java
48 lines · 7 steps
Building a custom @StrongPassword validator in Spring
A custom Bean Validation annotation pairs with a validator class to enforce password complexity rules declaratively.
Explained by
highlit
1@Target({ElementType.FIELD, ElementType.PARAMETER})
2@Retention(RetentionPolicy.RUNTIME)
3@Constraint(validatedBy = StrongPasswordValidator.class)
4@Documented
5public @interface StrongPassword {
6
7 String message() default "Password must be at least 8 characters and include upper, lower, digit, and special characters";
8
9 int minLength() default 8;
10
11 Class<?>[] groups() default {};
12
13 Class<? extends Payload>[] payload() default {};
14}
15
16public class StrongPasswordValidator implements ConstraintValidator<StrongPassword, String> {
17
18 private static final Pattern UPPER = Pattern.compile("[A-Z]");
19 private static final Pattern LOWER = Pattern.compile("[a-z]");
20 private static final Pattern DIGIT = Pattern.compile("\\d");
21 private static final Pattern SPECIAL = Pattern.compile("[^A-Za-z0-9]");
22
23 private int minLength;
24
25 @Override
26 public void initialize(StrongPassword annotation) {
27 this.minLength = annotation.minLength();
28 }
29
30 @Override
31 public boolean isValid(String value, ConstraintValidatorContext context) {
32 if (value == null) {
33 return true;
34 }
35 boolean valid = value.length() >= minLength
36 && UPPER.matcher(value).find()
37 && LOWER.matcher(value).find()
38 && DIGIT.matcher(value).find()
39 && SPECIAL.matcher(value).find();
40
41 if (!valid && StringUtils.hasText(value)) {
42 context.disableDefaultConstraintViolation();
43 context.buildConstraintViolationWithTemplate(context.getDefaultConstraintMessageTemplate())
44 .addConstraintViolation();
45 }
46 return valid;
47 }
48}
01 / 01
STEP 01
‹ swipe to step through ›
Walkthrough
Space play
←→ step
click any line
Three takeaways
- 1A custom constraint is two parts: the annotation declaring metadata and the validator holding the logic.
- 2Wiring a validator to an annotation via @Constraint(validatedBy=...) lets you validate fields declaratively anywhere.
- 3Returning true for null delegates presence checks to @NotNull, keeping each constraint focused on one concern.
Related explainers
java
public class ThumbnailProcessor { private static final int MAX_CONCURRENCY = 4;
Bounded parallel thumbnail rendering in Java
concurrency
thread-pool
futures
Intermediate
7 steps
java
public class SortedListMerger { public static int[] merge(int[] a, int[] b) { int[] result = new int[a.length + b.length];
Merging two sorted arrays in Java
two-pointers
merging
arrays
Beginner
6 steps
java
import java.util.ArrayDeque; import java.util.Deque; public final class RollingAverage {
A rolling average over a sliding window
sliding-window
running-sum
deque
Intermediate
7 steps
java
@Component public class JwtAuthenticationFilter extends OncePerRequestFilter { private final JwtTokenProvider tokenProvider;
How a JWT auth filter works in Spring
authentication
jwt
servlet-filter
Intermediate
8 steps
php
<?php namespace App\Support;
Building a URL slug from any title in PHP
regex
transliteration
string-processing
Intermediate
8 steps
java
@Entity @Table(name = "accounts") public class Account {
Optimistic locking with @Version in Spring
optimistic-locking
jpa
concurrency
Advanced
7 steps
Share this explainer
Here's the card — post it anywhere.
Made with highlit — turn any snippet into a walkthrough like this in about a minute.
Explain your code
Embed this explainer
Drop the interactive walkthrough into a blog or docs. Views never cost a credit.
<iframe src="https://highlit.co/explainers/building-a-custom-strongpassword-validator-in-spring-explained-java-a2c5/embed?autoplay=1" width="100%" height="520" loading="lazy" style="border:0"></iframe>
Autoplay is on by default — add ?autoplay=0 to start paused.