Reputation: 201
J2EE spring security one time link for password reset
I'm using spring (3.0) security for login in my J2EE spring webapp. I need to generate a link that will be sent by email (to a user that request password reset) and can be used one time only to reset a password and set a new one by a page with form. How can I generate this kind of link?
Upvotes: 1
Views: 2242
Answers (1)
Reputation: 18639
It depends on how do you store user credentials:
If you implement UserDetails and CredentialsContainer for your User Entity, then you can add some kind of reset password boolean field with some kind of unique id which will be send as part of URL, if user navigate to correct URL according to link and he has reset password boolean flag enabled, then show him form which updates password and disables reset password flag on submit.
Upvotes: 3
Related Questions
- password change in spring-security.xml
- Guide to implementing spring security password recovery with dynamic URL sent to email
- Generating a dynamic password reset link
- Reset password link in java
- Spring Security passepartout password
- How to force re-authentication of credentials in Spring Security?
- How to recover password in spring(4.0) security java config?
- Spring Security Password Authentication
- Forgot Password Feature Spring (Password Retreival)
- ResetPassword functionality in Spring Security UI plugin