Previously I covered how to validate username using regular expression in Java. Java Regular Expression Password Validation example shows how to validate a password using Java regular expression. This pattern can be used to validate password requirements like alphanumeric characters, total length and special characters.
Java Regular Expression Password Validation
There may be different requirements for password validation. This example covers the most common requirements of them. The example requirements are as follows.
1) Password must contain at least 8 characters
2) Password must contain at least 1 number
3) Password must contain at least 1 upper case letter
4) Password must contain at least 1 lower case letter
5) Password must contain at least 1 special character
6) Password must not contain any spaces
Let’s try to build the regular expression pattern for the above requirements one by one. Here is the initial pattern for the first two requirements.
1 |
String strRegEx = "^(?=.*[0-9]).{8, }$"; |
Where,
1 2 3 4 5 |
^ - start of the string (?=.*[0-9]) – Positive look ahead expression for any number . – any character {8,} - minimum 8 characters in length $ - end of the string |
The positive lookahead expression (?=.*[0-9])
will return true for any character followed by a digit (thus satisfying our requirement number 2). The {8,}
part will satisfy requirement number 1 of minimum length.
Let’s try out our initial password regular expression pattern.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 |
String strRegEx = "^(?=.*[0-9]).{8,15}$"; String[] strPasswords = { "mypassword", "00000000", "AlphaRomeo4c", "fiatlinea2014", "F@rd1co", "F@rd1coSports", "Suzuki@lpha2016", "!vwvento2015", "!@#$%^&*Aa1", "myDream1@$$", "Hello World@001" }; for(String password : strPasswords){ if(password.matches( strRegEx )) System.out.println(password + " is a valid password"); else System.out.println(password + " is not a valid password"); } |
Output
1 2 3 4 5 6 7 8 9 10 11 |
mypassword is not a valid password 00000000 is a valid password AlphaRomeo4c is a valid password fiatlinea2014 is a valid password F@rd1co is not a valid password F@rd1coSports is a valid password Suzuki@lpha2016 is a valid password !vwvento2015 is a valid password !@#$%^&*Aa1 is a valid password myDream1@$$ is a valid password Hello World@001 is a valid password |
As you may have observed, all the passwords containing a digit and minimum 8 in length turned out to be a valid password as per our pattern. The “mypassword” password is not a valid one because it does not contain a digit, while the “F@rd1co” is not valid as it does not satisfy our minimum length requirement.
Let’s now try to implement requirements 3, 4, 5 and 6 in the same way as requirement 2. Basically, we want one positive lookahead expression per the requirement as given below.
1 |
String strRegEx = "^(?=.*[0-9])(?=.*[a-z])(?=.*[A-Z])(?=.*[!@#$%^&*])(?=\\S+$).{8,}$"; |
Where,
1 2 3 4 5 6 7 8 9 |
^ - start of the string (?=.*[0-9]) - Positive look ahead expression for any number (?=.*[a-z]) - Positive look ahead expression for lower case letter (?=.*[A-Z]) - Positive look ahead expression for upper case letter (?=.*[!@#$%^&*]) - Positive look ahead expression for any special character (?=\\S+$) - Positive look ahead expression for \S (non-space character) . – any character {8,} - minimum 8 characters in length $ - end of the string |
Let’s try the pattern.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 |
String strRegEx = "^(?=.*[0-9])(?=.*[a-z])(?=.*[A-Z])(?=.*[!@#$%^&*])(?=\\S+$).{8,15}$"; String[] strPasswords = { "mypassword", "00000000", "AlphaRomeo4c", "fiatlinea2014", "F@rd1co", "F@rd1coSports", "Suzuki@lpha2016", "!vwvento2015", "!@#$%^&*Aa1", "myDream1@$$", "Hello World@001", "<RRPhantom@16>" }; for(String password : strPasswords){ if(password.matches( strRegEx )) System.out.println(password + " is a valid password"); else System.out.println(password + " is not a valid password"); } |
Output
1 2 3 4 5 6 7 8 9 10 11 12 |
mypassword is not a valid password 00000000 is not a valid password AlphaRomeo4c is not a valid password fiatlinea2014 is not a valid password F@rd1co is not a valid password F@rd1coSports is a valid password Suzuki@lpha2016 is a valid password !vwvento2015 is not a valid password !@#$%^&*Aa1 is a valid password myDream1@$$ is a valid password Hello World@001 is not a valid password <RRPhantom@16> is a valid password |
An explanation for the failed password test cases:
1 2 3 4 5 6 7 8 |
Mypassword - does not contain a digit, special character mypassword - does not contain upper case letter, number, special character 00000000 - does not contain upper case letter, lower case letter, number, special character AlphaRomeo4c - does not contain special character fiatlinea2014 - does not contain a special character F@rd1co - length is less than 8 !vwvento2015 - does not contain upper case letter Hello World@001 - contains a space |
You may have observed that our last test case the “<RRPhantom@16>” password turned out to be a valid password even though we did not have “<” and “>” in the list of our special characters. It is because once any special character out of the allowed characters is found in the string (in this case “@”), the lookahead expression does not check for others and returns true.
While this is not a problem in most cases, but if you have the requirement for the password to contain only special characters from the predefined set of characters, you can change the pattern as follows.
1 |
String strRegEx = "^(?=.*[0-9])(?=.*[a-z])(?=.*[A-Z])(?=.*[!@#$%^&*])[a-zA-Z0-9!@#$%^&*](?=\\S+$).{8,15}$"; |
We have added only one extra check in the above pattern “[a-zA-Z0-9!@#$%^&*]” which makes sure that password contains characters from predefined set of characters (i.e. all lower and upper case letters, 0 to 9 digits and special character out of “!@#$%^&*”characters). If the password contains any character which is not in this list, the pattern will fail and the matches
method will return false.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 |
String strRegEx = "^(?=.*[0-9])(?=.*[a-z])(?=.*[A-Z])(?=.*[!@#$%^&*])[a-zA-Z0-9!@#$%^&*](?=\\S+$).{8,15}$"; String[] strPasswords = { "mypassword", "00000000", "AlphaRomeo4c", "fiatlinea2014", "F@rd1co", "F@rd1coSports", "Suzuki@lpha2016", "!vwvento2015", "!@#$%^&*Aa1", "myDream1@$$", "Hello World@001", "<RRPhantom@16>" }; for(String password : strPasswords){ if(password.matches( strRegEx )) System.out.println(password + " is a valid password"); else System.out.println(password + " is not a valid password"); } |
Output
1 2 3 4 5 6 7 8 9 10 11 12 |
mypassword is not a valid password 00000000 is not a valid password AlphaRomeo4c is not a valid password fiatlinea2014 is not a valid password F@rd1co is not a valid password F@rd1coSports is a valid password Suzuki@lpha2016 is a valid password !vwvento2015 is not a valid password !@#$%^&*Aa1 is a valid password myDream1@$$ is a valid password Hello World@001 is not a valid password <RRPhantom@16> is not a valid password |
This example is a part of the Java RegEx tutorial with examples.
Please let me know your views in the comments section below.
I really appreciate this article because I never knew how to validate a password strength until I visit this website.
The other thing that makes me appreciate this is because the way you break your code into pieces and explain each part.
I know understand how do this by my self.
Hi Trevor,
Thank you very much for your kind words. Glad to know it helped you understand the concept.
Thanks.