Password Strength Checker For a User

Scope

To check the strength of the password (Calculated entropy returned from the algorithm) and return it to the caller while creating an account or updating a user's password.

Try to enable an interface that can be implemented as a plugin and injected at necessary places for any type of password strength checker. This way we can make sure each component/plugin can have plugins to check

password strengths on their own way.

Interface

Add new Inerface "org.apache.cloudstack.security.password.PasswordChecker.java" to "server".

This interface will have the following declaration:

public Float checkPassword(String password);

This interface will have the following config keys which needs to be returned by the Configurable interface so that it gives the flexiblity to enable/enforce this through Configurable UI.

static final ConfigKey<Boolean> PasswordStrengthCheckerEnable = new ConfigKey<Boolean>("Advanced", Boolean.class, "user.password.strength.checker.enable", "false", "To enable password strength check. This will enable to check the strength and return it.", true);

static final ConfigKey<Boolean> PasswordCStrengthCheckerEnforce = new ConfigKey<Boolean>("Advanced", Boolean.class, "user.password.strength.checker.enforce", "false", "To Impose the password strength. This will enforce the password rules to be verified",true);

it is the plugins responsibility to declare the bean that is implementing the above interface with in that plugin.

Integration Points

Currently The integration points are at plugins those implement UserAuthenticator.

plugins/user-authenticators/sha256salted
plugins/user-authenticators/plaintext
plugins/user-authenticators/md5

The sample Xml configuration to integrate the password checker plugin.

Space shortcuts

Child pages

Scope

Interface

Integration Points