in extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/security/PasswordPolicyService.java [172:212]
public void verifyPassword(String username, String password)
throws GuacamoleException {
// Retrieve password policy from environment
PasswordPolicy policy = environment.getPasswordPolicy();
// Enforce minimum password length
if (password.length() < policy.getMinimumLength())
throw new PasswordMinimumLengthException(
"Password does not meet minimum length requirements.",
policy.getMinimumLength());
// Disallow passwords containing the username
if (policy.isUsernameProhibited() && password.toLowerCase().contains(username.toLowerCase()))
throw new PasswordContainsUsernameException(
"Password must not contain username.");
// Require both uppercase and lowercase characters
if (policy.isMultipleCaseRequired() && !matches(password, CONTAINS_LOWERCASE, CONTAINS_UPPERCASE))
throw new PasswordRequiresMultipleCaseException(
"Password must contain both uppercase and lowercase.");
// Require digits
if (policy.isNumericRequired() && !matches(password, CONTAINS_DIGIT))
throw new PasswordRequiresDigitException(
"Passwords must contain at least one digit.");
// Require non-alphanumeric symbols
if (policy.isNonAlphanumericRequired() && !matches(password, CONTAINS_NON_ALPHANUMERIC))
throw new PasswordRequiresSymbolException(
"Passwords must contain at least one non-alphanumeric character.");
// Prohibit password reuse
int historySize = policy.getHistorySize();
if (matchesPreviousPasswords(password, username, historySize))
throw new PasswordReusedException(
"Password matches a previously-used password.", historySize);
// Password passes all defined restrictions
}