The AS 7.1 distribution now contains a utility for adding new users to the property files, this utility contains some very basic checks of the username and password e.g. bad choices of username and disallowing passwords which match the username.
This Jira is to implement a more advanced check to enforce complexity.
I believe we should have something along the lines of a util that will take a username and password and will respond ACCEPT, REJECT, or WARN where WARN has a message to display to the user and the user an opportunity to ignore the warning or return to re-entry of the details.
At some point in the future this could become a management operations so the implementation shouldn't be too constrained to the current command line tool.
As a management op we may also want to take into account the user making the request, i.e. a user changing their own password has tighter restrictions than the overall administrator.
As the add user script is currently stand alone this may be a nice task for someone to undertake who would like to get more familiar with submitting an AS change without needing to get too involved with the internals of the application server at this stage.