当前位置：首页 > article >正文

java基于 Passay 的密码生成与校验方案

article 2026/4/24 4:14:30

基于 Passay 的密码生成与校验方案1. 背景与目标为规范密码的生成与使用特制定本密码生成与校验方案。1.1 密码管理核心要求要求项具体规则密码长度最小12位最大20位字符种类至少包含大写字母、小写字母、数字、特殊字符中的3 种本实现采用4 种全包含禁止连续序列禁止 3 位及以上的连续字母如 abc、连续数字如 123、键盘序列如 qwert禁止重复字符禁止 3 个及以上相同字符连续出现如 aaa、111禁止弱口令内置弱口令字典admin、password、123456 等 30 条禁止个人信息禁止包含用户名、手机号、身份证号、邮政编码、年月日期禁止空格密码中不允许包含空白字符2. 技术选型2.1 为什么选择 PassayPassay 是一个 Java 密码策略库提供密码生成和合规校验功能。它能根据长度、字符类型、连续序列、重复字符、字典等规则自动生成随机密码并对用户设置的密码进行多维度验证。结论Passay 是 Java 生态中专门用于规则驱动型密码生成与校验的成熟方案。2.2 Maven 依赖xmldependency groupIdorg.passay/groupId artifactIdpassay/artifactId version1.6.6/version /dependency3. 核心代码实现3.1 特殊字符集定义SpecialCharData.javajavapackage com.example.password.util; import org.passay.CharacterData; public enum SpecialCharData implements CharacterData { RANGE(INSUFFICIENT_SPECIAL, !#$%*-_.?~^()[]{}:;,/); private final String errorCode; private final String characters; SpecialCharData(String code, String charString) { this.errorCode code; this.characters charString; } Override public String getErrorCode() { return this.errorCode; } Override public String getCharacters() { return this.characters; } }3.2 密码规则配置PassayRuleConfig.javajavapackage com.example.password.config; import com.example.password.util.SpecialCharData; import org.passay.*; import org.passay.dictionary.ArrayWordList; import org.passay.dictionary.WordListDictionary; import org.passay.dictionary.sort.ArraysSort; import org.passay.spring.SpringMessageResolver; import org.springframework.context.MessageSource; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import javax.annotation.Resource; import java.util.*; import java.util.regex.Matcher; import java.util.regex.Pattern; Configuration public class PassayRuleConfig { Resource private MessageSource messageSource; private static final WordListDictionary WORD_LIST_DICTIONARY; private static final ListRule RULE_LIST; static { WORD_LIST_DICTIONARY new WordListDictionary(new ArrayWordList(new String[]{ 520, 1314, woaini, iloveyou, loveme, admin, root, administrator, test, guest, user, default, admin123, admin123, qq123, abc123, passwd, password, 123456, 12345678, 123456789, 1234567890, qwerty, qwert, asdf, asdfgh, zxcvbn, letmein, welcome, monkey, dragon }, false, new ArraysSort())); RULE_LIST Arrays.asList( new LengthRule(12, 20), new CharacterRule(EnglishCharacterData.UpperCase, 1), new CharacterRule(EnglishCharacterData.LowerCase, 1), new CharacterRule(EnglishCharacterData.Digit, 1), new CharacterRule(SpecialCharData.RANGE, 1), new IllegalSequenceRule(EnglishSequenceData.Alphabetical, 3, false), new IllegalSequenceRule(EnglishSequenceData.Numerical, 3, false), new IllegalSequenceRule(EnglishSequenceData.USQwerty, 3, false), new RepeatCharactersRule(3), new DictionaryRule(WORD_LIST_DICTIONARY), new DictionarySubstringRule(WORD_LIST_DICTIONARY), new UsernameRule(), new IllegalRegexRuleExtended(CUSTOMIZATION_DATE_MATCH, (?:19|20)\\d{2}(?:0[1-9]|1[0-2]), true), new IllegalRegexRuleExtended(CUSTOMIZATION_POSTCODE_MATCH, \\b[1-9]\\d{5}\\b, true), new IllegalRegexRuleExtended(CUSTOMIZATION_IDENTITYCARD_MATCH, \\b(?:(?:\\d{8}(?:0[1-9]|1[0-2])(?:[0-2]\\d|3[01])\\d{3})|(?:\\d{6}(?:18|19|20)\\d{2}(?:0[1-9]|1[0-2])(?:[0-2]\\d|3[01])\\d{3}[\\dXx]))\\b, true), new IllegalRegexRuleExtended(CUSTOMIZATION_PHONE_MATCH, \\b(?:(?:\\|00)86)?1(?:3\\d|4[5-79]|5[0-35-9]|6[5-7]|7[0-8]|8\\d|9[189])\\d{8}\\b, true), new WhitespaceRule()); } Bean public PasswordValidator passwordValidator() { SpringMessageResolver messageResolver new SpringMessageResolver(messageSource, Locale.getDefault()); return new PasswordValidator(messageResolver, RULE_LIST); } private