String.length() gives me a wrong value

Question

Whenever I enter a password under 10 characters it gives me Password cannot exceed 10 characters.

private void jButton5ActionPerformed(java.awt.event.ActionEvent evt) {                                         
        String name = Name.getText();
        String Username = uName.getText().toString();
        String Pass1 = uPass.getPassword().toString();
        String Confirm = uConfirm.getPassword().toString();
        String Status = "OFFLINE";
        int PassLen = Pass1.length();

        if (Username.equals("") || Pass1.equals("") || Confirm.equals("") || name.equals("")) 
        {
            JOptionPane.showMessageDialog(null, "You cannot leave any fields blank when creating an Account. Please Try Again");
        } 
        else if ((uPass.getPassword().toString()).length()>10)
        {
            uPass.setText("");
            uConfirm.setText("");
            JOptionPane.showMessageDialog(null, "Password cannot exceed a maximum of 10 characters.");  
        }
        else if (!Pass1.equals(Confirm))
        {
            uConfirm.setText("");
            lblError1.setText("Passwords Do Not Match.");
            lblError2.setText("Please re-enter your Password.");
        }
        else
        {
            try {
                DB_Connect connect = new DB_Connect();
                ResultSet rs = connect.queryTbl("SELECT * FROM ACOUNTS");
                boolean AlreadyUser = false;
                String User;
                while (rs.next())
                {
                    User = rs.getString("Username");
                    if(Username.equals(User))
                    {
                        AlreadyUser = true;
                    }
                }
                if (AlreadyUser==false)
                {
                    connect.updateTbl("INSERT INTO NBUSER.ACCOUNTS (USERNAME,PASSWORD,STATUS,NAME)VALUES ('"+Username+"','"+Pass1+"','"+Status+"','"+name+"')");
                    JOptionPane.showMessageDialog(null, "Account Created Successfully !");
                    this.dispose();
                    new Topics().setVisible(true);
                }
                else
                {
                    JOptionPane.showMessageDialog(null, "The Username you have selected already exists. Please select a different Username");
                    uPass.setText("");
                    uConfirm.setText("");
                }
            } catch (SQLException ex) {
                Logger.getLogger(CreateAccount.class.getName()).log(Level.SEVERE, null, ex);
            }

        }


    }

What does `uPass.getPassword()` return? Perhaps it returns an instance of some class whose toString method doesn't return the password String. — Eran, Oct 18 '15 at 10:31
Have you tried printing the values of your objects to see what the *actually* contain? — code_dredd, Oct 18 '15 at 10:32
Open your debugger and display the value of `uPass.getPassword().toString())` — Marged, Oct 18 '15 at 10:32
Also, why are you using `uPass.getPassword().toString()` when you could just have used `Pass1`. Remember, DRY. — Mr Lister, Oct 18 '15 at 10:33
If getPassword() returns a `char[]`, the proper way to turn it into a string is `String(getPassword())`, as far as I'm aware, not `.toString()`. — Mr Lister, Oct 18 '15 at 10:37
Comment on code quality. Not only do you constantly violate DRY (dont repeat yourself), but SLR (single layer of abstraction) and SRP (single responsibility principle). Long story short: consider also learning how to write good code. The perfect resource to get started on that is "Clean code" by Robert Martin; which you can find on the internets. — GhostCat, Oct 18 '15 at 10:37

Tom · Accepted Answer · 2015-10-18T15:11:59.447

5

Since you're obviously using Swing, it is also very likely that you use a JPasswordField for your passwords. So let's see, what getPassword really does:

public char[] getPassword()

Returns the text contained in this TextComponent. If the underlying document is null, will give a NullPointerException. For stronger security, it is recommended that the returned character array be cleared after use by setting each character to zero.

Returns: the text

As you can see, it returns your password in a char[] and since this class doesn't override toString your call of uPass.getPassword().toString() results in something like:

[C@1d44bcfa

which is the result of calling Object#toString.

The length of this String is 11 and therefore larger then 10 and your else if block (else if ((uPass.getPassword().toString()).length()>10)) will be entered.

To fix that, call the String constructor String(char[]) like:

String Pass1 = new String(uPass.getPassword());

Please use this just as a "quick fix" for your current problem and try to find a way to use the originally returned char[]. As mentioned by the quoted JavaDoc it is recommened the "clean" the char array after using it, so the password won't be stored there anymore. By creating a String from the array, using new String(uPass.getPassword()), you're creating another object in the heap which contains the password and which also needs to be removed from there. So it would add more work for you.

edited Oct 18 '15 at 15:11

answered Oct 18 '15 at 10:42

Tom

16,842
17
45
54

The part about "having the password" in the stack is inaccurate in the context of Java. Even in other languages, the scope of a variable does not necessarily dictate the location in which its contents are stored (e.g. stack or heap in C/C++). – code_dredd Oct 18 '15 at 10:52
Thank you so much! Very quick response time! – Edge Oct 18 '15 at 10:58
@ray Yes, it depends on the type. I removed that part. – Tom Oct 18 '15 at 11:08
@Tom: It does not depend on the type. It depends on whether the `new` operator is used or not. The last part of your post is still inaccurate. – code_dredd Oct 18 '15 at 12:22
@ray Right, because `new String(uPass.getPassword())` doesn't use the `new` operator. – Tom Oct 18 '15 at 12:36
@Tom: `getPassword` returns a `char[]`. The `char[]` will have been allocated using the `new` operator, which means it's in the heap. For all practical purposes, all Java objects are stored in the heap. (If it isn't, it's a JVM optimization/implementation detail that no one should assume or rely on. See [here](https://stackoverflow.com/questions/9991701/is-a-string-literal-stored-on-the-stack-is-a-new-string-stired-on-the-stack)) – code_dredd Oct 18 '15 at 13:04
@ray I haven't denied that. What I said is that he shouldn't create an additional (even though I omitted that specific word) object in the heap with this password. – Tom Oct 18 '15 at 13:24
@ray I've updated the answer to explain a bit more detailed what I mean. I hope it won't cause more misunderstandings. – Tom Oct 18 '15 at 15:13

String.length() gives me a wrong value

1 Answers1