usergrid-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mdun...@apache.org
Subject usergrid git commit: HTML encoding fixes
Date Fri, 28 Jul 2017 16:02:13 GMT
Repository: usergrid
Updated Branches:
  refs/heads/hotfix-20170728 [created] b3bf7ed0d


HTML encoding fixes


Project: http://git-wip-us.apache.org/repos/asf/usergrid/repo
Commit: http://git-wip-us.apache.org/repos/asf/usergrid/commit/b3bf7ed0
Tree: http://git-wip-us.apache.org/repos/asf/usergrid/tree/b3bf7ed0
Diff: http://git-wip-us.apache.org/repos/asf/usergrid/diff/b3bf7ed0

Branch: refs/heads/hotfix-20170728
Commit: b3bf7ed0d12c33ad007604695c070e914e3aa143
Parents: 436cb80
Author: Mike Dunker <mdunker@google.com>
Authored: Wed Jul 26 15:13:32 2017 -0700
Committer: Mike Dunker <mdunker@google.com>
Committed: Wed Jul 26 15:13:32 2017 -0700

----------------------------------------------------------------------
 .../rest/management/users/UserResource.java     |   9 ++
 .../apache/usergrid/rest/TestResource/error.jsp |   4 +-
 .../apache/usergrid/rest/TestResource/test.jsp  |   4 +-
 .../ApplicationResource/authorize_form.jsp      |  14 +-
 .../applications/ApplicationResource/error.jsp  |   4 +-
 .../users/UserResource/activate.jsp             |   4 +-
 .../applications/users/UserResource/confirm.jsp |   4 +-
 .../applications/users/UserResource/error.jsp   |   4 +-
 .../users/UserResource/resetpw_email_form.jsp   |  10 +-
 .../UserResource/resetpw_email_success.jsp      |   4 +-
 .../users/UserResource/resetpw_set_form.jsp     |   8 +-
 .../users/UserResource/resetpw_set_success.jsp  |   4 +-
 .../applications/users/UsersResource/error.jsp  |   4 +-
 .../users/UsersResource/resetpw_email_form.jsp  |   8 +-
 .../UsersResource/resetpw_email_success.jsp     |   4 +-
 .../ManagementResource/authorize_form.jsp       |  14 +-
 .../management/ManagementResource/error.jsp     |   4 +-
 .../OrganizationResource/activate.jsp           |   4 +-
 .../OrganizationResource/confirm.jsp            |   4 +-
 .../OrganizationResource/error.jsp              |   4 +-
 .../management/users/UserResource/activate.jsp  |   4 +-
 .../management/users/UserResource/confirm.jsp   |   4 +-
 .../management/users/UserResource/error.jsp     |   4 +-
 .../users/UserResource/resetpw_email_form.jsp   |   8 +-
 .../UserResource/resetpw_email_success.jsp      |   4 +-
 .../users/UserResource/resetpw_set_form.jsp     |   8 +-
 .../users/UserResource/resetpw_set_success.jsp  |   4 +-
 .../management/users/UsersResource/error.jsp    |   4 +-
 .../users/UsersResource/resetpw_email_form.jsp  |   6 +-
 .../UsersResource/resetpw_email_success.jsp     |   4 +-
 .../usergrid/management/ManagementService.java  |  10 +-
 .../cassandra/ManagementServiceImpl.java        |  14 ++
 .../usergrid/security/PasswordPolicy.java       |  53 +++++++
 .../usergrid/security/PasswordPolicyFig.java    |  79 ++++++++++
 .../usergrid/security/PasswordPolicyImpl.java   | 156 +++++++++++++++++++
 .../services/guice/ServiceModuleImpl.java       |   7 +
 36 files changed, 403 insertions(+), 85 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/usergrid/blob/b3bf7ed0/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UserResource.java
----------------------------------------------------------------------
diff --git a/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UserResource.java b/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UserResource.java
index 95f607b..cac5f2b 100644
--- a/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UserResource.java
+++ b/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UserResource.java
@@ -43,6 +43,7 @@ import javax.ws.rs.*;
 import javax.ws.rs.core.Context;
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.UriInfo;
+import java.util.Collection;
 import java.util.Map;
 import java.util.UUID;
 
@@ -297,6 +298,14 @@ public class UserResource extends AbstractContextResource {
             if ( ( password1 != null ) || ( password2 != null ) ) {
                 if ( management.checkPasswordResetTokenForAdminUser( user.getUuid(), tokenInfo ) ) {
                     if ( ( password1 != null ) && password1.equals( password2 ) ) {
+                        // validate password
+                        Collection<String> violations = management.passwordPolicyCheck(password1, true);
+                        if (violations.size() > 0) {
+                            // password not valid
+                            errorMsg = management.getPasswordDescription(true);
+                            return handleViewable( "resetpw_set_form", this, organizationId );
+                        }
+
                         management.setAdminUserPassword( user.getUuid(), password1 );
                         management.revokeAccessTokenForAdminUser( user.getUuid(), token );
                         loginEndpoint = properties.getProperty("usergrid.viewable.loginEndpoint");

http://git-wip-us.apache.org/repos/asf/usergrid/blob/b3bf7ed0/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/TestResource/error.jsp
----------------------------------------------------------------------
diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/TestResource/error.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/TestResource/error.jsp
index be184b1..d02ad40 100644
--- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/TestResource/error.jsp
+++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/TestResource/error.jsp
@@ -27,7 +27,7 @@ limitations under the License.
 </head>
 <body>
 
-	<p>An error occurred <c:out value="${it}"/>.</p>
+	<p>An error occurred <c:out value="${it}" escapeXml="true"/>.</p>
 
