problem in password validation

Question

I am facing trouble in doing password validation. I am taking the min and max value for the range of password from the java class called applicationconstants and calling that in the servlets. I am using the validation function in another java class and calling that in servlet. Please help me in solving this problem.

servlet code

int minLength = ApplicationConstants.PASSWORD_MIN_LENGTH;
int maxLength = ApplicationConstants.PASSWORD_MAX_LENGTH;

 if (user.getUserPassword().length() > 0 || user.getUserPassword() !=null) {
          if (Validation.validateStringLengthRange(user.getUserPassword(), minLength, maxLength)) {
             System.out.println("servlet");
              isvalidate = false;
              hashMap.put("password", props.getText("error.password.compare.outofrange"));
              session.setAttribute("errorMessage", hashMap);
           }
  }

Validation.java

 public static boolean validateStringLengthRange(String name, int min, int max) {
        boolean isValid = true;
        int len = name.length();
        if (len > 0) {
            if (len < min || len > max) {
                System.out.println("validation.java");
                isValid = false;
            }
        }
        return isValid;
    }

ApplicationConstants.java

public static final int PASSWORD_MIN_LENGTH = 6;
public static final int PASSWORD_MAX_LENGTH = 18;

Answer 1

Blind try, since as paxdiablo said you're not specifying the problem

If the problem is that you get a NullPointerException, please double check this line

if (user.getUserPassword().length() > 0 || user.getUserPassword() !=null) {

and change it to

if (user.getUserPassword() !=null && user.getUserPassword().length() > 0) {

That should solve it ;)

Answer 2

Validation.validateStringLengthRange(user.getUserPassword(), minLength, maxLength))

returns true if it is valid. So you would want to put an error message if it's not valid:

if (!Validation.validateStringLengthRange(user.getUserPassword(), minLength, maxLength)) {
isvalidate = false;

Note the !.

Answer 3

Okay, so validateStringLengthRange returns true if the password was validated, but you seem to be invoking your error logic if the result was true - are you missing a "not" operator, i.e. should Validation.validateStringLengthRange be !Validation.validateStringLengthRange?

Also, you need to do the null check before checking the length, and I guess it should be an error even if the input is null, so how about:

String password = user.getUserPassword();
if (password == null || password.length() == 0 ||
    !Validation.validateStringLengthRange(password, minLength, maxLength)) {
        System.out.println("servlet");
        isvalidate = false;
        hashMap.put("password", props.getText("error.password.compare.outofrange"));
        session.setAttribute("errorMessage", hashMap);
}