Can anyone recommend a Java library that contains methods that are suitable for performing server-side password strength checking in a webapp. Ideally the checker should be:
- configurable, allowing the deployer to supply different dictionaries, adjust weights of different criteria, and so on
- extensible allowing new criteria to be implemented if required
- implemented in pure Java
- not fundamentally intertwined with a tag libraries, UI components or "password management" functionality
- compatible with a GPL 3 project
- compatible with Spring wiring
- mavenized (ideally available through Maven Central)