Index: lams_central/src/java/org/lamsfoundation/lams/web/PasswordChangeAction.java
===================================================================
diff -u -rfebc5ec394566f98439ce776a0be320b34310b0a -r047d1fe03a7bf51a7978a5658686947879611bff
--- lams_central/src/java/org/lamsfoundation/lams/web/PasswordChangeAction.java	(.../PasswordChangeAction.java)	(revision febc5ec394566f98439ce776a0be320b34310b0a)
+++ lams_central/src/java/org/lamsfoundation/lams/web/PasswordChangeAction.java	(.../PasswordChangeAction.java)	(revision 047d1fe03a7bf51a7978a5658686947879611bff)
@@ -38,6 +38,7 @@
 import org.lamsfoundation.lams.util.CentralConstants;
 import org.lamsfoundation.lams.util.HashUtil;
 import org.lamsfoundation.lams.util.MessageService;
+import org.lamsfoundation.lams.util.ValidationUtil;
 import org.lamsfoundation.lams.util.audit.IAuditService;
 import org.springframework.web.context.WebApplicationContext;
 import org.springframework.web.context.support.WebApplicationContextUtils;
@@ -107,6 +108,11 @@
 			errors.add("password", new ActionMessage("error.password.empty"));
 			PasswordChangeAction.log.debug("new password cannot be empty");
 		    }
+		    if (!ValidationUtil.isPasswordValueValid(password, passwordConfirm)) {
+			errors.add("password", new ActionMessage("label.password.restrictions"));
+			PasswordChangeAction.log.debug("Password must follow the restrictions");
+		    }
+
 		    if (errors.isEmpty()) {
 			String salt = HashUtil.salt();
 			user.setSalt(salt);
@@ -142,7 +148,7 @@
 	    // If no input page, use error forwarding
 	    return (mapping.findForward("error.system"));
 	}
-	request.setAttribute("redirectURL",passwordChangeForm.getRedirectURL());
+	request.setAttribute("redirectURL", passwordChangeForm.getRedirectURL());
 	return mapping.findForward("okay");
 
     }