 </body>
-</html>
\ No newline at end of file
+</html>

http://git-wip-us.apache.org/repos/asf/usergrid/blob/b3bf7ed0/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/TestResource/test.jsp
----------------------------------------------------------------------
diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/TestResource/test.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/TestResource/test.jsp
index 83a6ad1..5dd8ebc 100644
--- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/TestResource/test.jsp
+++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/TestResource/test.jsp
@@ -24,6 +24,6 @@ limitations under the License.
 	<link rel="stylesheet" type="text/css" href="/css/styles.css" />
 </head>
 <body>
-<h1>${it.foo}</h1> 
+<h1>${fn:escapeXml(it.foo)}</h1>
 </body>
-</html>
\ No newline at end of file
+</html>

http://git-wip-us.apache.org/repos/asf/usergrid/blob/b3bf7ed0/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/ApplicationResource/authorize_form.jsp
----------------------------------------------------------------------
diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/ApplicationResource/authorize_form.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/ApplicationResource/authorize_form.jsp
index 6b1b8b2..1ee5e31 100644
--- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/ApplicationResource/authorize_form.jsp
+++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/ApplicationResource/authorize_form.jsp
@@ -28,13 +28,13 @@ limitations under the License.
 <body>
 
 	<div class="dialog-area">
-		<c:if test="${!empty it.errorMsg}"><div class="dialog-form-message">${it.errorMsg}</div></c:if>
+		<c:if test="${!empty fn:escapeXml(it.errorMsg)}"><div class="dialog-form-message">${fn:escapeXml(it.errorMsg)}</div></c:if>
 		<form class="dialog-form" action="" method="post">
-			<input type="hidden" name="response_type" value="${it.responseType}">
-			<input type="hidden" name="client_id" value="${it.clientId}">
-			<input type="hidden" name="redirect_uri" value="${it.redirectUri}">
-			<input type="hidden" name="scope" value="${it.scope}">
-			<input type="hidden" name="state" value="${it.state}">
+			<input type="hidden" name="response_type" value="${fn:escapeXml(it.responseType)}">
+			<input type="hidden" name="client_id" value="${fn:escapeXml(it.clientId)}">
+			<input type="hidden" name="redirect_uri" value="${fn:escapeXml(it.redirectUri)}">
+			<input type="hidden" name="scope" value="${fn:escapeXml(it.scope)}">
+			<input type="hidden" name="state" value="${fn:escapeXml(it.state)}">
 			<fieldset>
 				<p>
 					<label for="username">Username</label>
@@ -56,4 +56,4 @@ limitations under the License.
 	</div>
 
 </body>
-</html>
\ No newline at end of file
+</html>

http://git-wip-us.apache.org/repos/asf/usergrid/blob/b3bf7ed0/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/ApplicationResource/error.jsp
----------------------------------------------------------------------
diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/ApplicationResource/error.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/ApplicationResource/error.jsp
index be184b1..d02ad40 100644
--- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/ApplicationResource/error.jsp
+++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/ApplicationResource/error.jsp
@@ -27,7 +27,7 @@ limitations under the License.
 </head>
 <body>
 
-	<p>An error occurred <c:out value="${it}"/>.</p>
+	<p>An error occurred <c:out value="${it}" escapeXml="true"/>.</p>
 
 </body>
-</html>
\ No newline at end of file
+</html>

http://git-wip-us.apache.org/repos/asf/usergrid/blob/b3bf7ed0/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/activate.jsp
----------------------------------------------------------------------
diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/activate.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/activate.jsp
index dfcf3b7..20e69b8 100644
--- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/activate.jsp
+++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/activate.jsp
@@ -26,7 +26,7 @@ limitations under the License.
 </head>
 <body>
 
-	<p>Your account with email address <c:out value="${it.user.email}"/> has been successfully activated.</p>
+	<p>Your account with email address <c:out value="${it.user.email}" escapeXml="true"/> has been successfully activated.</p>
 
 </body>
-</html>
\ No newline at end of file
+</html>

http://git-wip-us.apache.org/repos/asf/usergrid/blob/b3bf7ed0/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/confirm.jsp
----------------------------------------------------------------------
diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/confirm.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/confirm.jsp
index 02e9ee3..d7f3acc 100644
--- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/confirm.jsp
+++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/confirm.jsp
@@ -26,8 +26,8 @@ limitations under the License.
 </head>
 <body>
 
-	<p>Your account with email address <c:out value="${it.user.email}"/> has been successfully confirmed.
+	<p>Your account with email address <c:out value="${it.user.email}" escapeXml="true"/> has been successfully confirmed.
 	You will received an email soon to let you know when you account has been activated</p>
 
 </body>
-</html>
\ No newline at end of file
+</html>

http://git-wip-us.apache.org/repos/asf/usergrid/blob/b3bf7ed0/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/error.jsp
----------------------------------------------------------------------
diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/error.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/error.jsp
index be184b1..d02ad40 100644
--- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/error.jsp
+++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/error.jsp
@@ -27,7 +27,7 @@ limitations under the License.
 </head>
 <body>
 
-	<p>An error occurred <c:out value="${it}"/>.</p>
+	<p>An error occurred <c:out value="${it}" escapeXml="true"/>.</p>
 
 </body>
-</html>
\ No newline at end of file
+</html>

http://git-wip-us.apache.org/repos/asf/usergrid/blob/b3bf7ed0/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/resetpw_email_form.jsp
----------------------------------------------------------------------
diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/resetpw_email_form.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/resetpw_email_form.jsp
index 0f53bfc..9d920e5 100644
--- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/resetpw_email_form.jsp
+++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/resetpw_email_form.jsp
@@ -26,17 +26,17 @@ limitations under the License.
 </head>
 <body>
 	<div class="dialog-area">
-		<c:if test="${!empty it.errorMsg}">
-			<div class="dialog-form-message">${it.errorMsg}</div>
+		<c:if test="${!empty fn:escapeXml(it.errorMsg)}">
+			<div class="dialog-form-message">${fn:escapeXml(it.errorMsg)}</div>
 		</c:if>
 		<form class="dialog-form" action="" method="post">
 			<fieldset>
 				<p>
 					Enter the captcha to have your password reset instructions sent to
-					<c:out value="${it.user.email}" />
+					<c:out value="${it.user.email}" escapeXml="true" />
 				</p>
 				<p id="human-proof"></p>
-				${it.reCaptchaHtml}
+				${fn:escapeXml(it.reCaptchaHtml)}
 				<p class="buttons">
 					<input type="submit" value="submit" />
 				</p>
@@ -44,4 +44,4 @@ limitations under the License.
 		</form>
 	</div>
 </body>
-</html>
\ No newline at end of file
+</html>

http://git-wip-us.apache.org/repos/asf/usergrid/blob/b3bf7ed0/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/resetpw_email_success.jsp
----------------------------------------------------------------------
diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/resetpw_email_success.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/resetpw_email_success.jsp
index 23f8508..41c5176 100644
--- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/resetpw_email_success.jsp
+++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/resetpw_email_success.jsp
@@ -29,7 +29,7 @@ limitations under the License.
 </head>
 <body>
 
