Here is a possible approach.
Create a page called PasswordReset or when someone visits this page
with the secret code on the url, this page can figure out who they are
based on the code and reset their password by either letting them
change it or by emailing them a new one. Once this is done you have
the reset functionality in place.
If you want them to be able to reset their password by clicking on a link like:
www.example.com/PasswordReset/fjeivj57385kdjfs8574
Then you will need to grab the reset string off the url using something like:
public Object onActivate( String resetCode) {
boolean success = process(resetCode)
if(success) {
return "login";
}
//set error message
return null;
}
You could use a PageActivationContext annotation instead of
onActivate, but I can't remember if that was added in 5.1 or after
that.
Now create a page called EmailPasswordReset. This page needs to be
able to send email. See ChenilleKit for a nice wrapper to the JavaMail
functionality. When someone clicks on the reset my password from the
login page, this page should be loaded and ask for their email. When
they type in their email, it should generate a long random id to send
them. Perhaps a hash of their email address AND a random number to
help make sure it is unique and can't be generated outside the system.
Ideally you'll want to send them a working link. To do that, use
something like this:
Link link =
linkSource.createPageRenderLinkWithContext("ResetPassword",resetCode);
You can get the AbsoluteURL including the http and domain by doing:
link.toAbsoluteURI();
Thats probably what you want to put in your email for them to click on.
Oh to get the linkSource, inject it into the page like so:
@Inject
private PageRenderLinkSource linkSource ;
Some other things to consider. You need the reset code to expire in
the not to distant future and you also need to delete it or mark it as
used once they actually use it to reset the password.
Thats a very general overview that hopefully will get you started.
You might check the Shiro mailing list because I think they had some
discussion about how to handle password resets in the past.
Mark
On Tue, Feb 8, 2011 at 5:28 PM, Henry Chen <hc...@peacocknine.com> wrote:
>
> I know this is pretty standard but I've never done this before. Can anyone
> share some experience of how this can be done in tapestry? Basically I want
> to sent a link to the user so when clicked he will be brought to a page and
> able to type in the new password.
>
> Thanks a lot.
>
> BTW, I'm using 5.1.0.5
> --
> View this message in context:
> http://tapestry-users.832.n2.nabble.com/How-to-program-Self-service-password-reset-in-tapestry-tp6005906p6005906.html
> Sent from the Tapestry Users mailing list archive at Nabble.com.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
> For additional commands, e-mail: users-h...@tapestry.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org
