Password Pattern

Last updated
Save as PDF

Password Pattern

To control password policy and pattern, Archibus has preferences in the following configuration files:

/WEB-INF/config/context/security/afm_users/useraccount. xml

<!-- User account repository (UserAccount stored in afm_users). Implements method loadUserByUsername() -->
<bean id="userAccountDao"
		class="com.archibus.app.solution.security.common.providers.dao.UserAccountDao"
		p:passwordPolicy-ref="passwordPolicy">
		p:useGuestAccountIfUsernameNotFound="false">
<!-- useGuestAccountIfUsernameNotFound=true could be used in SSO configuration. -->
 </bean>


<bean id="passwordPolicy"
		class="com.archibus.app.solution.common.security.providers.dao.PasswordPolicy"
		p:passwordExpirationPeriod="-1"
		p:numberFailedLoginAttemptsAllowed="-1">
		<!-- Password expiration period, in days. Value "-1" means "never expire". -->
               <!-- Number of failed login attempts allowed. User account will be locked after the number of failed login attempts exceeds this value.
			Value "-1" means "no user account locking". -->
</bean>

/WEB-INF/config/context/security/afm_users/password-changer.xml

<bean id="passwordChanger"
		class="com.archibus.app.solution.common.security.providers.dao.PasswordChangerImpl"
		p:userDetailsService-ref="userAccountDao"
		p:passwordPatternValidator-ref="passwordPatternValidator"
		p:passwordEncoder-ref="passwordEncoder"
               p:mustNotConsistOfWhitespaces
		p:saltSource-ref="saltSource">

		<!-- PasswordEncoder, specifies the current passwords policy. -->
</bean>

<bean id="passwordPatternValidator"
		class="com.archibus.app.solution.common.security.providers.dao.PasswordPatternValidatorImpl"
		p:mustIncludePunctuation="false" p:mustIncludeNumbers="false"
		p:minimumLength="0">
</bean>