-	<p>Email with instructions for password reset sent to <c:out value="${it.user.email}"/></p>
+	<p>Email with instructions for password reset sent to <c:out value="${it.user.email}" escapeXml="true"/></p>
 
 </body>
-</html>
\ No newline at end of file
+</html>

http://git-wip-us.apache.org/repos/asf/usergrid/blob/b3bf7ed0/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/resetpw_set_form.jsp
----------------------------------------------------------------------
diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/resetpw_set_form.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/resetpw_set_form.jsp
index a83d80d..60384c4 100644
--- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/resetpw_set_form.jsp
+++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/resetpw_set_form.jsp
@@ -30,12 +30,12 @@ limitations under the License.
 <body>
 
 	<div class="dialog-area">
-		<c:if test="${!empty it.errorMsg}"><div class="dialog-form-message">${it.errorMsg}</div></c:if>
+		<c:if test="${!empty fn:escapeXml(it.errorMsg)}"><div class="dialog-form-message">${fn:escapeXml(it.errorMsg)}</div></c:if>
 		<form class="dialog-form" action="" method="post">
-			<input type="hidden" name="token" value="${it.token}">
+			<input type="hidden" name="token" value="${fn:escapeXml(it.token)}">
 			<fieldset>
 				<p>
-					<label for="password1">Please enter your new password for <c:out value="${it.user.email}"/>.</label>
+					<label for="password1">Please enter your new password for <c:out value="${it.user.email}" escapeXml="true"/>.</label>
 				</p>
 				<p>
 					<input class="text_field" id="password1" name="password1" type="password" />
@@ -54,4 +54,4 @@ limitations under the License.
 	</div>
 
 </body>
-</html>
\ No newline at end of file
+</html>

http://git-wip-us.apache.org/repos/asf/usergrid/blob/b3bf7ed0/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/resetpw_set_success.jsp
----------------------------------------------------------------------
diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/resetpw_set_success.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/resetpw_set_success.jsp
index 9de90ba..3915084 100644
--- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/resetpw_set_success.jsp
+++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/resetpw_set_success.jsp
@@ -29,7 +29,7 @@ limitations under the License.
 </head>
 <body>
 
-	<p>New password set for <c:out value="${it.user.email}"/></p>
+	<p>New password set for <c:out value="${it.user.email}" escapeXml="true"/></p>
 
 </body>
-</html>
\ No newline at end of file
+</html>

http://git-wip-us.apache.org/repos/asf/usergrid/blob/b3bf7ed0/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UsersResource/error.jsp
----------------------------------------------------------------------
diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UsersResource/error.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UsersResource/error.jsp
index be184b1..d02ad40 100644
--- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UsersResource/error.jsp
+++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UsersResource/error.jsp
@@ -27,7 +27,7 @@ limitations under the License.
 </head>
 <body>
 
-	<p>An error occurred <c:out value="${it}"/>.</p>
+	<p>An error occurred <c:out value="${it}" escapeXml="true"/>.</p>
 
 </body>
-</html>
\ No newline at end of file
+</html>

http://git-wip-us.apache.org/repos/asf/usergrid/blob/b3bf7ed0/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UsersResource/resetpw_email_form.jsp
----------------------------------------------------------------------
diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UsersResource/resetpw_email_form.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UsersResource/resetpw_email_form.jsp
index 3211a3a..d60eae6 100644
--- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UsersResource/resetpw_email_form.jsp
+++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UsersResource/resetpw_email_form.jsp
@@ -27,8 +27,8 @@ limitations under the License.
 <body>
 
 	<div class="dialog-area">
-		<c:if test="${!empty it.errorMsg}">
-			<div class="dialog-form-message">${it.errorMsg}</div>
+		<c:if test="${!empty fn:escapeXml(it.errorMsg)}">
+			<div class="dialog-form-message">${fn:escapeXml(it.errorMsg)}</div>
 		</c:if>
 		<form class="dialog-form" action="" method="post">
 			<fieldset>
@@ -41,7 +41,7 @@ limitations under the License.
 					<input class="text_field" id="email" name="email" type="text" />
 				</p>
 				<p id="human-proof"></p>
-				${it.reCaptchaHtml}
+				${fn:escapeXml(it.reCaptchaHtml)}
 				<p class="buttons">
 					<button type="submit">Submit</button>
 				</p>
@@ -50,4 +50,4 @@ limitations under the License.
 	</div>
 
 </body>
-</html>
\ No newline at end of file
+</html>

http://git-wip-us.apache.org/repos/asf/usergrid/blob/b3bf7ed0/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UsersResource/resetpw_email_success.jsp
----------------------------------------------------------------------
diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UsersResource/resetpw_email_success.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UsersResource/resetpw_email_success.jsp
index 23f8508..41c5176 100644
--- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UsersResource/resetpw_email_success.jsp
+++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UsersResource/resetpw_email_success.jsp
@@ -29,7 +29,7 @@ limitations under the License.
 </head>
 <body>
 
-	<p>Email with instructions for password reset sent to <c:out value="${it.user.email}"/></p>
+	<p>Email with instructions for password reset sent to <c:out value="${it.user.email}" escapeXml="true"/></p>
 
