Create Account, Forgot Password and Change Password

by

You are completely right. AFAIK there is no “generic” package that implements these flows. I’ve searched a lot for this kind of code a while ago, and found nothing. I think that @luizcarlosfx is right, that each application has its own needs, therefore it is hard to write something generic that fits all needs.

EDIT:
I saw comments like “It’s not so difficult to implement”. True. But you have to make sure you take care of all cases. For example, what happens if a user tries to create account that is already exists? what happens if a user tries to create account that is already exists but inactive? what about the policy of the password? (too long/too short/how many capital etc) what about sending the email with the activation link to the user? how fo you create this link? how do you encrypt it? what about the controller that will receive the click on the link and activate the account? and more and more…

However, I took it a step forward and tried to code something that will answer most flows – registration, forgot-password, change password etc, and something that will be secured enough so applications will be able to use it without the fear that it will be easily hacked.

I have implemented a JAVA project for this use case. It is open source, based on Spring-Security. A release version is on Maven-Central, so you do not need to compile it, but instead you can fetch it as maven-dependency to your project! 

<dependency>
    <groupId>com.ohadr</groupId>
    <artifactId>authentication-flows</artifactId>
    <version>1.5.0-RELEASE</version>
</dependency>

I think it answers your question…

There are explanations for everything (and if something is missing – let me know…)

You can find here an example for a client application’s code (i.e. the usage).

This is the main page of the project plus a demo, and another demo is here (but this is an app that after upgrading to version 1.6.1 requires login with email with “nice” domain – nice.com. so you cannot really use it for demo; use the first example).
This is a client web-app that uses the auth-flows, with the README with all explanations.

Hope that helps!

More Related Contents:

  1. Forgot Password: what is the best method of implementing a forgot password function?
  2. How Spring Security Filter Chain works
  3. Combining basic authentication and form login for the same REST Api
  4. Spring Boot – Loading Initial Data
  5. Spring Boot not serving static content
  6. BeanFactory vs ApplicationContext
  7. How to add a hook to the application context initialization event?
  8. Scope ‘session’ is not active for the current thread; IllegalStateException: No thread-bound request found
  9. Spring @Transactional read-only propagation
  10. Disable all Database related auto configuration in Spring Boot
  11. How to set active spring 3.1 environment profile via a properites file and not via an env variable or system property
  12. Spring @Value annotation in @Controller class not evaluating to value inside properties file
  13. How to write a custom filter in spring security?
  14. Spring DI – Autowired property is null in a REST service
  15. How Do I Create Many to Many Hibernate Mapping for Additional Property from the Join Table?
  16. Send datas from html to controller in Thymeleaf?
  17. Spring HandlerInterceptor vs Servlet Filters
  18. SpringServletContainerInitializer cannot be cast to javax.servlet.ServletContainerInitializer
  19. Access properties file programmatically with Spring?
  20. Inject and Resource and Autowired annotations
  21. Multiple antMatchers in Spring security
  22. Scope of a Spring-Controller and its instance-variables
  23. Could not build ClassFile – ArchiveException
  24. Storing in JobExecutionContext from tasklet and accessing in another tasklet
  25. Configure Multiple MongoDB repositories with Spring Data Mongo
  26. CSS not loading in Spring Boot
  27. Spring Boot SSL Client
  28. LazyInitializationException in JPA and Hibernate
  29. RestTemplate with pem certificate
  30. Adding custom RequestCondition’s in Spring mvc 3.1

Leave a Comment