Java – How to verify minimum, maximum password length before hashing?

How to verify minimum, maximum password length before hashing?… here is a solution to the problem.

How to verify minimum, maximum password length before hashing?

I want to verify the length of the password field before hashing.

Model class:

@Entity
@Table(name = "users")
public class UserInfo {

/* other code */

@NotBlank(message = "Password is required")
   @Size(min = 6, message = "Password should have min 6 characters")
   private String password;

/* other code */    
}

The Controller file simply calls a service method.

Class of Service:

@Component
public class UserInfoServiceImpl implements UserInfoService {

@Autowired
private UserInfoRepository userInfoRepository;

public UserInfo register(UserRegisterRequest request) {

UserInfo user = new UserInfo();
    user.setFirstName(request.getFirstName());
    user.setLastName(request.getLastName());
    user.setEmail(request.getEmail());
    user.setPhone(request.getPhone());
     Password hashing
    user.setPassword(new BCryptPasswordEncoder().encode(request.getPassword()));
    user.setIsActive(0);
    user.setStatus(1);

return userInfoRepository.save(user);
  }
}

I want the password to be verified after being hashed in this line :

user.setPassword(new BCryptPasswordEncoder().encode(request.getPassword()));

How do I verify this password before hashing and saving?

Any help would be appreciated. Thanks in advance.

Solution

You can validate the input of any Spring bean. To do this, you can use a combination of @Validated and @Valid annotations as follows:

@Component
@Validated
public class UserInfoServiceImpl implements UserInfoService {

@Autowired
private UserInfoRepository userInfoRepository;

public UserInfo register(@Valid UserRegisterRequest request) {

UserInfo user = new UserInfo();
    user.setFirstName(request.getFirstName());
    user.setLastName(request.getLastName());
    user.setEmail(request.getEmail());
    user.setPhone(request.getPhone());
     Password hashing
    user.setPassword(new BCryptPasswordEncoder().encode(request.getPassword()));
    user.setIsActive(0);
    user.setStatus(1);

return userInfoRepository.save(user);
  }
}

If you want more control, you can verify it programmatically:

@Component
public class UserInfoServiceImpl implements UserInfoService {

@Autowired
private UserInfoRepository userInfoRepository;

public UserInfo register(UserRegisterRequest request) {
    ValidatorFactory factory = Validation.buildDefaultValidatorFactory();
    Validator validator = factory.getValidator();
    Set<ConstraintViolation<UserRegisterRequest> violations = validator.validate(input);
    if (!violations.isEmpty()) {
         Do something on invalid input;
    }
    UserInfo user = new UserInfo();
    user.setFirstName(request.getFirstName());
    user.setLastName(request.getLastName());
    user.setEmail(request.getEmail());
    user.setPhone(request.getPhone());
     Password hashing
    user.setPassword(new BCryptPasswordEncoder().encode(request.getPassword()));
    user.setIsActive(0);
    user.setStatus(1);

return userInfoRepository.save(user);
  }
}

Alternatively, inject a preconfigured validator instance like this:

@Autowired
Validator validator;

For these to work, you need to add spring-boot-starter-validation to your Maven/Gradle configuration file.

Related Problems and Solutions