 </body>
-</html>
\ No newline at end of file
+</html>

http://git-wip-us.apache.org/repos/asf/usergrid/blob/b3bf7ed0/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/ManagementResource/authorize_form.jsp
----------------------------------------------------------------------
diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/ManagementResource/authorize_form.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/ManagementResource/authorize_form.jsp
index 6b1b8b2..1ee5e31 100644
--- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/ManagementResource/authorize_form.jsp
+++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/ManagementResource/authorize_form.jsp
@@ -28,13 +28,13 @@ limitations under the License.
 <body>
 
 	<div class="dialog-area">
-		<c:if test="${!empty it.errorMsg}"><div class="dialog-form-message">${it.errorMsg}</div></c:if>
+		<c:if test="${!empty fn:escapeXml(it.errorMsg)}"><div class="dialog-form-message">${fn:escapeXml(it.errorMsg)}</div></c:if>
 		<form class="dialog-form" action="" method="post">
-			<input type="hidden" name="response_type" value="${it.responseType}">
-			<input type="hidden" name="client_id" value="${it.clientId}">
-			<input type="hidden" name="redirect_uri" value="${it.redirectUri}">
-			<input type="hidden" name="scope" value="${it.scope}">
-			<input type="hidden" name="state" value="${it.state}">
+			<input type="hidden" name="response_type" value="${fn:escapeXml(it.responseType)}">
+			<input type="hidden" name="client_id" value="${fn:escapeXml(it.clientId)}">
+			<input type="hidden" name="redirect_uri" value="${fn:escapeXml(it.redirectUri)}">
+			<input type="hidden" name="scope" value="${fn:escapeXml(it.scope)}">
+			<input type="hidden" name="state" value="${fn:escapeXml(it.state)}">
 			<fieldset>
 				<p>
 					<label for="username">Username</label>
@@ -56,4 +56,4 @@ limitations under the License.
 	</div>
 
 </body>
-</html>
\ No newline at end of file
+</html>

http://git-wip-us.apache.org/repos/asf/usergrid/blob/b3bf7ed0/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/ManagementResource/error.jsp
----------------------------------------------------------------------
diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/ManagementResource/error.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/ManagementResource/error.jsp
index be184b1..d02ad40 100644
--- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/ManagementResource/error.jsp
+++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/ManagementResource/error.jsp
@@ -27,7 +27,7 @@ limitations under the License.
 </head>
 <body>
 
-	<p>An error occurred <c:out value="${it}"/>.</p>
+	<p>An error occurred <c:out value="${it}" escapeXml="true"/>.</p>
 
 </body>
-</html>
\ No newline at end of file
+</html>

http://git-wip-us.apache.org/repos/asf/usergrid/blob/b3bf7ed0/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/organizations/OrganizationResource/activate.jsp
----------------------------------------------------------------------
diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/organizations/OrganizationResource/activate.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/organizations/OrganizationResource/activate.jsp
index 85114cd..f5fa14d 100644
--- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/organizations/OrganizationResource/activate.jsp
+++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/organizations/OrganizationResource/activate.jsp
@@ -26,7 +26,7 @@ limitations under the License.
 </head>
 <body>
 
-	<p>Your organization <c:out value="${it.organization.name}"/> has been successfully activated.</p>
+	<p>Your organization <c:out value="${it.organization.name}" escapeXml="true"/> has been successfully activated.</p>
 
 </body>
-</html>
\ No newline at end of file
+</html>

http://git-wip-us.apache.org/repos/asf/usergrid/blob/b3bf7ed0/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/organizations/OrganizationResource/confirm.jsp
----------------------------------------------------------------------
diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/organizations/OrganizationResource/confirm.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/organizations/OrganizationResource/confirm.jsp
index f4307b7..5fb41c7 100644
--- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/organizations/OrganizationResource/confirm.jsp
+++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/organizations/OrganizationResource/confirm.jsp
@@ -26,8 +26,8 @@ limitations under the License.
 </head>
 <body>
 
-	<p>Your organization <c:out value="${it.organization.name}"/> has been successfully confirmed.
+	<p>Your organization <c:out value="${it.organization.name}" escapeXml="true"/> has been successfully confirmed.
 	You will received an email soon to let you know when you organization has been activated</p>
 
 </body>
-</html>
\ No newline at end of file
+</html>

http://git-wip-us.apache.org/repos/asf/usergrid/blob/b3bf7ed0/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/organizations/OrganizationResource/error.jsp
----------------------------------------------------------------------
diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/organizations/OrganizationResource/error.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/organizations/OrganizationResource/error.jsp
index be184b1..d02ad40 100644
--- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/organizations/OrganizationResource/error.jsp
+++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/organizations/OrganizationResource/error.jsp
@@ -27,7 +27,7 @@ limitations under the License.
 </head>
 <body>
 
-	<p>An error occurred <c:out value="${it}"/>.</p>
+	<p>An error occurred <c:out value="${it}" escapeXml="true"/>.</p>
 
 </body>
-</html>
\ No newline at end of file
+</html>

http://git-wip-us.apache.org/repos/asf/usergrid/blob/b3bf7ed0/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/activate.jsp
----------------------------------------------------------------------
diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/activate.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/activate.jsp
index dfcf3b7..20e69b8 100644
--- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/activate.jsp
+++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/activate.jsp
@@ -26,7 +26,7 @@ limitations under the License.
 </head>
 <body>
 
-	<p>Your account with email address <c:out value="${it.user.email}"/> has been successfully activated.</p>
+	<p>Your account with email address <c:out value="${it.user.email}" escapeXml="true"/> has been successfully activated.</p>
 
 </body>
-</html>
\ No newline at end of file
+</html>

http://git-wip-us.apache.org/repos/asf/usergrid/blob/b3bf7ed0/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/confirm.jsp
----------------------------------------------------------------------
diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/confirm.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/confirm.jsp
index 02e9ee3..d7f3acc 100644
--- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/confirm.jsp
+++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/confirm.jsp
@@ -26,8 +26,8 @@ limitations under the License.
 </head>
 <body>
 
-	<p>Your account with email address <c:out value="${it.user.email}"/> has been successfully confirmed.
+	<p>Your account with email address <c:out value="${it.user.email}" escapeXml="true"/> has been successfully confirmed.
 	You will received an email soon to let you know when you account has been activated</p>
 
