I would like to know how to tell vaadin to ensure password format verification occurs only on client side.
I have a form with fields and properties for username and password.
I set up password field to be secret, of course.
I set up the verification for password to be
at least 2 uppercase
at least 2 lowercase
at least 2 numbers
at least 2 special chars
I want the verification to be done only on the client side, because i don’t want the password to be passed back and forth the network as many times as a user did not satisfy the verification criteria.
Is there a way to tell vaadin to ensure verification of secret fields in a form, whether passwords or otherwise, is not done on the server?
This question is related to my question in 98010 - how to differentiate in a vaadin class, what is being done on the server and what is being done on the client.
And I don’t want to code in javascript as it would be pointless using gwt and vaadin because I would like gwt and vaadin to insulate me from writing javascript, a language which I find difficult to tame and maintain. I wish to be able to continue thanking google and vaadin for doing all the dirty javascript work for me.
If you want client-side validation of password format, you could use my
client-side validated TextField . I just noticed that the setSecret(true) did not work for it because it actually requires another client-side component for some technical reasons. So, I added a CSValidatedPasswordField, which should work.
You can try it with the
demo . Select the “Password” example in the menu.
Well, you specifically asked other than a JavaScript solution, but my generic client-side validator uses JavaScript:
password.js .
If you don’t want JavaScript, it’s not very difficult to implement the specific password validation in Java in the client-side, for example in my VCSValidatedPasswordField widget, but it would be nice to have a more generic solution that you could parameterize in the server-side API (for example how long the password must be and how many characters of each category it must have).
Notice that the component does not actually prevent submitting invalid passwords, as the user can move out of the input field (and click a submit button) even when the input is invalid. This client-side validation is just for informational purpose to the user and you need to validate the password on the server-side anyhow.
I have no reason not to want to use javascript because gwt finally gets to become javascript goo. I don’t mind using the goo but I don’t like writing the goo.
You can do the client-side validation of a password format with GWT just as well. You can see the
VCSValidatedTextField for an example of doing client-side validation. If you use the Eclipse plugin to create the component stub, it’s a somewhat simple task.
The root DOM element of a password text field has to be initialized with DOM.createInputPassword(), as done in
VCSValidatedPasswordField .