I'm developing a website with using struts2 and hibernate as back end. In many sites after you sign-up, a link will be sent to your email and after clicking on that the registration is complete. I want this feature on my webstie, but I don't have any idea how to do this and how is this working? i needsome example to do this....
I have never messed around with struts, but basically what you could do would be to send an email with a link which directs to a specific page. When a user signs up to your website you could save, amongst other things, the email address of the user, the time stamp of the registration and also a key (could be the hash of the email and password, for instance).
You then construct the link and include the email and key in the query string. Once that the user clicks the link, in your page you make a check to see that the user is still within some time frame (optional) and that the email given matches the given key (which you have stored in the database).
If the email and key match, then activate the account.
This is broad question but I am answering based on verification
1. You need a signup page with form example /signup.jsp
2. After basic fields and email validation, generate a code xyzcode for this email,
3. Send email to user email, using a mail server with a link to your link validation page like
/validate.jsp?code=xyzcode (mail server setup and sending email is beyond the scope of the answer)
4. On validate.jsp check code and validate any email with this code otherwise give respective error message.
There are multiple approaches but I am suggesting one which will be easy and as per standard..
In user table add extra column as Status [which can take two values either inactive or Active]
create one more table(emailauthentication) where columns will be (key,emaiId)..
Now what u have to do is after user click submit with registration data...gnerate a dynamic key..could be timestamp+emailId(or anything dynamic and unique) and create record in user table with status as inactive and create record in emailauthentication table with this generated key and emaiId..now after record is created generate a URL which could be like
<a href="doAuthenticationForUser?authenticationId='dynamicKey'"/>Click to authenticate</a>
Now when user clicks this URL then in the action class or Service for this authenticationId find the emailId and make the column status as active..
It is true it is quite big to answer the question.
I knew one link which has the best answer given by BalusC
Here is link:better answer.
I have implemented in my project. I hope this link will help others.
Thanks for reading.
Related
I want to create a unique user name for my users, but this will be not system generated. Users can choose his/her user name.
DB
MongoDB
Ex
Github user name
Current process
sign-up
get a verification link on the email
go to the link, like example.com/verify?token=xyz...
On verify page user can enter a user name, that user name must be unique across the DB.I don't want to keep duplicate user names.
Many websites have implemented this feature, like Github, GitLab, etc. But, I have explored some web about implementing this feature and I didn't get the desired result.
After entering the user name in step 3, the browser will make a POST request to the server.
Server will then check the DB that if this user name already exists or not, if this already exists then throw an error or process the user name otherwise.
This is working on my local PC, but I am not sure whether this will work when multiple users make a request with the same username within a time interval. Then, in this case, there may be some duplicates in DB.
case
There are two users A and B wants to create their user name on the system at the same time.
both are requesting the same user name
A: make the request for the user name u1
Server: check for A's user name is present or not in DB
B: make the request for user name u1
Server: A's user name is not present, save u1 as A's user name
Server: B's user name is not present, save u1 as B's user name
You can see, in the end, both users's haveing the same user name.
Is there any way to avoid this??
The solution depends on your Database. If you are using SQL database, you can just add UNIQUE constrain to the field, so the database will enforce the uniqueness of an attribute value in the table. The first row will be inserted while another row will fail to insert with an error that the field is not unique.
Speaking of MongoDB, you also have a unique index.
-> As the above answer suggested have a unique constraint on DB for user name and if the insert didn't happen send an error response stating username already taken also
-> We do not need to wait until the user submits the request, as the user types in the user name, call an API to check if the username already exists, and while calling this cancel the previous request which we haven't got a response back. For example when the user types vi you send a request and it is still in progress but the user has typed vig now before sending the new request with 'vig' data, cancel the previous request. ( Ans simultaneously show the status whether taken or not as you get the responses )
This improves the user experience.
-> The cancelling of the requests can be done using cancel tokens in Axios, if you are going with Axios.
For MongoDB:
If you can create an additional unique index based on a combination of fields, can't you use an additional dummy field ( which has the same data for all users), so now your username would stay unique? (I haven't used MongoDB a lot to be sure of this. )
OR this is mentioned in the Mongo DB documentation , create a proxy collection to maintain this username as a unique key, following the first segment in the below document
https://docs.mongodb.com/manual/tutorial/unique-constraints-on-arbitrary-fields/
Using Spring 4.2.9
Web-Flow: My web-flow has three pages page-1, page-2 and error-Page
Scenario: User clicks on a link in the email, my back-end code consumes the link and user lands on a page-1(the link in the address bar now is different than what the user clicked on), the user does the required stuff on page-1 and clicks continue button and lands on page-2.
What I need when the user is on page-2:
User presses browser back button they should go to error-Page.
The user had copied the link when they were on page-1 and open a new tab and paste the page-1 link, they should land on error-page.
