-1

I have a regular expression right now that enforces a requirement on a password in my Java application.

I want to now modify this expression so it reflects this policy:

at least 7 characters contains characters in three or more of the following character classes:

(a-z), (A-Z), (0-9), (@#$,. )

and the character at the beginning or end do not count towards its character class.

Is this too complex for a regular expression? If not, how can I modify my existing to adhere to the new one?

Thanks

Here is my current:

String credPattern = "((?=.*\\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[@#$%,.]).{7,})";
pattern = Pattern.compile(credPattern);
Matcher matcher = pattern.matcher(pw);
Seephor
  • 1,692
  • 3
  • 28
  • 50
  • 6
    Obligatory xkcd comic : https://xkcd.com/936/ – pyb Sep 10 '15 at 22:45
  • If you're having issues creating the regex, you'll have some more when you'll need to update it. I suggest you use a library for that. See http://stackoverflow.com/questions/3200292/password-strength-checking-library – pyb Sep 10 '15 at 22:47
  • Why use a regex when a trivial piece if Java code can perform the same validation, while being simpler to read, and maintain? – Malt Sep 10 '15 at 23:00
  • @Malt that is what I ended up doing. – Seephor Sep 14 '15 at 21:35

1 Answers1

2

this pattern will apply all four character class conditions, beginning/end and minimum character count requirement:

^.(?=.*[a-z].)(?=.*[A-Z].)(?=.*[0-9].)(?=.*[@#$,.].).{6,}$

Demo
what you want to do is break it into four Regex patterns like so

^.(?=.*[a-z].)(?=.*[A-Z].)(?=.*[0-9].).{6,}$    
^.(?=.*[a-z].)(?=.*[A-Z].)(?=.*[@#$,.].).{6,}$  
^.(?=.*[a-z].)(?=.*[0-9].)(?=.*[@#$,.].).{6,}$  
^.(?=.*[A-Z].)(?=.*[0-9].)(?=.*[@#$,.].).{6,}$

run each one and count the number of matches using your scripting language, if greater than 3 it's a success.
note: white spaces are allowed per your original pattern.

alpha bravo
  • 7,838
  • 1
  • 19
  • 23