Basic use cases for user management
Posted by Giampiero Granatella
on 5th February, 2010
This is the second tutorial of the user management series. We'll explore the user's point of view, through a series of use cases: log in/log out, change password and password recovery.
If you haven't read the previous tutorial, you can find it here. We'll assume that your portofino-custom.properties has the following lines.
model.users.enabled=true model.users.anonymous.enabled=false model.users.pwd.minlength=6 model.users.pwd.expiry.days=60 model.users.pwd.keep.old.number=2 model.users.pwd.attempts.maxnumber=3 model.users.pwd.inactivity.maxdays=30 mail.smtp.host=smtp.gmail.com mail.smtp.port=465 firstname.lastname@example.org mail.smtp.password=your_password mail.smtp.ssl.enabled=true email@example.com
And let's see how these setting will affect the system...
model.users.enabled=true Portofino allows users to log in providing their credentials.
If you type a wrong password you receive the "Error: wrong login / password" message. You can make at most n attempts (where n is specified in the
model.users.pwd.attempts.maxnumber parameter), whereupon your account will be suspended and should be reactivated by an administrator.
If you haven't changed your password for more than the number of days specified in
model.users.pwd.expiry.days, your password expires and you'll be redirected to the change password page.
When you've logged in, you find in the left corner the link to log out and the link to your personal data.
To change your current password:
- Make sure you've successfully logged in.
- Click on your username in the top left corner, and then on the "Change Password" button,
- Insert the old password and the new password twice (one for confirmation).
The system checks
that your password has more than the number of characters specified in
- that the fields "new password" and "confirm password" match,
that you haven't reused a previous password (i.e., one that has been used recently according to
- that your password has more than the number of characters specified in
- Click on "Save" and your password will be updated.
The same procedure applies if your password has expired and you're trying to log in.
In the login page, you've probably noticed a link "Forgot password?". Click on it if you don't remember your password. The system will ask for your email and will send you the instructions to reset your password.
The body of the email will be:
"A request for a password recovery was generated.
If you did it, please go to http://www.example.com/LostPasswordChange.action?token=... to reset your password, otherwise ignore this message."
Click on the link (or copy it in your browser) and you'll be sent to the page for setting your password to a new one as in the following picture.
Click on save to change your password
Read the next tutorial "Administrator use cases for user management".
Check the reference to see all the parameters for user management configuration in the portofino-custom.properties.
This tutorial covers only the application managed users, if you're instered in container managed or SSO read Single Sign On Integration with Portofino - JOSSO.