static ListRule validRuleList() { return RULE_LIST; } public static class IllegalRegexRuleExtended implements Rule { public final String errorCode; protected final Pattern pattern; protected final boolean reportAllFailures; public IllegalRegexRuleExtended(String errorCode, String regex, boolean reportAll) { this.errorCode errorCode; this.pattern Pattern.compile(regex); this.reportAllFailures reportAll; } Override public RuleResult validate(PasswordData passwordData) { RuleResult result new RuleResult(); Matcher m this.pattern.matcher(passwordData.getPassword()); SetString matches new HashSet(); while (m.find()) { String match m.group(); if (!matches.contains(match)) { result.addError(this.errorCode, this.createRuleResultDetailParameters(match)); if (!this.reportAllFailures) { break; } matches.add(match); } } return result; } protected MapString, Object createRuleResultDetailParameters(String match) { MapString, Object m new LinkedHashMap(2); m.put(match, match); m.put(pattern, this.pattern); return m; } Override public String toString() { return String.format(%s%h::pattern%s, this.getClass().getName(), this.hashCode(), this.pattern); } } }3.3 密码工具类PassWordUtil.javajavapackage com.example.password.util; import org.passay.*; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Value; import org.springframework.stereotype.Component; import javax.annotation.Resource; import java.util.Arrays; import java.util.List; Component public class PassWordUtil { private static final Logger log LoggerFactory.getLogger(PassWordUtil.class); Resource private PasswordValidator passwordValidator; Value(${password.config.max-try-count}) private Integer maxTryCount; Value(${password.config.generator-password-length}) private Integer generatorPasswordLength; public ValidUserPasswordBean validUserPassword(String userNo, String password) { if (password null || password.isEmpty()) { return new ValidUserPasswordBean(false, 密码不能为空); } if (userNo null || userNo.isEmpty()) { return new ValidUserPasswordBean(false, 用户编号不能为空); } PasswordData passwordData new PasswordData(); passwordData.setUsername(userNo); passwordData.setPassword(password); RuleResult validate passwordValidator.validate(passwordData); boolean valid validate.isValid(); if (valid) { return new ValidUserPasswordBean(true, ); } ListString validatorMessages passwordValidator.getMessages(validate); return new ValidUserPasswordBean(false, String.join(;, validatorMessages)); } public static class ValidUserPasswordBean { private boolean success; private String msg; public ValidUserPasswordBean(boolean success, String msg) { this.success success; this.msg msg; } public boolean isSuccess() { return success; } public void setSuccess(boolean success) { this.success success; } public String getMsg() { return msg; } public void setMsg(String msg) { this.msg msg; } } private static ListCharacterRule createPasswordRuleList() { return Arrays.asList( new CharacterRule(EnglishCharacterData.UpperCase, 1), new CharacterRule(EnglishCharacterData.LowerCase, 1), new CharacterRule(EnglishCharacterData.Digit, 1), new CharacterRule(SpecialCharData.RANGE, 1)); } public String createPassword(String userNo) { PasswordGenerator generator new PasswordGenerator(); String password generator.generatePassword(generatorPasswordLength, createPasswordRuleList()); int tryCount 0; while (tryCount maxTryCount) { ValidUserPasswordBean validUserPasswordBean this.validUserPassword(userNo, password); if (validUserPasswordBean.isSuccess()) { return password; } password