Activation via email
From DOC
Contents |
Purpose
During User registration Tolven reduces the likelihood of malicious registrations by requiring that the user have a valid email account and that email account is verified using the process described below.
Dependencies
How it works
Tolven invitations are constructed in an asynchronous process (in a Message Driven Bean) fed by messages sent through a JMS queue. This process, in turn, calls back into the Tolven application to construct the HTML content of the message. In effect, this callback resembles a user sitting at a browser but Tolven captures the response and stores it in the message body. In order to facilitate this connection back to itself, Tolven must know what the host, port, and context root is of the application. (In a larger implementation, this might actually point to a separate Tolven server that won't interfere with live HTTP traffic.)
Properties
The following Properties apply to activation invitations
| Name | Value | Description |
| tolven.invitation.host | localhost | The domain name or IP address of the Tolven server. localhost is usually sufficient. |
| tolven.invitation.port | 8080 | The port that the Tolven web server is listening on. This is usually 8080 during development and 80 for production. |
| tolven.invitation.root | /Tolven | Provide the context root of the Tolven web application |
| tolven.invitation.replyTo | http://mydomain.com:8080/Tolven | When an invitation is sent, this url will be included in the message to allow the receiver to get back into the Tolven application and take action on the message. The host and port (if not 443) should point the user directly back to your running Tolven application. Use either a DNS name or numeric IP address. Localhost won't work unless you only send invitations to yourself (the sys admin). |
Here is an example of what the invitation configuration would look like if you only wanted the application to work for users logged into the same system as the jboss (web) server. While not very practical, it is easy to change later by substituting localhost with the IP address or DNS name of the server and restarting the server:
tolven.invitation.host=localhost tolven.invitation.port=8080 tolven.invitation.root=/Tolven tolven.invitation.replyTo=http://localhost:8080/Tolven
Process Flow
- Upon submission of the registration request, the user is added to ldap, synchronously, in order to reserve the user name.
- A task is then scheduled on the invitation queue that completes the activation by sending an invitation to the email address of the new user.
- When the user provides a valid, matching invitation id from the email, the Tolven account is created.
- At this point, the user can login to Tolven
Exceptions
- If the user attempts to login to their new account, Tolven will issue an error indicating that the user is valid but is awaiting activation.
- If the user does not complete the activation within the specified time interval, an email is sent to the user's email address telling the user that their activation has expired and inviting them to try again.
