Table of Contents |
---|
To check the strength of the password (Calculated entropy returned from the algorithm) and return it to the caller while creating an account or updating a user's password.
...
password strengths on their own way.
Add new Inerface "org.apache.cloudstack.security.password.PasswordChecker.java" to "server".
Sample:
<code>
This interface will have the following declaration:
public Float checkPassword(String password);
This interface will have the following config keys which needs to be returned by the Configurable interface so that it gives the flexiblity to enable/enforce this through Configurable UI.
static final ConfigKey<Boolean> PasswordStrengthCheckerEnable = new ConfigKey<Boolean>("Advanced", Boolean.class, "user.password.strength.checker.enable", "false", "To enable password strength check. This will enable to check the strength and return it.", true);
static final ConfigKey<Boolean> PasswordCStrengthCheckerEnforce = new ConfigKey<Boolean>("Advanced", Boolean.class, "user.password.strength.checker.enforce", "false", "To Impose the password strength. This will enforce the password rules to be verified",true);
it is the plugins responsibility to declare the bean that is implementing the above interface with in that plugin.
Currently The integration points are at plugins those implement UserAuthenticator.
The sample Xml configuration to integrate the password checker plugin.
<bean id="SHA256SaltedUserAuthenticator" class="com.cloud.server.auth.SHA256SaltedUserAuthenticator">
<property name="name" value="SHA256SALT"/>
<property name="passwordCheckers" value="#{passwordCheckersRegistry.registered}"/>
</bean></code>