generator.generatePassword(generatorPasswordLength, createPasswordRuleList()); tryCount; } log.error(生成密码失败用户[{}]超过最大重试次数({})无法生成符合规则的密码, userNo, maxTryCount); throw new RuntimeException(生成密码失败超过最大重试次数( maxTryCount )无法生成符合规则的密码); } }3.4 国际化消息配置3.4.1 messages.properties默认/英文properties# Passay properties HISTORY_VIOLATIONPassword matches one of {0} previous passwords. ILLEGAL_WORDPassword contains the dictionary word {0}. ILLEGAL_WORD_REVERSEDPassword contains the reversed dictionary word {0}. ILLEGAL_DIGEST_WORDPassword contains a dictionary word. ILLEGAL_DIGEST_WORD_REVERSEDPassword contains a reversed dictionary word. ILLEGAL_MATCHPassword matches the illegal pattern {0}. ALLOWED_MATCHPassword must match pattern {0}. ILLEGAL_CHARPassword {1} the illegal character {0}. ALLOWED_CHARPassword {1} the illegal character {0}. ILLEGAL_QWERTY_SEQUENCEPassword contains the illegal QWERTY sequence {0}. ILLEGAL_ALPHABETICAL_SEQUENCEPassword contains the illegal alphabetical sequence {0}. ILLEGAL_NUMERICAL_SEQUENCEPassword contains the illegal numerical sequence {0}. ILLEGAL_USERNAMEPassword {1} the user id {0}. ILLEGAL_USERNAME_REVERSEDPassword {1} the user id {0} in reverse. ILLEGAL_WHITESPACEPassword {1} a whitespace character. ILLEGAL_NUMBER_RANGEPassword {1} the number {0}. ILLEGAL_REPEATED_CHARSPassword contains {2} sequences of {0} or more repeated characters, but only {1} allowed: {3}. INSUFFICIENT_UPPERCASEPassword must contain {0} or more uppercase characters. INSUFFICIENT_LOWERCASEPassword must contain {0} or more lowercase characters. INSUFFICIENT_ALPHABETICALPassword must contain {0} or more alphabetical characters. INSUFFICIENT_DIGITPassword must contain {0} or more digit characters. INSUFFICIENT_SPECIALPassword must contain {0} or more special characters. INSUFFICIENT_CHARACTERISTICSPassword matches {0} of {2} character rules, but {1} are required. INSUFFICIENT_COMPLEXITYPassword meets {1} complexity rules, but {2} are required. INSUFFICIENT_COMPLEXITY_RULESNo rules have been configured for a password of length {0}. SOURCE_VIOLATIONPassword cannot be the same as your {0} password. TOO_LONGPassword must be no more than {1} characters in length. TOO_SHORTPassword must be {0} or more characters in length. TOO_MANY_OCCURRENCESPassword contains {1} occurrences of the character {0}, but at most {2} are allowed. CUSTOMIZATION_DATE_MATCHPassword contains date format characters. CUSTOMIZATION_POSTCODE_MATCHPassword contains postal code. CUSTOMIZATION_PHONE_MATCHPassword contains phone number. CUSTOMIZATION_IDENTITYCARD_MATCHPassword contains identity card number.3.4.2 messages_en_US.properties英文-美国propertiesHISTORY_VIOLATIONPassword matches one of {0} previous passwords. ILLEGAL_WORDPassword contains the dictionary word {0}. ILLEGAL_WORD_REVERSEDPassword contains the reversed dictionary word {0}. ILLEGAL_DIGEST_WORDPassword contains a dictionary word. ILLEGAL_DIGEST_WORD_REVERSEDPassword contains a reversed dictionary word. ILLEGAL_MATCHPassword matches the illegal pattern {0}. ALLOWED_MATCHPassword must match pattern {0}. ILLEGAL_CHARPassword {1} the illegal character {0}. ALLOWED_CHARPassword {1} the illegal character {0}. ILLEGAL_QWERTY_SEQUENCEPassword contains the illegal QWERTY sequence {0}. ILLEGAL_ALPHABETICAL_SEQUENCEPassword contains the illegal alphabetical sequence {0}. ILLEGAL_NUMERICAL_SEQUENCEPassword contains the illegal numerical sequence {0}. ILLEGAL_USERNAMEPassword {1} the user id {0}. ILLEGAL_USERNAME_REVERSEDPassword {1} the user id {0} in reverse. ILLEGAL_WHITESPACEPassword {1} a whitespace character. ILLEGAL_NUMBER_RANGEPassword {1} the number {0}. ILLEGAL_REPEATED_CHARSPassword contains {2} sequences of {0} or more