It's a quite common problem. A simple google search gave some possible solutions. Did you tried them? If yes, then update the question with more specifics on the issue. If not, here are a couple of links:
How to Detect Browser Back Button event - Cross Browser
Solution to browser back button click event handling
You can achieve this by configuring a Spring MVC filter (or interceptor). There you can check if the request is GET and it contains the url that you want to block. If true, you can redirect that request to the error or access denied page.
To prevent the user from resetting values when going back with the browser back button you can put a variable in the conversationScope, variables in this scope are not reverted to their previous state when you use the back button. You can this way set a variable when they reach part 2 and check for it when you load part 1, but for this to work part 1 and part 2 need to be in the same flow.
To prevent the users from using a link again, if they are authenticated users you can save a flag in the database that say they have finished the flow and simply look at the database when loading part 1 and throw an exception if the user shouldn't have access. If they are unauthenticated users (like when doing surveys), give each users a token in the url (the token should be random enough that it cannot be brute forced easily) and store it in your database, when part 1 load check that the token is in the database and when your flow is done remove the token from the database.
If you can't do any of this, you can use cookies, just send a cookie to the user when they arrive on part 2, their browser will automatically send it on any new request so if you see it on part 1 you can throw an exception. But users will be able to delete their cookies to circumvent the protection.
Changing page-2 to end-state solved the problem. The solution was mentioned in "The Definitive Guide to Spring Web Flow".
Thank you all for your help.
I have this registration page which works fine ,but for the email field I need to make sure that the email is correct and valid
1 : Correct
2 : Valid
for the correct email add i am using java script validation for maintaining
abc#def.com
well that is working fine
but my question is , Is there any web service or java API to make sure whether the mail ID actually is existing and registered
Like my mail id is : hussainABCD#gmail.com
this is actually a existing ID
but i may try hussain5555#gmail.com,hussain1111#gmail.com,hussain8888#gmail.com,
these will pass the java script validation but are not existing in reality
do we have any way to make sure that the mail id exists ??
The only way to check if an email address actually exists is to send an email to it and let the user respond on that.
For example:
a confirmation code that needs to be filled in your website
a link, going to your website, that needs to be visited
And still it is uncertain whether the email is existing afterwards, as it is easy to simply create a temporary email to pass the validation and delete it afterwards.
Instead of validating email addresses you can use the Google API to let your users sign in using their account. It is also possible to use OpenID on a similar way.
This probably isn't possible using existing services and/or API's, since it could be quite a security risk. Use an email with a validation link if you want to be sure the address exists. Or OpenID, as mentioned by BalusC.
I have a jsp page in my project where user fills up the details for creating an account.
when a user enters username and clicks on the check button, the button looks in the database if the same name exists or not(it is able to check because of the servlet code).
If username exists it shows not available.
Now the problem is even if username is not available when user clicks on sumbit button with existing username the details get saved. how to correct this?
(I'm nt able to post image otherwise it would have been more clear.)
Just add an if-else block to your servlet, something like this:
if (usernameExists) {
showError();
} else {
saveUser();
}
Do not do this:
if (usernameExists) {
showError();
}
saveUser();
I'd also add an UNIQUE constraint on the username column in the DB so that your DAO throws an SQLException or like.
See also:
Our Servlets wiki page - contains a basic Hello world example with server-side validation
First, you serlvet accepting the HTTP POST must validate the data sent to it, when the user clicks a button, if the receiver doesn't validate the information then bad data will get into your system regardless of what you do in the JSP.
Some people send raw HTTP POST messages from time to time just for fun (I don't know why :) ) to see if bad data can get into poorly written web applications.
Once the servlet accepting the POST rejects bad data, you can have it redirect back to the offending web page, filled out with the information that was sent in the bad request, perhaps highlighting the offending field or fields.
Later on, if you have the time, you can write up a bunch of javascript to pre-check the fields and deactivate the submit button. This saves the back end servlet the bother of receiving so many bad requests; however, you cannot use such a technique to avoid fixing the back end servlet. There's too many ways your servlet could get the POST message that don't involve your specific javascript code working.
I am registering user with email address . but i want to send the user a confirmation link where if they click then their email address gets confirmed
I am using java spring MVC hibernate mysql
Among other tools you can use "java mail" package to send emails direclty from your application. Here's the link to API docs Java Mail API
So the scenario could be like the following:
User account is created. It's in unconfirmed state now;
You generate a unique confirmation ID to your applicaiton. The easiest way is to use java.util.UUID.randomUUID().toString(). UUID is a random globally unique value.;
You store the ID (e.g. 0123)+account to the database for future use;
Send the URL+ID (http://yourapp.com/confirm?id=0123) as an email using javamail to the user;
Do not show the ID in browser now;
The user checks inbox and see your letter;
The user clicks the link and request is sent to your site confirmaion servlet;
Confirmation servlet will search for the account associated with the specified confirmation id;
Confirmaion servlet set account to "confirmed state" as obvously the user has access to the specified mail box
Use Java Mail Api to create a e-mail with confirmation. Also, you need to generate unique id to confirm the user - this info can be stored in db. After the moment user clicks on your confirmation link you should set user in 'Confirmed' state.