 </body>
-</html>
\ No newline at end of file
+</html>

http://git-wip-us.apache.org/repos/asf/usergrid/blob/b3bf7ed0/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/error.jsp
----------------------------------------------------------------------
diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/error.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/error.jsp
index be184b1..d02ad40 100644
--- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/error.jsp
+++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/error.jsp
@@ -27,7 +27,7 @@ limitations under the License.
 </head>
 <body>
 
-	<p>An error occurred <c:out value="${it}"/>.</p>
+	<p>An error occurred <c:out value="${it}" escapeXml="true"/>.</p>
 
 </body>
-</html>
\ No newline at end of file
+</html>

http://git-wip-us.apache.org/repos/asf/usergrid/blob/b3bf7ed0/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/resetpw_email_form.jsp
----------------------------------------------------------------------
diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/resetpw_email_form.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/resetpw_email_form.jsp
index 3e56cd1..6b0b48f 100644
--- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/resetpw_email_form.jsp
+++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/resetpw_email_form.jsp
@@ -26,17 +26,17 @@ limitations under the License.
 </head>
 <body>
 	<div class="dialog-area password-reset-form">
-		<c:if test="${!empty it.errorMsg}">
-			<div class="dialog-form-message">${it.errorMsg}</div>
+		<c:if test="${!empty fn:escapeXml(it.errorMsg)}">
+			<div class="dialog-form-message">${fn:escapeXml(it.errorMsg)}</div>
 		</c:if>
 		<form class="dialog-form" action="" method="post">
 			<fieldset>
 				<p>
 					Enter the captcha to have your password reset instructions sent to
-					<c:out value="${it.user.email}" />
+					<c:out value="${it.user.email}" escapeXml="true" />
 				</p>
 				<p id="human-proof"></p>
-				${it.reCaptchaHtml}
+				${fn:escapeXml(it.reCaptchaHtml)}
 				<p class="buttons">
 					<input type="submit" value="submit" />
 				</p>

http://git-wip-us.apache.org/repos/asf/usergrid/blob/b3bf7ed0/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/resetpw_email_success.jsp
----------------------------------------------------------------------
diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/resetpw_email_success.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/resetpw_email_success.jsp
index 23f8508..41c5176 100644
--- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/resetpw_email_success.jsp
+++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/resetpw_email_success.jsp
@@ -29,7 +29,7 @@ limitations under the License.
 </head>
 <body>
 
-	<p>Email with instructions for password reset sent to <c:out value="${it.user.email}"/></p>
+	<p>Email with instructions for password reset sent to <c:out value="${it.user.email}" escapeXml="true"/></p>
 
 </body>
-</html>
\ No newline at end of file
+</html>

http://git-wip-us.apache.org/repos/asf/usergrid/blob/b3bf7ed0/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/resetpw_set_form.jsp
----------------------------------------------------------------------
diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/resetpw_set_form.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/resetpw_set_form.jsp
index a83d80d..60384c4 100644
--- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/resetpw_set_form.jsp
+++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/resetpw_set_form.jsp
@@ -30,12 +30,12 @@ limitations under the License.
 <body>
 
 	<div class="dialog-area">
-		<c:if test="${!empty it.errorMsg}"><div class="dialog-form-message">${it.errorMsg}</div></c:if>
+		<c:if test="${!empty fn:escapeXml(it.errorMsg)}"><div class="dialog-form-message">${fn:escapeXml(it.errorMsg)}</div></c:if>
 		<form class="dialog-form" action="" method="post">
-			<input type="hidden" name="token" value="${it.token}">
+			<input type="hidden" name="token" value="${fn:escapeXml(it.token)}">
 			<fieldset>
 				<p>
-					<label for="password1">Please enter your new password for <c:out value="${it.user.email}"/>.</label>
+					<label for="password1">Please enter your new password for <c:out value="${it.user.email}" escapeXml="true"/>.</label>
 				</p>
 				<p>
 					<input class="text_field" id="password1" name="password1" type="password" />
@@ -54,4 +54,4 @@ limitations under the License.
 	</div>
 
 </body>
-</html>
\ No newline at end of file
+</html>

http://git-wip-us.apache.org/repos/asf/usergrid/blob/b3bf7ed0/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/resetpw_set_success.jsp
----------------------------------------------------------------------
diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/resetpw_set_success.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/resetpw_set_success.jsp
index 9de90ba..3915084 100644
--- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/resetpw_set_success.jsp
+++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/resetpw_set_success.jsp
@@ -29,7 +29,7 @@ limitations under the License.
 </head>
 <body>
 
-	<p>New password set for <c:out value="${it.user.email}"/></p>
+	<p>New password set for <c:out value="${it.user.email}" escapeXml="true"/></p>
 
 </body>
-</html>
\ No newline at end of file
+</html>

http://git-wip-us.apache.org/repos/asf/usergrid/blob/b3bf7ed0/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UsersResource/error.jsp
----------------------------------------------------------------------
diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UsersResource/error.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UsersResource/error.jsp
index be184b1..d02ad40 100644
--- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UsersResource/error.jsp
+++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UsersResource/error.jsp
@@ -27,7 +27,7 @@ limitations under the License.
 </head>
 <body>
 
-	<p>An error occurred <c:out value="${it}"/>.</p>
+	<p>An error occurred <c:out value="${it}" escapeXml="true"/>.</p>
 
 </body>
-</html>
\ No newline at end of file
+</html>

http://git-wip-us.apache.org/repos/asf/usergrid/blob/b3bf7ed0/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UsersResource/resetpw_email_form.jsp
----------------------------------------------------------------------
diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UsersResource/resetpw_email_form.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UsersResource/resetpw_email_form.jsp
index 8643016..8b15cd4 100644
--- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UsersResource/resetpw_email_form.jsp
+++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UsersResource/resetpw_email_form.jsp
@@ -27,7 +27,7 @@ limitations under the License.
 <body>
 