repeated characters, but only {1} allowed: {3}. INSUFFICIENT_UPPERCASEPassword must contain {0} or more uppercase characters. INSUFFICIENT_LOWERCASEPassword must contain {0} or more lowercase characters. INSUFFICIENT_ALPHABETICALPassword must contain {0} or more alphabetical characters. INSUFFICIENT_DIGITPassword must contain {0} or more digit characters. INSUFFICIENT_SPECIALPassword must contain {0} or more special characters. INSUFFICIENT_CHARACTERISTICSPassword matches {0} of {2} character rules, but {1} are required. INSUFFICIENT_COMPLEXITYPassword meets {1} complexity rules, but {2} are required. INSUFFICIENT_COMPLEXITY_RULESNo rules have been configured for a password of length {0}. SOURCE_VIOLATIONPassword cannot be the same as your {0} password. TOO_LONGPassword must be no more than {1} characters in length. TOO_SHORTPassword must be {0} or more characters in length. TOO_MANY_OCCURRENCESPassword contains {1} occurrences of the character {0}, but at most {2} are allowed. CUSTOMIZATION_DATE_MATCHPassword contains date format characters. CUSTOMIZATION_POSTCODE_MATCHPassword contains postal code. CUSTOMIZATION_PHONE_MATCHPassword contains phone number. CUSTOMIZATION_IDENTITYCARD_MATCHPassword contains identity card number.3.4.3 messages_zh_CN.properties中文-中国properties# Passay 属性 HISTORY_VIOLATION密码和您最近用过的 {0} 个密码之一重复 ILLEGAL_WORD密码包含了保留字典中的词 {0} ILLEGAL_WORD_REVERSED密码包含了保留字典中的词 {0} ILLEGAL_DIGEST_WORD密码包含了字典中的词 ILLEGAL_DIGEST_WORD_REVERSED密码包含了保留字典中的词 ILLEGAL_MATCH密码匹配了非法结构 {0} ALLOWED_MATCH密码必须要匹配结构 {0} ILLEGAL_CHAR密码 {1} 非法字符 {0} ALLOWED_CHAR密码 {1} 非法字符 {0} ILLEGAL_QWERTY_SEQUENCE密码包含连续的键盘字符 {0} ILLEGAL_ALPHABETICAL_SEQUENCE密码包含非法的字母序列 {0} ILLEGAL_NUMERICAL_SEQUENCE密码包含非法的数字序列 {0} ILLEGAL_USERNAME密码包含用户名 {0} ILLEGAL_USERNAME_REVERSED密码 {1} 倒序的用户 id {0} ILLEGAL_WHITESPACE密码 {1} 空格 ILLEGAL_NUMBER_RANGE密码 {1} 数字 {0}. ILLEGAL_REPEATED_CHARS密码中包含 {2} 序列 {0} 的一个或多个重复字符, 但仅允许 {1} 个: {3} INSUFFICIENT_UPPERCASE密码中必须包含至少 {0} 个大写字母 INSUFFICIENT_LOWERCASE密码中必须包含至少 {0} 个小写字母 INSUFFICIENT_ALPHABETICAL密码中必须包含至少 {0} 个字母 INSUFFICIENT_DIGIT密码中必须包含至少 {0} 个数字 INSUFFICIENT_SPECIAL密码中必须包含至少 {0} 个特殊字符 INSUFFICIENT_CHARACTERISTICS密码匹配了 {0} of {2} 字符规则, 但只允许 {1} 个 INSUFFICIENT_COMPLEXITY密码符合了 {1} 个复杂规则, 但需要符合 {2} 个 INSUFFICIENT_COMPLEXITY_RULES对于密码长度 {0}没有配置规则 SOURCE_VIOLATION密码不能和之前的 {0} 个历史密码相同 TOO_LONG密码长度不能超过 {1} 个字符 TOO_SHORT密码长度不能少于 {0} 个字符 TOO_MANY_OCCURRENCES密码包含 {1} 个 {0}, 但是至多只允许 {2} 个 CUSTOMIZATION_DATE_MATCH密码中包含年月字符 CUSTOMIZATION_POSTCODE_MATCH密码中包含邮政编码 CUSTOMIZATION_PHONE_MATCH密码中包含手机号 CUSTOMIZATION_IDENTITYCARD_MATCH密码中包含身份证号3.5 配置文件application.ymlyamlpassword: config: max-try-count: 10 # 生成密码最大重试次数 generator-password-length: 16 # 生成的密码长度4. 规则与规范对照表规范要求对应 Rule说明长度不少于12位不超过20位LengthRule(12, 20)完全满足包含大写、小写、数字、特殊字符CharacterRule(..., 1)× 4四类字符各至少1个不使用简单数字/字母组合IllegalSequenceRule(Alphabetical, 3)禁止 abc、def 等连续3位字母不使用简单数字/字母组合IllegalSequenceRule(Numerical, 3)禁止 123、456 等连续3位数字不使用键盘连续按键IllegalSequenceRule(USQwerty, 3)禁止 qwert、asdf 等键盘序列不使用重复字符RepeatCharactersRule(3)禁止 aaa、111 等3位重复不使用默认/常见弱口令DictionaryRuleDictionarySubstringRule内置30弱口令字典不与用户名相同/相关UsernameRule禁止包含用户名不使用手机号IllegalRegexRuleExtended手机号正则匹配11位手机号不使用身份证号IllegalRegexRuleExtended身份证正则匹配15/18位身份证不使用邮政编码IllegalRegexRuleExtended邮编正则匹配6位邮编不使用年月日期IllegalRegexRuleExtended日期正则匹配 YYYYMM 格式不包含空格WhitespaceRule禁止空白字符5. 方案总结维度评价规则覆盖完全覆盖密码管理规范的每一条要求代码质量生产可用职责清晰可维护性强扩展性支持自定义规则如IllegalRegexRuleExtended国际化支持中英文错误消息性能密码生成 500 个耗时极低重试机制保证成功率维护状态Passay 持续活跃无过时风险6. 附录生成的密码示例以下为系统自动生成的符合规范的密码示例16位序号密码包含大写包含小写包含数字包含特殊字符1V^PCO6U[~kBs#]KM✅✅✅✅2!$sw_4-%P^mQG7e✅✅✅✅36/Re:8hbW5).$}✅✅✅✅4{DSp[to0-re1*{s✅✅✅✅56}n2bS]Lb}1W*✅✅✅✅所有生成的密码均通过完整规则校验。

