Using a Regular expression for password validation

I am using following regular expression my java code.

^.*(?=.{6,20})(?=.*[a-z].*[a-z])(?=.*[A-Z])(?=.*[0-9]).*$

When I am trying to use same in xml as

^.\*(\?=.{6,20})(\?=.\*[a-z].\*[a-z])(\?=.\*[A-Z])(\?=.\*[0-9]).\*$ 

It is not working. It showing exception as below.

java.lang.IllegalArgumentException: cvc-pattern-valid: Value 'narendra1A' is not facet-valid with respect to pattern '^.*(\?=.{6,20})(\?=.*[a-z].*[a-z])(\?=.*[A-Z])(\?=.*[0-9]).*$' for type '#AnonType_passwordcreateUser'.

Can any one help in this regard.

Thanks开发者_StackOverflow中文版,

Narendra

---

This does not directly answer your question, but it may be a better option for you than trying to do password quality checks with regexes.

The vt-password library is an excellent Java library that implements rule-based password quality checking. In addition to counting characters / character classes, it does things like checking against dictionaries, checking for passwords used previously, checking for repeated characters, etc.

(If you are using Spring, it is pretty simple to configure the password rule objects in a Spring XML wiring file. This allows you to adjust the rules without changing your code.)

---

Password Regular Expression Pattern

((?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[@#$%]).{6,20})

Description

(           # Start of group
  (?=.*\d)      #   must contains one digit from 0-9
  (?=.*[a-z])   #   must contains one lowercase characters
  (?=.*[A-Z])   #   must contains one uppercase characters
  (?=.*[@#$%])  #   must contains one special symbols in the list "@#$%"
     .          #     match anything with previous condition checking
       {6,20}   #        length at least 6 characters and maximum of 20 
)           # End of group

---

Your pattern uses characters forbidden in XML document. To make things simple put password into CDATA.

---

Try this

^.\*(\?:.{6,20})(\?:.\*[a-z].\*[a-z])(\?:.\*[A-Z])(\?:.\*[0-9]).\*$