javaregexvalidationpasswords

Java Regex to not allow String Special Characters


I want to set a password which do not allow specific special characters like

-_\

and my regular expression is as follows

PatternCompiler compiler = new Perl5Compiler();
PatternMatcher matcher = new Perl5Matcher();
pattern = compiler.compile("^(?=.*?[a-zA-Z])(?=.*?[0-9])([A-Za-z0-9-/-~][^\\\\\\\\_\-]*)$");

It is working partially. If i place unwanted special characters between the string and start of the string still it is matching the password

P@ssword123    --correct
-password@123  --it should not match
-passowrd"11   --it should not match
\password123   --it should not match
_@111Password  --it should not match
p@sswor"123    --correct

Any where in the string if i find -_\ regular expression should not match. Using Apache api for matching pattern in java


Solution

  • Here is a general regex you can try:

    ^((?=[A-Za-z])(?![_\-]).)*$
        ^^ whitelist  ^^ blacklist
    

    You can include both a positive and negative lookahead assertion which will check for the presence or absence of a character class. Something like the following might work for you:

    String password = "-passw@rd";
    // nice trick: by placing hyphen at the end of the character class,
    // we don't need to escape it
    String pattern = "^((?=[A-Za-z0-9@])(?![_\\\\-]).)*$";
    if (password.matches(pattern)) {
        System.out.println("valid");
    }
    else {
        System.out.println("not valid");
    }
    

    That being said, I would strongly recommend that you search around for regular expressions for passwords. This is a known and old problem, and a lot of good work has already been done in this area, including on Stack Overflow.