 	<div class="dialog-area">
-		<c:if test="${!empty it.errorMsg}"><div class="dialog-form-message">${it.errorMsg}</div></c:if>
+		<c:if test="${!empty fn:escnapeXml(it.errorMsg)}"><div class="dialog-form-message">${fn:escapeXml(it.errorMsg)}</div></c:if>
 		<form class="dialog-form" action="" method="post">
 			<fieldset>
 				<p>
@@ -38,7 +38,7 @@ limitations under the License.
 					<input class="text_field" id="email" name="email" type="text" />
 				</p>
 				<p id="human-proof"></p>
-				${it.reCaptchaHtml}
+				${fn:escapeXml(it.reCaptchaHtml)}
 				<p class="buttons">
 					<button type="submit">Submit</button>
 				</p>
@@ -47,4 +47,4 @@ limitations under the License.
 	</div>
 
 </body>
-</html>
\ No newline at end of file
+</html>

http://git-wip-us.apache.org/repos/asf/usergrid/blob/b3bf7ed0/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UsersResource/resetpw_email_success.jsp
----------------------------------------------------------------------
diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UsersResource/resetpw_email_success.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UsersResource/resetpw_email_success.jsp
index 23f8508..41c5176 100644
--- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UsersResource/resetpw_email_success.jsp
+++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UsersResource/resetpw_email_success.jsp
@@ -29,7 +29,7 @@ limitations under the License.
 </head>
 <body>
 
-	<p>Email with instructions for password reset sent to <c:out value="${it.user.email}"/></p>
+	<p>Email with instructions for password reset sent to <c:out value="${it.user.email}" escapeXml="true"/></p>
 
 </body>
-</html>
\ No newline at end of file
+</html>

http://git-wip-us.apache.org/repos/asf/usergrid/blob/b3bf7ed0/stack/services/src/main/java/org/apache/usergrid/management/ManagementService.java
----------------------------------------------------------------------
diff --git a/stack/services/src/main/java/org/apache/usergrid/management/ManagementService.java b/stack/services/src/main/java/org/apache/usergrid/management/ManagementService.java
index 2b88b07..df42d6a 100644
--- a/stack/services/src/main/java/org/apache/usergrid/management/ManagementService.java
+++ b/stack/services/src/main/java/org/apache/usergrid/management/ManagementService.java
@@ -17,11 +17,7 @@
 package org.apache.usergrid.management;
 
 
-import java.util.List;
-import java.util.Map;
-import java.util.Properties;
-import java.util.Set;
-import java.util.UUID;
+import java.util.*;
 
 import org.apache.usergrid.persistence.CredentialsInfo;
 import org.apache.usergrid.persistence.Entity;
@@ -372,6 +368,10 @@ public interface ManagementService {
 
 	Observable<Id> deleteAllEntities(final UUID applicationId,final int limit);
 
+	Collection<String> passwordPolicyCheck(String password, boolean isAdminUser);
+
+	String getPasswordDescription(boolean isAdminUser);
+
 
     // DO NOT REMOVE BELOW METHODS, THEY ARE HERE TO ALLOW EXTERNAL CLASSES TO OVERRIDE AND HOOK INTO POST PROCESSING
     void createOrganizationPostProcessing( final OrganizationInfo orgInfo,

http://git-wip-us.apache.org/repos/asf/usergrid/blob/b3bf7ed0/stack/services/src/main/java/org/apache/usergrid/management/cassandra/ManagementServiceImpl.java
----------------------------------------------------------------------
diff --git a/stack/services/src/main/java/org/apache/usergrid/management/cassandra/ManagementServiceImpl.java b/stack/services/src/main/java/org/apache/usergrid/management/cassandra/ManagementServiceImpl.java
index 876cd5b..2d60441 100644
--- a/stack/services/src/main/java/org/apache/usergrid/management/cassandra/ManagementServiceImpl.java
+++ b/stack/services/src/main/java/org/apache/usergrid/management/cassandra/ManagementServiceImpl.java
@@ -54,6 +54,7 @@ import org.apache.usergrid.persistence.model.entity.Id;
 import org.apache.usergrid.persistence.model.entity.SimpleId;
 import org.apache.usergrid.security.AuthPrincipalInfo;
 import org.apache.usergrid.security.AuthPrincipalType;
+import org.apache.usergrid.security.PasswordPolicy;
 import org.apache.usergrid.security.crypto.EncryptionService;
 import org.apache.usergrid.security.oauth.AccessInfo;
 import org.apache.usergrid.security.oauth.ClientCredentialsInfo;
@@ -172,6 +173,8 @@ public class ManagementServiceImpl implements ManagementService {
 
     protected LocalShiroCache localShiroCache;
 
+    protected PasswordPolicy passwordPolicy;
+
 
     private LoadingCache<UUID, OrganizationConfig> orgConfigByAppCache = CacheBuilder.newBuilder().maximumSize( 1000 )
         .expireAfterWrite( Long.valueOf( System.getProperty(ORG_CONFIG_CACHE_PROP, "30000") ) , TimeUnit.MILLISECONDS)
@@ -215,6 +218,7 @@ public class ManagementServiceImpl implements ManagementService {
         this.service = injector.getInstance(ApplicationService.class);
         this.localShiroCache = injector.getInstance(LocalShiroCache.class);
 
+        this.passwordPolicy = injector.getInstance(PasswordPolicy.class);
     }
 
     @Autowired
@@ -3497,6 +3501,16 @@ public class ManagementServiceImpl implements ManagementService {
     }
 