java基于 Passay 的密码生成与校验方案

相关文章：

java基于 Passay 的密码生成与校验方案

Claude API开发实战：从环境搭建到生产部署

从Wi-Fi到5G：聊聊‘升余弦滚降’这个老伙计，如何在现代通信里默默干活

幂函数与多项式导数：从基础原理到实用技巧

SyncTV开发者指南：如何扩展自定义视频源和认证提供商

分类数据集 - 小麦叶病虫害检测图像分类数据集下载

给CT影像新手的冠脉解剖入门指南：从17段分法到优势型判读

无损视频剪辑神器LosslessCut：快速入门与高效剪辑全攻略

【AI运维工程师紧急通告】：Docker 27已默认禁用 insecure-registries，你的私有模型仓库正面临部署中断风险！

G-Helper实用指南：重新定义华硕笔记本控制体验

终极解决！Sonoff Dongle-P适配器BUFFER_FULL错误的5种实战方案

避坑指南：专有钉钉H5微应用本地调试与发布上线的那些事儿

Xcode 13.3之后，iOS崩溃日志(.ips)符号化，除了symbolicatecrash还能怎么搞？

Zigbee2MQTT终极指南：轻松配置Viessmann 7963223气候传感器

ExplorerPatcher：Windows界面个性化定制终极指南

别再让模型训练过拟合了！用TensorFlow的EarlyStopping和ModelCheckpoint，自动保存最佳模型（附完整代码）

Handright性能优化：利用多进程并行渲染加速中文手写模拟

【2026年携程暑期实习- 4月23日-第一题- 炒鸡回文构造】（题目+思路+JavaC++Python解析+在线测试)

告别写放大！手把手教你用Zenfs在ZNS SSD上部署RocksDB（附性能对比与配置脚本）

用LVGL给你的嵌入式设备做个登录界面吧（附完整代码和事件处理逻辑）

Jetson Orin音频开发避坑指南：手把手教你用amixer配置AHUB音频路由（附常见问题排查）

深度学习模型评估指标：从原理到实践

MinerU 系列教程附录：速查手册与参考索引

MinerU 系列教程第二十七课：核心算法深度剖析

机器学习概率预测评估：对数损失、布里尔分数与ROC AUC详解

MinerU 系列教程第二十六课：设计模式在 MinerU 中的应用

丢包率不高但应用仍然卡顿？一次基于 tcpdump +RTT抽样的网络性能排障实战

AndroidX迁移指南：如何将XBanner适配到最新Android项目

Mate Engine未来路线图展望：即将到来的新功能

代价敏感学习在分类不平衡问题中的应用与实践