Basic use cases for user management

Posted by Giampiero Granatella
on 5th February, 2010


This is the second tutorial of the user management series. We'll explore the user's point of view, through a series of use cases: log in/log out, change password and password recovery.

Contents

  1. 1 Logging in and out
  2. 2 Changing your password
  3. 3 Recovering your password
  4. 4 Further readings

If you haven't read the previous tutorial, you can find it here. We'll assume that your portofino-custom.properties has the following lines.
model.users.enabled=true
model.users.anonymous.enabled=false
model.users.pwd.minlength=6
model.users.pwd.expiry.days=60
model.users.pwd.keep.old.number=2
model.users.pwd.attempts.maxnumber=3
model.users.pwd.inactivity.maxdays=30
mail.smtp.host=smtp.gmail.com
mail.smtp.port=465
mail.smtp.login=your_account@gmail.com
mail.smtp.password=your_password
mail.smtp.ssl.enabled=true
mail.sender=your_account@gmail.com

And let's see how these setting will affect the system...

Logging in and out

With model.users.enabled=true Portofino allows users to log in providing their credentials.

If you type a wrong password you receive the "Error: wrong login / password" message. You can make at most n attempts (where n is specified in the model.users.pwd.attempts.maxnumber parameter), whereupon your account will be suspended and should be reactivated by an administrator.

If you haven't changed your password for more than the number of days specified in model.users.pwd.expiry.days, your password expires and you'll be redirected to the change password page.

When you've logged in, you find in the left corner the link to log out and the link to your personal data.

Changing your password

To change your current password:
  1. Make sure you've successfully logged in.
  2. Click on your username in the top left corner, and then on the "Change Password" button,
  3. Insert the old password and the new password twice (one for confirmation).
  4. The system checks
    • that your password has more than the number of characters specified in model.users.pwd.minlength
    • that the fields "new password" and "confirm password" match,
    • that you haven't reused a previous password (i.e., one that has been used recently according to model.users.pwd.keep.old.number).
  5. Click on "Save" and your password will be updated.

The same procedure applies if your password has expired and you're trying to log in.

Recovering your password

In the login page, you've probably noticed a link "Forgot password?". Click on it if you don't remember your password. The system will ask for your email and will send you the instructions to reset your password.

The body of the email will be:
"A request for a password recovery was generated.
If you did it, please go to http://www.example.com/LostPasswordChange.action?token=... to reset your password, otherwise ignore this message."

Click on the link (or copy it in your browser) and you'll be sent to the page for setting your password to a new one as in the following picture.


Click on save to change your password

Further readings

Read the next tutorial "Administrator use cases for user management".

Check the reference to see all the parameters for user management configuration in the portofino-custom.properties.

This tutorial covers only the application managed users, if you're instered in container managed or SSO read Single Sign On Integration with Portofino - JOSSO.