Validate Passwords in JSP

Validate Passwords in JSP

Almost every website now allows registration which means users will need to create a username and password. Stories of accounts being hacked by brute force attacks are proof of how weak passwords can make user accounts insecure and vulnerable.

In this post, I will describe how to validate passwords in JSP during the account registration process. I will show you 3 different ways you can validate passwords in JSP. In order of recommendation, they are:

1. Using customised HTML5
2. Using JSTL functions
3. Using JSP scriptlets

Options 2 and 3 use JSTL. If you are not familiar with how to use JSTL, view my tutorial on how to get JSTL to run on Eclipse.

Ok lets get into it!

Using customised HTML5

HTML5 includes the pattern attribute that allows you to specify a regular expression that the <input> element’s value is checked against. W3Schools gives a detailed tutorial on how to use the pattern attribute.

Copy the code below into your JSP <body> element. The title attribute is used to store the message that is displayed when the pattern does not match the input.

Below is screenshot of the output when the password does not match the regex.

validate

Using JSTL functions

Another way to validate passwords in JSP is with the use of JSTL functions. The function fn:length() in JSTL can be used to check if the password is the required length. The java matches() method can be used to check if the password matches a specified regex String. In this case, the regex String checks for at least 1 letter and 1 digit.

Copy and paste the code below into your JSP <body> tag.

NOTE: Remember to include these lines before your !DOCTYPE declaration in order to use JSTL


<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%>
<%@ taglib uri="http://java.sun.com/jsp/jstl/functions" prefix="fn"%>

Below is screenshot of the output when the password is invalid.

validate

Using JSP scriptlets

Lastly, we can use JSP scriptlets to validate passwords. It is no longer encouraged to use scriptlets in JSP which is why this option is my least recommended option. However if you must use scriptlets to validate passwords, then this is the way to do it.

First, the password entered is stored in a variable called password using JSTL’s <c:set> tag. We can use Javas getAttribute() method to check if the value of password matches the regex defined. View the full code for this below.

Copy and paste the code into your JSP <body> tag.

NOTE: Remember to include this line before your !DOCTYPE declaration in order to use JSTL


<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%>

Below is screenshot of the output when the password is invalid.

validate

Which method did you like best? Leave your comments in the comment section below. Happy password validation!

Seda
Seda Kunda is a web designer and developer with a degree in Computer Science and a great passion for code. Besides code, she enjoys pepperoni pizza, watching the bachelor and sleeping in on Saturdays.
Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedIn