Java 密码强度检查库
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/3200292/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Password strength checking library
提问by Stephen C
Can anyone recommend a Java library that contains methods that are suitable for performing server-side password strength checking in a webapp. Ideally the checker should be:
任何人都可以推荐一个 Java 库,其中包含适合在 web 应用程序中执行服务器端密码强度检查的方法。理想情况下,检查器应该是:
- configurable, allowing the deployer to supply different dictionaries, adjust weights of different criteria, and so on
- extensible allowing new criteria to be implemented if required
- implemented in pure Java
- not fundamentally intertwined with a tag libraries, UI components or "password management" functionality
- compatible with a GPL 3 project
- compatible with Spring wiring
- mavenized (ideally available through Maven Central)
- 可配置,允许部署者提供不同的字典,调整不同标准的权重,等等
- 可扩展,允许在需要时实施新标准
- 纯Java实现
- 没有从根本上与标签库、UI 组件或“密码管理”功能交织在一起
- 与 GPL 3 项目兼容
- 与弹簧接线兼容
- mavenized(理想情况下可通过 Maven Central 获得)
采纳答案by Pascal Thivent
Have a look at vt-password:
看看vt-password:
- configurable, allowing the deployer to supply different dictionaries, adjust weights of different criteria, and so on - Partially(yes to configurable, dictionaries, no to weighted criteria)
- extensible allowing new criteria to be implemented if required - Yes
- implemented in pure Java - Yes(and decent javadoc)
- not fundamentally intertwined with a tag libraries, UI components or "password management" functionality - Yes
- compatible with a GPL 3 project - Yes (LGPLv3/APLv2 dual-licensed as of November 2013)
- compatible with Spring wiring - Looks like
- mavenized (ideally available through Maven Central) - Yes (in central since version 3.0)
- 可配置,允许部署者提供不同的字典,调整不同标准的权重,等等 -部分(可配置,字典,否,加权标准)
- 可扩展,允许在需要时实施新标准 -是
- 用纯 Java 实现 -是的(和体面的 javadoc)
- 没有从根本上与标签库、UI 组件或“密码管理”功能交织在一起 -是
- 与 GPL 3 项目兼容 -是(LGPLv3/APLv2 于 2013 年 11 月获得双重许可)
- 与 Spring 接线兼容 -看起来像
- mavenized(理想情况下可通过 Maven Central 获得) -是(自 3.0 版起在中央)
Update by @Stephen C.
由@Stephen C 更新。
The guys who do vt-password have made a number of API improvements since the question was originally answered, and one of the outcomes is that the classes are much easier to configure using Spring IoC. They have also uploaded it to Maven Central: http://mvnrepository.com/artifact/edu.vt.middleware/vt-password
自从最初回答这个问题以来,做 vt-password 的人已经进行了许多 API 改进,结果之一是使用 Spring IoC 更容易配置这些类。他们还将其上传到 Maven Central:http: //mvnrepository.com/artifact/edu.vt.middleware/vt-password
Update 2020: vt-password has been replaced, sort of, by Passay
2020 年更新:vt-password 已被Passay替换
回答by Stephen C
This is a followup answer to say that I diduse vt-password, and I'm happy with the results.
这是一个后续回答,说我确实使用了 vt-password,我对结果很满意。
I started out with vt-password version 2.0 and hacked it around a bit to get it to work with Spring wiring, and address the thread safety issues I alluded to in my comments on @Pascal's answer. That was enough to get on with.
我从 vt-password 2.0 版开始,并对其进行了一些修改以使其与 Spring 布线一起使用,并解决我在对 @Pascal 的回答的评论中提到的线程安全问题。这足以继续下去。
A few weeks back, the vt-middleware team released vt-password 3.0, based (in small part) on my feedback concerning 2.0. This new release addressed all of the issues I had hacked around, and I have now ditched my local mods and am using vt-password 3.0 as is. They have also uploaded their stuff to Maven Central, and improved the online documentation.
几周前,vt-middleware 团队发布了 vt-password 3.0,基于(部分)我对 2.0 的反馈。这个新版本解决了我遇到的所有问题,我现在已经放弃了我的本地 mods,并按原样使用 vt-password 3.0。他们还将他们的内容上传到 Maven Central,并改进了在线文档。
