• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Account registration and email activation

 
Greenhorn
Posts: 18
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

I'm attempting to implement the following use case:

1. User goes to web page and enters email address and password

2. System assigns unique token to this user and sends an email to supplied address. This email contains an activation link that includes the unique token for this user

3. User clicks on link in email and their account is activated

I have seen this done using Spring Security, but would like to know if it is possible (and fairly straightforward) to achieve the same result using standard java libraries (in other words, i'd like to avoid using 3rd party libraries such as spring-security).

Thanks
 
Author
Posts: 12617
IntelliJ IDE Ruby
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Just store the token in a DB, when that token is presented as part of a URL activate the user--what specifically are you having a problem with?
 
Rory Evans
Greenhorn
Posts: 18
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
With regards to generating a token, is it a good idea to use Java's UUID.randomUUID() method or is there a better approach?
 
David Newton
Author
Posts: 12617
IntelliJ IDE Ruby
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
It's probably fine.
 
Rory Evans
Greenhorn
Posts: 18
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I am planning on creating an Activation Servlet that handles the user clicking on the activation link in their email. So, I could create each activation link with a .act extension and then have the Activation Servlet kick in for all requests with the .act extension. I could then obtain the email address and token as request parameters from the activation link and search the database for matching credentials. If a matching user record is found in the database, change the status from PENDING to ACTIVE.

I have never implemented a system like this before and am just asking if this approach is sensible. Or have I over-engineered the solution???

Thanks
 
David Newton
Author
Posts: 12617
IntelliJ IDE Ruby
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Over-engineered? How else could you do it besides what you've listed? That kind of seems like the minimal number of things you could do to make it work (although I wouldn't bother giving that servlet a unique extension).
 
Rory Evans
Greenhorn
Posts: 18
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks for your comments David. If I don't add some kind of extension to the link, how can I specify in my web.xml which requests the Activation Servlet should deal with?
 
David Newton
Author
Posts: 12617
IntelliJ IDE Ruby
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
A name? Or map it first? Or use a filter to check for a link parameter? Or... (In other words, there are a lot of answers :)
 
Rory Evans
Greenhorn
Posts: 18
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
A name? Or map it first? Sorry to be dumb, but do you have a snippet of an example web.xml which shows these options in practice?

Thanks
 
reply
    Bookmark Topic Watch Topic
  • New Topic