I'm creating a regexp for password validation to be used in a Java application as a configuration parameter.
The regexp is:
^.*(?=.{8,})(?=..*[0-9])(?=.*[a-z])(?=.*[A-Z])(?=.*[@#$%^&+=]).*$
The password policy is:
-
At least 8 chars
-
Contains at least one digit
-
Contains at least one lower alpha char and one upper alpha char
-
Contains at least one char within a set of special chars (
@#%$^
etc.) -
Does not contain space, tab, etc.
I’m missing just point 5. I'm not able to have the regexp check for space, tab, carriage return, etc.
Could anyone help me?
Best Answer
Try this:
Explanation:
It's easy to add, modify or remove individual rules, since every rule is an independent "module".
The
(?=.*[xyz])
construct eats the entire string (.*
) and backtracks to the first occurrence where[xyz]
can match. It succeeds if[xyz]
is found, it fails otherwise.The alternative would be using a reluctant qualifier:
(?=.*?[xyz])
. For a password check, this will hardly make any difference, for much longer strings it could be the more efficient variant.The most efficient variant (but hardest to read and maintain, therefore the most error-prone) would be
(?=[^xyz]*[xyz])
, of course. For a regex of this length and for this purpose, I would dis-recommend doing it that way, as it has no real benefits.