     @Override
+    public Collection<String> passwordPolicyCheck(String password, boolean isAdminUser) {
+        return passwordPolicy.policyCheck(password, isAdminUser);
+    }
+
+    @Override
+    public String getPasswordDescription(boolean isAdminUser) {
+        return passwordPolicy.getDescription(isAdminUser);
+    }
+
+    @Override
     public void createOrganizationPostProcessing( final OrganizationInfo orgInfo,
                                                   final Map<String,String> properties ){
         // do nothing, this is a hook for any classes extending the ManagementServiceInterface

http://git-wip-us.apache.org/repos/asf/usergrid/blob/b3bf7ed0/stack/services/src/main/java/org/apache/usergrid/security/PasswordPolicy.java
----------------------------------------------------------------------
diff --git a/stack/services/src/main/java/org/apache/usergrid/security/PasswordPolicy.java b/stack/services/src/main/java/org/apache/usergrid/security/PasswordPolicy.java
new file mode 100644
index 0000000..cc29b20
--- /dev/null
+++ b/stack/services/src/main/java/org/apache/usergrid/security/PasswordPolicy.java
@@ -0,0 +1,53 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.usergrid.security;
+
+
+import java.util.Collection;
+
+
+/**
+ * Interface to password policy.
+ */
+public interface PasswordPolicy {
+
+    String ERROR_POLICY_VIOLIATION    = "error_password_policy_violation";
+
+    String ERROR_UPPERCASE_POLICY     = "error_uppercase_policy";
+
+    String ERROR_DIGITS_POLICY        = "error_digits_policy";
+
+    String ERROR_SPECIAL_CHARS_POLICY = "error_special_chars_policy";
+
+    String ERROR_LENGTH_POLICY        = "error_length_policy";
+
+
+    /**
+     * Check to see if password conforms to policy.
+     *
+     * @param password Password to check.
+     * @return Collection of error strings, one for each policy violated or empty if password conforms.
+     */
+    Collection<String> policyCheck( String password, boolean isAdminUser );
+
+
+    /**
+     * Get description of password policy for error messages.
+     */
+    String getDescription( boolean isAdminUser );
+}

http://git-wip-us.apache.org/repos/asf/usergrid/blob/b3bf7ed0/stack/services/src/main/java/org/apache/usergrid/security/PasswordPolicyFig.java
----------------------------------------------------------------------
diff --git a/stack/services/src/main/java/org/apache/usergrid/security/PasswordPolicyFig.java b/stack/services/src/main/java/org/apache/usergrid/security/PasswordPolicyFig.java
new file mode 100644
index 0000000..e93f8e4
--- /dev/null
+++ b/stack/services/src/main/java/org/apache/usergrid/security/PasswordPolicyFig.java
@@ -0,0 +1,79 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.usergrid.security;
+
+import org.safehaus.guicyfig.Default;
+import org.safehaus.guicyfig.FigSingleton;
+import org.safehaus.guicyfig.GuicyFig;
+import org.safehaus.guicyfig.Key;
+
+
+@FigSingleton
+public interface PasswordPolicyFig extends GuicyFig {
+
+    String ALLOWED_SPECIAL_CHARS       = "usergrid.password-policy.allowed-special-chars";
+
+    String MIN_UPPERCASE_ADMIN         = "usergrid.password-policy.min-uppercase-admin";
+    String MIN_UPPERCASE               = "usergrid.password-policy.min-uppercase";
+
+    String MIN_DIGITS_ADMIN            = "usergrid.password-policy.min-digits-admin";
+    String MIN_DIGITS                  = "usergrid.password-policy.min-digits";
+
+    String MIN_SPECIAL_CHARS_ADMIN     = "usergrid.password-policy.min-special-chars-admin";
+    String MIN_SPECIAL_CHARS           = "usergrid.password-policy.min-special-chars";
+
+    String MIN_LENGTH_ADMIN            = "usergrid.password-policy.min-length-admin";
+    String MIN_LENGTH                  = "usergrid.password-policy.min-length";
+
+
+    @Key(MIN_UPPERCASE_ADMIN)
+    @Default("0")
+    int getMinUppercaseAdmin();
+
+    @Key(MIN_UPPERCASE)
+    @Default("0")
+    int getMinUppercase();
+
+    @Key(MIN_DIGITS_ADMIN)
+    @Default("0")
+    int getMinDigitsAdmin();
+
+    @Key(MIN_DIGITS)
+    @Default("0")
+    int getMinDigits();
+
+    @Key(MIN_SPECIAL_CHARS_ADMIN)
+    @Default("0")
+    int getMinSpecialCharsAdmin();
+
+    @Key(MIN_SPECIAL_CHARS)
+    @Default("0")
+    int getMinSpecialChars();
+
+    @Key(MIN_LENGTH_ADMIN)
+    @Default("4")
+    int getMinLengthAdmin();
+
+    @Key(MIN_LENGTH)
+    @Default("4")
+    int getMinLength();
+
+    @Key(ALLOWED_SPECIAL_CHARS)
+    @Default("`~!@#$%^&*()-_=+[{]}\\|;:'\",<.>/?")
+    String getAllowedSpecialChars();
+}

