName("org.sqlite.JDBC");
                Connection con = DriverManager
                    .getConnection("jdbc:sqlite:/Users/Oussama/login.db");
                PreparedStatement ps = con
                    .prepareStatement("insert into users values(?,?,?,?,?,?,?,?,?)");
                ps.setString(2, firstname);
                ps.setString(3, lastname);
                ps.setString(4, email);
                ps.setString(5, password);
                ps.setString(6, country);
                ps.setString(7, city);
                ps.setString(8, address);
                ps.setString(9, postalcode);

                int i = ps.executeUpdate();
                if (i > 0)
                    out.print("You are successfully registered...");

                } catch (Exception e2) {
                System.out.println(e2);
            }

            out.close();
        }

        else {
            request.setAttribute("errorMessage",
                "Passwords do not match");
            request.getRequestDispatcher("/register.jsp").forward(request,
                response);
        }
    }
}

我尝试将它放在之前和之后,但是仍然有一个错误。

你们知道我将这段代码放在哪里吗(我认为这是可行的)?

先感谢您!

评论
  • svero
    svero 回复

    您检查密码强度的方法不完整。编写如下:

    public static boolean isValidPassword(String password) {
        String pattern = "^(?=.*?\\p{Upper})(?=.*?\\p{Lower})(?=.*?[0-9])(?=.*?\\p{Punct}).{4,}";
        return password.matches(pattern);
    }
    

    说明:

    • At least one upper case letter (?=.*?\\p{Upper})
    • At least one lower case letter (?=.*?\\p{Lower})
    • At least one digit (?=.*?[0-9])
    • At least one special character (?=.*?\\p{Punct})
    • One each of the above makes at least 4 characters mandatory {4,}

    Check Pattern to learn more about regex patterns.

    快速演示:

    public class Main {
        public static void main(String[] args) {
            // Test
            String[] testStrs = { "Hello", "Ab1#", "Abc123", "ABC123$" };
            for (String s : testStrs) {
                System.out.println(s + " -> " + (isValidPassword(s) ? "meets the criteria" : "does not meet the criteria"));
            }
        }
    
        public static boolean isValidPassword(String password) {
            String pattern = "^(?=.*?\\p{Upper})(?=.*?\\p{Lower})(?=.*?[0-9])(?=.*?\\p{Punct}).{4,}";
            return password.matches(pattern);
        }
    }
    

    输出:

    Hello -> does not meet the criteria
    Ab1# -> meets the criteria
    Abc123 -> does not meet the criteria
    ABC123$ -> does not meet the criteria
    

    Never compare strings using == which compares the references; not the content. You have used

    if (password == password1)
    

    应该是

    if (password.equals(password1))
    

    I believe password and password1 pertain to the values from Password and Confirm password input fields. Use the isValidPassword method (mentioned above) as shown below:

    //...
    String password = request.getParameter("password");
    String password1 = request.getParameter("password1");
    //...
    
    if (password.equals(password1) && isValidPassword(password) && email.contains("@")) {
    
        //...
    
    }