开发者

Generate activation urls in Java EE 6

开发者 https://www.devze.com 2023-02-07 20:59 出处:网络
I\'m developing a web application using Java EE 6 Web Profile. I want to e-mail a new user an activation link for his account. How should I implement this? I\'m using JSF2. Is there开发者_开发技巧 any

I'm developing a web application using Java EE 6 Web Profile. I want to e-mail a new user an activation link for his account. How should I implement this? I'm using JSF2. Is there开发者_开发技巧 any specification or recommended way for doing this?


I have worked on a project that required user to confirm his email-id to activate his registration. The key generation process was like this:

Key Creation

  1. Create a column verification_key in users table that holds unique validation key for a user.
  2. Use SHA256 hash of your unique user-name (email-id in this case) with salt as his password.
  3. Convert the hash to base64 and store in verification_key of that user. This will be unique (for practical purposes, I wouldn't go into probability of collision).

so, bottom line, key = Base64(Hash256(uniqueUserName+"."+password))

......

side note: BTW, nothing restricts you to use password as salt. You may just create an arbitrary string on fly as salt.

Verification

  1. Since we know the verification_key is unique, get the key from request-parameter and find the matching row.
  2. If found, set verification_key as null (this will also reduce chances of collision if any) and take user to "successfully-verified page".
  3. If not found, take the user to "already-activated/key-not-found/401 page".


An activation URL evokes an impression of a software service processing a 'service'-request.

Good candidates to realize this service include servlets which will perform the user activation/validation and redirect to a JSF success-page

0

精彩评论

暂无评论...
验证码 换一张
取 消