spring - How to implement one controller mapping method for different scenarios -


i have spring controller method called in different scenarios. here example...

@requestmapping("/resetpassword") public modelandview resetpassword( @valid @modelattribute("resetpasswordform") resetpawdformform resetpawdformform, modelandview modelandview){

... method executed in 3 different scenarios....

  1. using hyper link coming user reset password link sent user email.. eg: localhost/myapp/login/resetpassword// here can authenticate userid , activationsecretcode in db , let user reset password

  2. user can click on resetpassword link user settings page. eg: since user coming user settings page, can validate usersession , allow him reset password

  3. user can login first time successfully, forced reset password due admin requirements reset initial default password. eg: in user neither have session, nor passing activationcode validate. login method validates userid/default password , redirects resetpassword mapping(method=get).

how can system authenticate user request , allow him reset password?

one alternative is, use flash attributes , set authenticationkey flash attributes...which verified in resetpassword method.

is there other way implement this....

note: posted issue in implementing approach in post: spring: how pass java objects during redirect while using modelattribute

any help?

i think best way implement using 3 different action methods:

  • resetpassword (e-mails)
  • resetloggeduserpassword (via settings)
  • changedefaultpassword

they may share same view, behaviors not equal, avoid overloading action responsibility.

edit: elaborating on comment:

1) secure e-mail link, 1 way add authentication token. token can weak hashed user id plus salt string, or strong guid expiration time in database table, generated whenever user requests password reset.

2) settings way not problem, considering user logged in.

3) temporary password action can secured same way 1, or same way 2, if put user on session. logging in user default password status shouldn't concern if code verify status of account inside request filter.


Comments

Post a Comment

Popular posts from this blog

c# - Send Image in Json : 400 Bad request -

from android trying send image class of data, iis webservice. (c#) the problem 400 bad request . the image being encoded base64 . , placed json rest of class elements. my guess base64 not valid inside json. server not understand it. if set string "" , post accepted fine. so question is, how make base64 valid within json array? ( tried url.encode no success). or how should send image android webservice? gson gson = new gson(); string json = gson.tojson(record); // record has param { string base64photo } how big image? i'm pretty sure surpassing iis json size limit (default 4 mb). check http://geekswithblogs.net/frankw/archive/2008/08/05/how-to-configure-maxjsonlength-in-asp.net-ajax-applications.aspx or http://www.webtrenches.com/post.cfm/iis7-file-upload-size-limits good luck!
Read more

jquery - Fancybox - apply a function to several elements -

this source code below posted cristiano g. carvalho in answer question: calling fancybox gallery other link made user. <div class="details_gallery"> <a href="#" class="manualfancybox">manual call fancybox</a> <div class="details_gallery_min"> <a rel="details" href="max/1.jpg" class="fancybox"><img src="min/1.jpg" alt="" /></a> <a rel="details" href="max/2.jpg" class="fancybox"><img src="min/2.jpg" alt="" /></a> <a rel="details" href="max/3.jpg" class="fancybox"><img src="min/3.jpg" alt="" /></a> <a rel="details" href="max/4.jpg" class="fancybox"><img src="min/4.jpg" alt="" /></a> </div> </div> <script> $(document).read
Read more

An easy way to program an Android keyboard layout app -

i program android app replaces standard keyboard 1 one-hand optimized coffee++ keyboard layout. what special problems have face in progress? guess such project go deep android core, cause keyboard such essential thing. is wise start android developer tools (adt)—eclipse plugin described in this tutorial ? or there better way achieve goal? i new android programming, firm in php, mysql , javascript , use eclipse php i guess such project go deep android core, cause keyboard such essential thing. no. can create inputmethodservice implementation of keyboard. there sample soft keyboard in android sdk installation (if chose download sample code sdk manager), , there open source input methods floating around well, such hacker's keyboard. inputmethodservice distributed part of ordinary android application, , user can elect activate input method if user chooses. is wise start android developer tools (adt)—eclipse plugin described in tutorial? that fine s
Read more