Extended account information compliance checking rules

Feedback

SuperMap iServer provides the ability to extend the compliance check rules of account information, so you can flexibly customize the user name and password compliance check rules to meet your own project requirements, and use them to check whether the account information you created is compliant or not. You need to modify the configuration file to extend and customize the user name and password validation rules, including the regular expressions, dictionaries or strings used for compliance validation, and the error message prompted when the validation fails.

Configuration file introduction

In the root directory of the product package, %SuperMap iServer_HOME%/webapps/iserver/WEB-INF/config, the accountInfoComplianceRules.xml file has built-in account information compliance rules that are currently supported by SuperMap iServer. rules. Among them, the password rules can be found in User Management

The configuration file root node is the <rules> element, which includes the following two child nodes:

<passwordRules>node

A collection of <rule> tags for configuring password compliance checking rules. Each <rule> tag corresponds to one kind of password compliance checking rule, and contains configuration items such as checking method (<type>), rule name (<name>), rule expression (<expression>), Chinese error message (<zhErrMsg>), and English error message (<enErrMsg>) of the compliance rule.

A sample <passwordRules> node is shown below:

<rule>

<type>regularExpression</type>

<name>PwdLength</name>

<zhErrMsg>Password length at least 8 characters</zhErrMsg>

<enErrMsg>Password must contain at least 8 characters</enErrMsg>

</rule>

<rule>

<type>dictionary</type>

<name>NotContainsContinuationCharacter</name>

<condition>notcontainscontinuouschars,3</condition>

<dictionary>abcdefghijklmnopqrstuvwxyz</dictionary>

<dictionary>ABCDEFGHIJKLMNOPQRSTUVWXYZ</dictionary>

</expression>

<zhErrMsg>Passwords cannot contain three or more consecutive characters</zhErrMsg>

<enErrMsg>Password can’t contain three or more continuous characters and numbers</enErrMsg>

</rule>

<rule>

<type>StringMatch</type>

<name>notContainsUsernameAndReverse</name>

<condition>notcontainsextraparamsandreverse</condition>

<paramContent>${username}</paramContent>

</expression>

<zhErrMsg>The password must not contain the username and its backward spelling</zhErrMsg>

<enErrMsg>Pasword can't contain the user name and its reverse</enErrMsg>

</rule>

</passwordRules>

Among them.

<type>: Used to set the way to check compliance rules, including regular expression (regularExpression), dictionary (dictionary) and string match (StringMatch) and other three types.
<name>: The name of the rule used to set the compliance rule.
<expression>: Expressions used to set compliance rules. When <type> is a regularExpression it sets a regular expression describing the compliance rule and has no child nodes; when <type> is a dictionary and StringMatch it includes the following child nodes:
<condition>: used to set the matching condition of the compliance rule. When <type> is dictionary, you need to set the condition of associating with dictionary and the number of characters associated with dictionary according to the rule, connecting with “,” (e.g.: notcontainscontinuouschars,3); when <type> is StringMatch, you need to set the condition of associating with string according to the rule, e.g.: notcontainsextraparamsandreverse.

Note that currently, only notcontainscontinuouschars is supported when <type> is a dictionary and notcontainsextraparamsandreverse is supported when <type> is a StringMatch. notcontainsextraparamsandreverse) when <type> is a StringMatch.

<dictionary>: Used to set the associated dictionary for the compliance rule. This parameter is optional when <type> is a dictionary. Multiple <dictionaries> can be set in the same <expression> node.
<paramContent>: The association string used to set the compliance rule. This parameter is optional when <type> is StringMatch. Only one <paramContent> can be set in the same <expression> node and the <paramContent> can contain only one string, e.g. filled in as test.

Note that in the rules built into the configuration file, ${username} refers to the username character set by the user, and this configuration can only be used or replaced as a whole.

<zhErrMsg>: Used to set the Chinese message when the compliance rule fails.
<enErrMsg>: Used to set the English prompt message when failing to validate a compliance rule.

<usernameRules>node

A collection of <rule> tags for configuring username compliance checking rules. Each <rule> tag corresponds to one kind of username compliance validation rule and contains configuration items such as validation method (<type>), rule name (<name>), rule expression (<expression>), Chinese error message (<zhErrMsg>), and English error message (<enErrMsg>) of the compliance rule.

The <usernameRules> node is configured in the same way as the <passwordRules> node, as shown in the example below:

<rule>

<type>regularExpression</type>

<name>UsernameLength</name>

<zhErrMsg>Usernames must consist of numbers, letters, underscores or underscores and start with a letter</zhErrMsg>

<enErrMsg>User name must be composed of numbers, letters, underscores or dash, and begin with a letter.</enErrMsg>

</rule>

</usernameRules>

Extension and configuration process

According to the requirements in actual projects, you can modify or delete the account information compliance check rules already provided in SuperMap iServer, and you can also add new account information compliance check rules for extension. The supported rules include the limitation of the number of digits and character composition of user name and password. For the validation rule methods and associated conditions that can be used, please refer to the <passwordRules> node.

We add a node in the configuration file to achieve a simple extension to illustrate the expansion and configuration process to expand the password compliance check rule “passwords can not contain two or more vertical rows of consecutive characters” as an example.

1.Configuration file settings

In the root directory of the product package, %SuperMap iServer_HOME%webapps/iserver/WEB-INF/config, add the following contents in the sub-node <passwordRules> of the accountInfoComplianceRules.xml file:

…

<rule>

<type>dictionary</type>

<name>NotContainsKeyboardVerticalContinuationCharacter</name>

<condition>notcontainscontinuouschars,2</condition>

…

</expression>

<zhErrMsg>According to the keyboard array, the password cannot contain two or more consecutive characters in vertical rows</zhErrMsg>

<enErrMsg>Password can’t contain two or more continuous vertical characters on the keyboard</enErrMsg>

</rule>

</passwordRules>

Since the rule involves multiple characters and cannot be expressed using regular expressions, it is checked using a dictionary. Refer to the <passwordRules> node for the description of the configuration items to set up, in which the <dictionary> parameter only lists three groups, you can set up additional settings according to the actual situation.

2.View Extended Results

After completing the above configuration, it means that you have successfully added the password compliance check rule “Password cannot contain two or more consecutive characters in vertical rows”. Save the configuration file and restart SuperMap iServer, set passwords in Initialization Wizard - Create Administrator Account, User Management - Add User, Account Settings - Change Password and Force Password Change, etc., and then you can check the entered passwords against the compliance rule.

Note: If you want to reset the password of the administrator account, you need to stop the SuperMap iServer service and execute the passwordreset.bat/passwordreset.sh file in the [SuperMap iServer_HOME]\bin directory before restarting SuperMap iServer.