JavaMail - 用于用户注册的电子邮件身份验证

Question

I'm working on a spring based web app and when a user enters his email and password for a registration i want to a validate them and send him a email .I have used java mail api and set up gmail smtp correctly.

Here is my register controller class.

    @RequestMapping(value = "/globalshop/register", method = RequestMethod.GET)
    public final ModelAndView registerModel(
            HttpServletRequest request, HttpServletResponse response)
    {
        final String user_email = request.getParameter("user_email");
        final String user_password = request.getParameter("user_password"); 

        Properties email_properties = new Properties();

        email_properties.put("mail.smtp.auth", "true");
        email_properties.put("mail.smtp.starttls.enable", "true");
        email_properties.put("mail.smtp.host", "smtp.gmail.com");       
        email_properties.put("mail.smtp.port", "587");

        final String siteEmail = "**************@gmail.com";
        final String siteEmailPassword = "*************";

        Session session= Session.getInstance(email_properties, new Authenticator() {
            protected javax.mail.PasswordAuthentication getPasswordAuthentication() {
                return new javax.mail.PasswordAuthentication(siteEmail, siteEmailPassword);

            }
        });


        try {
            Message message = new MimeMessage(session);

            message.setFrom(new InternetAddress(siteEmail));
            message.setRecipients(Message.RecipientType.TO, InternetAddress.parse(user_email));
            message.setSubject("Testing Subject");
            message.setText("Dear User,"+ "\n\n You have been successfully registerd with the gift corner!");

            Transport.send(message);
            System.out.println("Done");

        } catch (AddressException e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
        } catch (MessagingException e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
        }


        registerSucessView = new ModelAndView("test_register_succes");      
        registerSucessView.addObject("welcome", "welcome user");


        return registerSucessView;
    }

}

user_email and user_password are the incoming request parameters. how can I validate them ? If the validation is successful user_email can be set to message.setRecipients(...)

Answer 1

Spring does provide a mechanism to validate your models, as shown here . Personally I would recommend that you follow those guidelines so that your application makes full use of the features offered by Spring.

That being said, the most basic forms of validation for user names is to make sure that the user name is not already in your database and in some cases, certain special characters might not be allowed.

For passwords, on the other hand, there are usually some length restrictions, such as at least 5 characters. In certain situations, you can also enforce the use of letters of different casing, numbers and other special symbols. In these cases, regular expressions can be helpful. ( Note: For this case, it is not recommended to build a single regex that will attempt to match everything).

On a completely different note, do not forget to store your passwords as hash values, and then, when the user logs on, you compare the value of the hash of the password which the user has entered with the hash that you have already in your DB.

Answer 2

Knowing the user's email address doesn't help you if you don't know what server the user is using. There are ways to figure that out in many cases, but you may not have access to that server even if you could figure it out. The only reason to ask for the password is because you want to log in to the user's email server as if you were that user. Hope the users trust you!

If you really just want to know that the user's email address is valid so that you can send email to that user, the only real way to know is to send a message to the address and ask the user to do something (eg, visit a URL on your server) if the message is received.

You'll find additional information in the JavaMail FAQ .