Using Password Complexity Policies
A password complexity policy enforces requirements that make user passwords more resistant to brute-force attacks. You can create a password complexity class and add it to My webMethods Server for use with the system directory service. You cannot use this function for external directory services.
My webMethods Server includes an out-of-the-box password complexity policy class, the DefaultSystemPasswordComplexityPolicy, which is not enabled by default. The default password complexity enforces the following requirements to all system user passwords:
Minimum password length of eight symbols;
Maximum password length of 64 symbols;
Maximum three identical or sequential characters in a row, for example
aaa or
123.
You can enable the default password complexity policy, or configure your custom password complexity implementations as follows:
To configure a password complexity policy for
My webMethods Server1. Log in to My webMethods Server and go to the Properties page of the system directory service:
As SysAdmin:
Administration Dashboard > User Management > Directory Services AdministrationAs
My webMethods Administrator:
Navigate > Applications > My webMethods > Directory services2. On the Directory Services page, click the system directory service.
3. In the Password Complexity Class field under Security Information, select one of the following:
com.webmethods.portal.service.dir.impl.DefaultSystemPasswordComplexityPolicy - to use the built-in option for password complexity.
Other - to supply the fully qualified name of the class that contains your custom password complexity policy.
4. Click Apply.