Pattern to implement user self registration

User self-registration is feature that allows users to create their own login and password, and hence create a new user identity on the system. I am going to discuss an approach on how to do this. I've used a simple Model-View-Controller style design pattern to implement self-registration.

The VIEW

Or the Front end: (You need an input form that can be a JSF or a JSP, if you're a Java developer like me).

A typical form would have inputs such as: a username, screen name, password (and a repeat password), full name, address, email, secret question for password recovery, to name a few.

A view also forwards user input to a controller.

A controller defines application behavior. It dispatches user requests. A handler is an implementation of the controller.

Form Validation: Many checks can be done at the controller, such as checking for the length of fields, (you may want password lengths>8, and consisting of a mix of numbers and alphabets etc.), making sure password and repeat passwords match, email validation etc. This is where you would add such checks.

The controller controls the application behavior. If the form entries are invalid, then one would return to form entry view highlighting errors. If the form is valid, then the backend should be contacted.

Or the Backend.

A model represents business data and business logic or operations that govern access and modification of this business data.

This is the actual data model. You could use database tables to store your user entries.

You could expose operations on the table through a User Management API to allow creating, retrieving, updating users. As an example, the User Management API can be implemented using Persistence APIs in Java.

The controller would process the results and display a success page or an error if a user already exists.

At the highest level, an application should be able to control whether it wants to turn self-registration on or off. Read my other blog on LDAP based user authentication.

I hope you've found this blog useful. Comments are welcome.

Posted at 02:55PM Feb 15, 2008 by Manveen Kaur in General  |  Comments[0]

Sun's training offering on developing secure Java Web services

You're back from JavaOne, with buzz words of cool new technologies you heard about still ringing in your ears. Here you are sitting at your desk, thinking about all the cool stuff you wish you could learn.

Well, there is HOPE.

Did you know that Sun Microsystems Inc. offers comprehensive training and certification for several Java technology components and the Java Platform, Enterprise Edition (Java EE)?

What?

To add to the list of courses being offered in the Web Services learning path , is an offering on XML and Web Services security (DWS-4120-EE5) being offered in the Java EE track.

When?

Estimated to be on the training schedule mid June. Stay tuned!

Where?

Watch this space.

What will I learn?

As part of the course, you will learn to :

• Identify the need to secure web services
• List and explain the primary elements and concepts of application security
• Outline the factors that must be considered when designing a web service security solution
• Determine the issues and concerns related to securing web service interactions
• Evaluate the tools and technologies available for securing a Java web service
• Analyze the security requirements of web services
• Identify the security challenges and threats in a web service application
• Secure web services using application-layer, transport-layer security, and message-layer security
• Secure web services using the message security providers available in the Sun Java System Application Server
• Describe the concept of identity and the drivers behind identity management solutions
• Explain the role of the Access Manager in securing web services
• Illustrate identity management capabilities in the NetBeans environment
• Secure web services using the Username token profile
• Secure web services using SAML assertions and Liberty tokens
And if this isn't enough- there is another incentive as well. The course will also help in preparation towards the SCJDWS (Sun Certified Developer for Java Web Services) exam.



The students perform the course lab exercises using the NetBeans 5.5 Enterprise Pack Integrated Development Environment (IDE) and using AppServer 9.0 U1.

Cool stuff! Is there anything else you would want to learn?

Posted at 03:01PM May 17, 2007 by Manveen Kaur in Sun  |  Comments[0]

Ubuntu: The word is out!

The press release is now out announcing that GlassFish, NetBeans, JavaDB and the JDK are included in the multiverse component of Ubuntu's release today.

Posted at 10:32AM Apr 19, 2007 by Manveen Kaur in Sun  |  Comments[0]