Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Generate activation urls in Java EE 6

I'm developing a web application using Java EE 6 Web Profile. I want to e-mail a new user an activation link for his account. How should I implement this? I'm using JSF2. Is there any specification or recommended way for doing this?

like image 228
arg20 Avatar asked Feb 02 '11 05:02

arg20


2 Answers

I have worked on a project that required user to confirm his email-id to activate his registration. The key generation process was like this:

Key Creation

  1. Create a column verification_key in users table that holds unique validation key for a user.
  2. Use SHA256 hash of your unique user-name (email-id in this case) with salt as his password.
  3. Convert the hash to base64 and store in verification_key of that user. This will be unique (for practical purposes, I wouldn't go into probability of collision).

so, bottom line, key = Base64(Hash256(uniqueUserName+"."+password))

......

side note: BTW, nothing restricts you to use password as salt. You may just create an arbitrary string on fly as salt.

Verification

  1. Since we know the verification_key is unique, get the key from request-parameter and find the matching row.
  2. If found, set verification_key as null (this will also reduce chances of collision if any) and take user to "successfully-verified page".
  3. If not found, take the user to "already-activated/key-not-found/401 page".
like image 141
Nishant Avatar answered Sep 17 '22 12:09

Nishant


An activation URL evokes an impression of a software service processing a 'service'-request.

Good candidates to realize this service include servlets which will perform the user activation/validation and redirect to a JSF success-page

like image 25
Ryan Fernandes Avatar answered Sep 18 '22 12:09

Ryan Fernandes