Custom Password Rules

Every organization has certain policies in the login credentials.Oracle Applications has a flexibility to implement custom password rules based on customer requirement.Here i will demonstrate the usage with a specific example.

My customer XXCUST wants to implement following rules in the credentials.

1) Password should not be same as user name.
2) Password should not contain the word XXCUST
3) Password should not contain two consecutive characters (eg: 112ora,Password)
4) Password should be minimum of 7 characters
5) Password should contain atleast 3 of the following 4 cases
    a) Upper case letters (e.g., A, B, C,.....Z)
    b) Lower case letters (e.g., a, b, c,....z
    c) Numbers (e.g., 1, 1, 2,....9)
    d) Special characters (e.g., ?, !, %, $, #, etc.)

Implementation Steps

1) Create a custom java file in the directory oracle.apps.fnd.security under $JAVA_TOP.This class should implement standard class PasswordValidation.For Eg: XXCustPasswordRules

2) Generate XXCustPasswordRules.class in oracle.apps.fnd.security directory

3) Run the following command to upload XXCustPasswordRules.class into database

loadjava -user apps/apps -verbose -resolve -force XXCustPasswordRules.java

4) Verify weather the java class has loaded successfully using below query.

SELECT dbms_java.longname(object_name), status
FROM user_objects
WHERE object_type = 'JAVA CLASS'
AND dbms_java.longname(object_name) LIKE '%XXCustPasswordRules';

5) Update the profile Signon Password Custom with oracle.apps.fnd.security.XXCustPasswordRules in Site level

6) Make sure profile Signon Password Hard To Guess value is NULL

7) Update the profile Signon Password Length value to 7 in site level

Result

Given new password as XXCUST123

Given new password as Cust

Given new password as Password

Given new password as welcome123


Given new password as Welcome123

 Finally password has successfully updated.

 Following is the sample XXCustPasswordRules.java file.

package oracle.apps.fnd.security;

import java.util.regex.Matcher;
import java.util.regex.Pattern;

import oracle.apps.fnd.common.VersionInfo;

// Referenced classes of package oracle.apps.fnd.security:
// PasswordValidation

public class XXCustPasswordRules
implements PasswordValidation
{

    public String getErrorStackApplicationName()
    {
        return "XXCUST";
    }

    public String getErrorStackMessageName()
    {
        return m_errorStackMessageName;
    }

    public boolean validate(String username, String password)
    {
        /* Validates username = password */
        if(validateNoUsername(username, password))
        {
            m_errorStackMessageName = "XXCUST_USR_PWD_SAME";
            return false;
        }

        /* Check for repeated characters */
        if(!validateNoRepeats(password.toLowerCase()))
        {
            m_errorStackMessageName = "XXCUST_REPEAT_CHAR";
            return false;
        }
        /* Checks password contains XXCUST  */
        if (validatePasswordNotContainsPattern(password,"XXCUST"))
        {
            m_errorStackMessageName = "XXCUST_INVALID_WORD";
            return false;
        }
        /* Checks following rules
        1) Contains A-Z
        2) Contains a-z
        3) Contains 0-9
        4) Contains ?!%$#

        5) Should satisfy above 3 rules */

        if (!validatePassword(password))
        {
            m_errorStackMessageName = "XXCUST_PWD_RULE_CLASSES";
        return false;
        }

        return true;
    }

    /* Checks for a pattern match */
    private boolean hasPattern(String p_password,String p_pattern)
    {
        Pattern p = Pattern.compile(p_pattern);
        Matcher m = p.matcher(p_password);
        if (m.find())
            return true;
        else
            return false;
    }

    /* Implements following rules
    1) Contains A-Z
    2) Contains a-z
    3) Contains 0-9
    4) Contains ?!%$#
    */

    private boolean validatePassword(String password)
    {
        int count=0;
        if (hasPattern(password,"[A-Z]"))
            count++;
        if (hasPattern(password,"[a-z]"))
            count++;
        if (hasPattern(password,"[0-9]"))
            count++;
        if (hasPattern(password,"[?!%$#]"))
            count++;
        if (count<3)
            return false;
        else
            return true;
    }

    /* Validates password does not contain pattern  */
    private boolean validatePasswordNotContainsPattern(String password,String pattern)
    {
        if (password.toLowerCase().contains(pattern.toLowerCase()))
            return true;
        else
            return false;
    }


    /* Validate username = password */
    private boolean validateNoUsername(String p_username, String p_password)
    {
         if (p_username.toLowerCase().equals(p_password.toLowerCase()))
             return true;
         else
             return false;
    }

    boolean validateNoRepeats(String p_password)
    {
        for(int i = 1; i < p_password.length(); i++)
            if(p_password.charAt(i) == p_password.charAt(i - 1))
                return false;

        return true;
    }

    private String m_errorStackMessageName;

}

XXCUST_USR_PWD_SAME,
XXCUST_REPEAT_CHAR,
XXCUST_INVALID_WORD,
XXCUST_PWD_RULE_CLASSES are foundation messages of error category.

Note: Inorder to reflect any modification in the messages kindly update the message file using FNDMDGEN and bounce the Apatche server.




Comments:

Post a Comment:
  • HTML Syntax: NOT allowed
About



Oracle Apps Technical Consultant,Bengaluru Area

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today