Java Regex to not allow String Special Characters

Question

I want to set a password which do not allow specific special characters like

-_\

and my regular expression is as follows

PatternCompiler compiler = new Perl5Compiler();
PatternMatcher matcher = new Perl5Matcher();
pattern = compiler.compile("^(?=.*?[a-zA-Z])(?=.*?[0-9])([A-Za-z0-9-/-~][^\\\\\\\\_\-]*)$");

It is working partially. If i place unwanted special characters between the string and start of the string still it is matching the password

P@ssword123    --correct
-password@123  --it should not match
-passowrd"11   --it should not match
\password123   --it should not match
_@111Password  --it should not match
p@sswor"123    --correct

Any where in the string if i find -_\ regular expression should not match. Using Apache api for matching pattern in java

Answer 1

Here is a general regex you can try:

^((?=[A-Za-z])(?![_\-]).)*$
    ^^ whitelist  ^^ blacklist

You can include both a positive and negative lookahead assertion which will check for the presence or absence of a character class. Something like the following might work for you:

String password = "-passw@rd";
// nice trick: by placing hyphen at the end of the character class,
// we don't need to escape it
String pattern = "^((?=[A-Za-z0-9@])(?![_\\\\-]).)*$";
if (password.matches(pattern)) {
    System.out.println("valid");
}
else {
    System.out.println("not valid");
}

That being said, I would strongly recommend that you search around for regular expressions for passwords. This is a known and old problem, and a lot of good work has already been done in this area, including on Stack Overflow.