/** * Gives the opportunity to check the new password validity against some * business rule. Buy default, it only checks that the password is not empty * if {@code allowEmptyPassword} is {@code false}. * * @param typedPasswd the password to check. * @param context the context */ protected void checkPasswordValidity(String typedPasswd, Map<String, Object> context) { if (!isAllowEmptyPasswords() && (typedPasswd == null || typedPasswd.length() == 0)) { throw new ActionBusinessException("Empty passwords are not allowed.", "password.empty.disallowed"); } if (!isAllowLoginPasswords() && ObjectUtils.equals(typedPasswd, getApplicationSession(context).getUsername())) { throw new ActionBusinessException("Passwords which are identical to username are not allowed.", "password.login.disallowed"); } if (getPasswordRegex() != null && !Pattern.matches(getPasswordRegex(), typedPasswd)) { throw new ActionBusinessException("Password does not match enforcing rules.", "password.regex.failed", getPasswordRegexSample()); } }