http://git-wip-us.apache.org/repos/asf/usergrid/blob/b3bf7ed0/stack/services/src/main/java/org/apache/usergrid/security/PasswordPolicyImpl.java
----------------------------------------------------------------------
diff --git a/stack/services/src/main/java/org/apache/usergrid/security/PasswordPolicyImpl.java b/stack/services/src/main/java/org/apache/usergrid/security/PasswordPolicyImpl.java
new file mode 100644
index 0000000..500592a
--- /dev/null
+++ b/stack/services/src/main/java/org/apache/usergrid/security/PasswordPolicyImpl.java
@@ -0,0 +1,156 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.usergrid.security;
+
+import com.google.inject.Inject;
+import org.apache.commons.lang3.StringUtils;
+
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.List;
+
+
+public class PasswordPolicyImpl implements PasswordPolicy {
+
+    private final PasswordPolicyFig passwordPolicyFig;
+
+
+    @Inject
+    PasswordPolicyImpl( PasswordPolicyFig passwordPolicyFig ) {
+        this.passwordPolicyFig = passwordPolicyFig;
+    }
+
+
+    @Override
+    public String getDescription( boolean isAdminUser ) {
+
+        final int minLength;
+        final int minUppercase;
+        final int minDigits;
+        final int minSpecialChars;
+
+        if ( isAdminUser ) {
+            minLength       = passwordPolicyFig.getMinLengthAdmin();
+            minUppercase    = passwordPolicyFig.getMinUppercaseAdmin();
+            minDigits       = passwordPolicyFig.getMinDigitsAdmin();
+            minSpecialChars = passwordPolicyFig.getMinSpecialCharsAdmin();
+        } else {
+            minLength       = passwordPolicyFig.getMinLength();
+            minUppercase    = passwordPolicyFig.getMinUppercase();
+            minDigits       = passwordPolicyFig.getMinDigits();
+            minSpecialChars = passwordPolicyFig.getMinSpecialChars();
+        }
+
+        StringBuilder sb = new StringBuilder();
+        sb.append( "Password must be at least " ).append( minLength ).append(" characters. ");
+        if ( minUppercase > 0 ) {
+            sb.append( "Must include " ).append( minUppercase ).append(" uppercase characters. ");
+        }
+        if ( minDigits > 0 ) {
+            sb.append( "Must include " ).append( minDigits ).append(" numbers. ");
+        }
+        if ( minSpecialChars > 0 ) {
+            sb.append( "Must include " ).append( minUppercase ).append(" special characters. ");
+        }
+        return sb.toString();
+    }
+
+
+    @Override
+    public Collection<String> policyCheck( String password, boolean isAdminUser ) {
+
+        final int minLength;
+        final int minUppercase;
+        final int minDigits;
+        final int minSpecialChars;
+
+        if ( isAdminUser ) {
+            minLength       = passwordPolicyFig.getMinLengthAdmin();
+            minUppercase    = passwordPolicyFig.getMinUppercaseAdmin();
+            minDigits       = passwordPolicyFig.getMinDigitsAdmin();
+            minSpecialChars = passwordPolicyFig.getMinSpecialCharsAdmin();
+        } else {
+            minLength       = passwordPolicyFig.getMinLength();
+            minUppercase    = passwordPolicyFig.getMinUppercase();
+            minDigits       = passwordPolicyFig.getMinDigits();
+            minSpecialChars = passwordPolicyFig.getMinSpecialChars();
+        }
+
+        return policyCheck( password, minLength, minUppercase, minDigits, minSpecialChars );
+    }
+
+
+    public Collection<String> policyCheck(
+        String password, int minLength, int minUppercase, int minDigits, int minSpecialChars ) {
+
+
+        List<String> violations = new ArrayList<>(3);
+
+        // check length
+        if ( password == null || password.length() < minLength ) {
+            violations.add( PasswordPolicy.ERROR_LENGTH_POLICY
+                + ": must be at least " + minLength + " characters" );
+        }
+
+        // count upper case
+        if ( minUppercase > 0 ) {
+            int upperCaseCount = 0;
+            for (char c : password.toCharArray()) {
+                if (StringUtils.isAllUpperCase( String.valueOf( c ) )) {
+                    upperCaseCount++;
+                }
+            }
+            if (upperCaseCount < minUppercase) {
+                violations.add( PasswordPolicy.ERROR_UPPERCASE_POLICY
+                    + ": requires " + minUppercase + " uppercase characters" );
+            }
+        }
+
+        // count digits case
+        if ( minDigits > 0 ) {
+            int digitCount = 0;
+            for (char c : password.toCharArray()) {
+                if (StringUtils.isNumeric( String.valueOf( c ) )) {
+                    digitCount++;
+                }
+            }
+            if (digitCount < minDigits) {
+                violations.add( PasswordPolicy.ERROR_DIGITS_POLICY
+                    + ": requires " + minDigits + " digits" );
+            }
+        }
+
+        // count special characters
+        if ( minSpecialChars > 0 ) {
+            int specialCharCount = 0;
+            for (char c : password.toCharArray()) {
+                if (passwordPolicyFig.getAllowedSpecialChars().contains( String.valueOf( c ) )) {
+                    specialCharCount++;
+                }
+            }
+            if (specialCharCount < minSpecialChars) {
+                violations.add( PasswordPolicy.ERROR_SPECIAL_CHARS_POLICY
+                    + ": requires " + minSpecialChars + " special characters" );
+            }
+        }
+
+        return violations;
+    }
+
+
+}

http://git-wip-us.apache.org/repos/asf/usergrid/blob/b3bf7ed0/stack/services/src/main/java/org/apache/usergrid/services/guice/ServiceModuleImpl.java
----------------------------------------------------------------------
diff --git a/stack/services/src/main/java/org/apache/usergrid/services/guice/ServiceModuleImpl.java b/stack/services/src/main/java/org/apache/usergrid/services/guice/ServiceModuleImpl.java
index 58b301a..9e5485b 100644
--- a/stack/services/src/main/java/org/apache/usergrid/services/guice/ServiceModuleImpl.java
+++ b/stack/services/src/main/java/org/apache/usergrid/services/guice/ServiceModuleImpl.java
@@ -31,8 +31,12 @@ import org.apache.usergrid.persistence.cache.impl.CacheFactoryImpl;
 import org.apache.usergrid.persistence.cache.impl.ScopedCacheSerialization;
 import org.apache.usergrid.persistence.cache.impl.ScopedCacheSerializationImpl;
 import org.apache.usergrid.persistence.core.migration.data.MigrationPlugin;
+import org.apache.usergrid.security.PasswordPolicy;
+import org.apache.usergrid.security.PasswordPolicyFig;
+import org.apache.usergrid.security.PasswordPolicyImpl;
 import org.apache.usergrid.security.shiro.UsergridAuthenticationInfo;
 import org.apache.usergrid.security.shiro.UsergridAuthorizationInfo;
+import org.safehaus.guicyfig.GuicyFigModule;
 
 
 // <bean id="notificationsQueueListener" class="org.apache.usergrid.services.notifications.QueueListener"
@@ -70,5 +74,8 @@ public class ServiceModuleImpl extends AbstractModule implements ServiceModule {
         bind(    new TypeLiteral<ScopedCacheSerialization<String, UsergridAuthenticationInfo>>() {})
             .to( new TypeLiteral<ScopedCacheSerializationImpl<String, UsergridAuthenticationInfo>>() {});
 
+        bind( PasswordPolicy.class ).to( PasswordPolicyImpl.class );
+
+        install( new GuicyFigModule( PasswordPolicyFig.class ) );
     }
 }


Mime
View raw message