How to Use Password Fields

< Day Day Up >

The JPasswordField ^[104] class, a subclass of JTextField , provides text fields specialized for password entry. (See Figure 40.) For security reasons, a password field doesn't show the characters the user types. Instead, the field displays another character such as an asterisk (*). As another security precaution, a password field stores its value as an array of characters , rather than as a string. Like an ordinary text field, a password field fires an action event when the user indicates that text entry is complete, such as by pressing the Enter key.

^[104] JPasswordField API documentation: http://java.sun.com/j2se/1.4.2/docs/api/javax/swing/JPasswordField.html.

Figure 40. `PasswordDemo` brings up a small window and prompts the user to type in a password.

graphics/07fig40.gif

You can run PasswordDemo using Java Web Start or compile and run the example yourself. ^[105] Here's the code that creates and sets up the password field:

^[105] To run PasswordDemo using Java Web Start, click the PasswordDemo link on the RunExamples/ components .html page on the CD. You can find the source files here: JavaTutorial/uiswing/components/example-1dot4/index.html#PasswordDemo .

 passwordField = new JPasswordField(10); passwordField.setEchoChar('#'); passwordField.setActionCommand(OK); passwordField.addActionListener(this);

The argument passed into the JPasswordField constructor indicates the preferred size of the field ”at least 10 columns wide in this case. By default a password field displays an asterisk (*) for each character typed. The call to setEchoChar changes it to a pound sign (#). Finally, the code adds an action listener to the password field, which checks the value typed in by the user. Here's the implementation of the action listener's actionPerformed method:

 public void actionPerformed(ActionEvent e) {     String cmd = e.getActionCommand();     if (OK.equals(cmd)) { //Process the password.  char[] input = passwordField.getPassword();  if (isPasswordCorrect(input)) {             JOptionPane.showMessageDialog(controllingFrame,                 "Success! You typed the right password.");         } else {             JOptionPane.showMessageDialog(controllingFrame,                 "Invalid password. Try again.",                 "Error Message",                 JOptionPane.ERROR_MESSAGE);         }         //Zero out the possible password, for security.         for (int i = 0; i < input.length; i++) {             input[i] = 0;         }         passwordField.selectAll();         resetFocus();     } else  ...//handle the Help button...  }

Security Note:

Although the JPasswordField class inherits the getText method, you should use the getPassword method instead. Not only is getText less secure, but in the future it might return the visible string instead of the typed-in string. To further enhance security, once you are finished with the character array returned by getPassword , you should set each of its elements to zero. The preceding code snippet shows how to do this.

A program using a password field typically validates the password before completing any actions requiring the password. This program calls a private method, isPasswordCorrect , that compares the value returned by getPassword to a value stored in a character array. Here's its code:

 private static boolean isPasswordCorrect(char[] input) {     boolean isCorrect = true;     char[] correctPassword = { 'b', 'u', 'g', 'a', 'b', 'o', 'o' };     if (input.length != correctPassword.length) {         isCorrect = false;     } else {         for (int i = 0; i < input.length; i++) {             if (input[i] != correctPassword[i]) {                 isCorrect = false;             }         }     }     //Zero out the password.     for (int i = 0; i < correctPassword.length; i++) {         correctPassword[i] = 0;     }     return isCorrect; }

The Password Field API

Table 55 lists the commonly used JPasswordField constructors and methods . For information on the API that password fields inherit, see How to Use Text Fields (page 423).

Table 55. Commonly Used JPasswordField Constructors and Methods

Constructor or Method	Purpose
JPasswordField() JPasswordField(String) JPasswordField(String, int) JPasswordField(int) JPasswordField(Document, String, int)	Create a password field. When present, the `int` argument specifies the desired width in columns. The `String` argument contains the field's initial text. The `Document` argument provides a custom model for the field.
`char[] getPassword()`	Set or get the text displayed by the password field.
void setEchoChar(char) char getEchoChar()	Set or get the echo character ”the character displayed instead of the actual characters typed by the user.
void addActionListener(ActionListener) void removeActionListener(ActionListener) (defined in JTextField )	Add or remove an action listener.
void selectAll() (defined in JTextComponent )	Select all characters in the password field.

Examples That Use Password Fields

The following examples use password fields. Also see Examples That Use Text Fields (page 426) for examples that use the API that password fields inherit.

Example	Where Described	Notes
`PasswordDemo`	This section	Implements a specialized panel that asks for a password and has OK and Help buttons .
`TextSamplerDemo`	Using Text Components (page 60)	Shows each kind of text component.

< Day Day Up >

Figure 40. PasswordDemo brings up a small window and prompts the user to type in a password.

The Password Field API

Table 55. Commonly Used JPasswordField Constructors and Methods

Examples That Use Password Fields

Figure 40. `PasswordDemo` brings up a small window and prompts the user to type in a password.