allowedregexrule allows to specify the regular pattern which a password should satisfy. consider the following example.

example

the below example shows the validation of a password against above policy using passay library.

import org.passay.allowedregexrule;
import org.passay.lengthrule;
import org.passay.passworddata;
import org.passay.passwordvalidator;
import org.passay.rule;
import org.passay.ruleresult;

public class passayexample {
   public static void main(string[] args) {
      //rule: password should contains alphabets only
      rule rule1 = new allowedregexrule("^[a-za-z]+$");
      //8 and 16 characters
      rule rule2 = new lengthrule(8, 16);    

      passwordvalidator validator = new passwordvalidator(rule1, rule2);
      passworddata password = new passworddata("microsoft@123");
      ruleresult result = validator.validate(password);

      if(result.isvalid()){
         system.out.println("password validated.");
      } else {
         system.out.println("invalid password: " + validator.getmessages(result));            
      }
   }
}

output

invalid password: [password must match pattern '^[a-za-z]+$'.]