创建帐户，忘记密码和更改密码 [英] Create Account, Forgot Password and Change Password

问题描述

春季安全是伟大的，当开发人员要确保他的Web应用程序。

Spring Security is great when the developer wants to secure his web app.

然而，怎么样的创建的帐户？和忘记密码？大多数登录页面有这些链接，以及用户名和密码字段。 Spring的默认登录页面没有这些链接...在好的情况下，它可以支持记住我...

However, what about creating the account? and "forgot password"? most login pages have these links as well as the username and password fields. Spring's default login-page does not have these links... in the good case, it can support "remember me"...

春季是否支持这些流程的创建帐户，忘记密码和更改密码？
如果答案是肯定的，可以请你点我的一些单证？

Does Spring supports these flows, of Create Account, Forgot Password and Change Password? If the answer is yes, can you please point me to some documentations?

我搜索这个问题，但找不到任何东西。

I've searched this issue but could not find anything.

谢谢！

推荐答案

您完全正确的。据我所知，没有通用包实现这些流。我搜索了很多这类code的前一段时间，并没有发现什么。我认为@luizcarlosfx是正确的，每个应用程序都有自己的需求，所以这是很难写的东西通用的，适合所有的需求。

You are completely right. AFAIK there is no "generic" package that implements these flows. I've searched a lot for this kind of code a while ago, and found nothing. I think that @luizcarlosfx is right, that each application has its own needs, therefore it is hard to write something generic that fits all needs.

编辑：
我看到的评论，如这不是那么难以实施。真正。但是，你必须确保你把所有病例照顾。例如，如果用户试图创建一个已经存在的帐户会发生什么？如果用户尝试创建的帐户是已经存在的会发生什么，但处于非活动状态的？怎么样的密码政策？ （太长/太短/多少资金等）有关的激活链接向用户发送电子邮件是什么？如何FO创建此链接？你怎么加密呢？怎么样将接收链路上的点击激活账号的控制？越来越多的...

I saw comments like "It's not so difficult to implement". True. But you have to make sure you take care of all cases. For example, what happens if a user tries to create account that is already exists? what happens if a user tries to create account that is already exists but inactive? what about the policy of the password? (too long/too short/how many capital etc) what about sending the email with the activation link to the user? how fo you create this link? how do you encrypt it? what about the controller that will receive the click on the link and activate the account? and more and more...

然而，我把它向前迈进了一步，并试图code的东西，将回答最潮 - 注册，忘记密码，修改密码等，以及一些能够充分确保这样应用程序将能够使用它，而不用担心它会被轻易破解。

However, I took it a step forward and tried to code something that will answer most flows - registration, forgot-password, change password etc, and something that will be secured enough so applications will be able to use it without the fear that it will be easily hacked.

我实现了一个Java项目这个用例。它是开源的，基于Spring的安全性。一个发布版本是Maven的中央，所以你不需要编译，而是可以作为Maven的依赖关系把它拿来给你的项目！

I have implemented a JAVA project for this use case. It is open source, based on Spring-Security. A release version is on Maven-Central, so you do not need to compile it, but instead you can fetch it as maven-dependency to your project!

<dependency>
    <groupId>com.ohadr</groupId>
    <artifactId>authentication-flows</artifactId>
    <version>1.5.0-RELEASE</version>
</dependency>

我觉得这回答你的问题...

I think it answers your question...

有一切的解释（如果缺了点什么 - 让我知道...）

There are explanations for everything (and if something is missing - let me know...)

您可以找到这里客户端应用程序的code为例（即使用）。

You can find here an example for a client application's code (i.e. the usage).

这是该项目加一个演示和的主页：//不错presso.appspot.com />另一个演示是这里（但是这是一个应用程序，升级到1.6.1版本之后，需要用邮箱登录好域名 - 。nice.com所以你不能真正使用它的演示，使用的第一个例子）。
这是一个客户端web应用程序，它使用的auth-流动，与所有解释的自述。

This is the main page of the project plus a demo, and another demo is here (but this is an app that after upgrading to version 1.6.1 requires login with email with "nice" domain - nice.com. so you cannot really use it for demo; use the first example). This is a client web-app that uses the auth-flows, with the README with all explanations.

希望帮助！

这篇关于创建帐户，忘记密码和更改密码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！