The Master Class of "Learn Spring Security" is out:
Building a full-fledged, production ready registration for your web application is oh so much more than just putting together a simple registration page.
There are a lot of questions that need to be answered:
- How do I verify the email addresses of new users?
- How do I properly and safely store user credentials?
- What if a user forgets their password?
- What about users changing their own password?
- How strong should passwords be? How can I enforce some sensible defaults in the app so that my users have good, strong passwords?
- What if I have more than one type of user? I need a good way to store roles and privileges.
- What about security questions? Should I even have them?
- How do I do all of this with good localization support? There are a lot of messages involved.
Starting at the top – this is how to set up a basic Registration process for your web app. Doesn’t have to many bells and whistles, but it’s clean and functional to begin with.
Now we want to make sure that users verify their emails before being able to just log into the app.
If a user signs up and doesn’t verify their email for a while – their verifications expires at some point. This is how they request a new verification link.
The age old question – how to store passwords? Simple answer? You don’t!
Making the Registration API more RESTful and adapting the front-end to correctly consume it.
Users are forgetful creatures – so they’ll forget their passwords sooner rather than later. You should have a good way for your users to reset their passwords if they need to.
Making sure your users use good, strong passwords is super important. The registration process should guide them towards good password etiquette.
How to enable the user to update/change their own password after logging into the app.