自定义密码提醒(安全问题)

时间:2013-01-14 07:52:18

标签: liferay liferay-6 password-recovery

我使用钩子定制了注册页面。

我想在注册页面添加安全问题,当用户第一次登录Liferay时设置默认安全问题。

那么如何在首次登录时在注册页面中添加安全问题呢?

1 个答案:

答案 0 :(得分:1)

首先,您必须自定义create_account.jsp页面,添加通常在update_reminder_query.jsp上找到的相同选择框和输入:也就是说,您必须在创建时添加用于输入密码提示的UI帐户。

之后,您必须为新用户保存这些值,并且您可以挂钩UserLocalService实现,添加代码以更新提醒查询。这样的事情应该有效:

public class UserLocalServiceImpl extends UserLocalServiceWrapper {

  public UserLocalServiceImpl(UserLocalService userLocalService) {
    super(userLocalService);
  }

  @Override
  public User addUser(
      long creatorUserId, long companyId, boolean autoPassword,
      String password1, String password2, boolean autoScreenName,
      String screenName, String emailAddress, long facebookId, 
      String openId, Locale locale, String firstName, String middleName, 
      String lastName, int prefixId, int suffixId, boolean male, 
      int birthdayMonth, int birthdayDay, int birthdayYear, 
      String jobTitle, long[] groupIds, long[] organizationIds, 
      long[] roleIds, long[] userGroupIds, boolean sendEmail, 
      ServiceContext serviceContext)
    throws PortalException, SystemException {

    // User

    User user = super.addUser(
      creatorUserId, companyId, autoPassword, password1, password2,
      autoScreenName, screenName, emailAddress, facebookId, openId, 
      locale, firstName, middleName, lastName, prefixId, suffixId, male, 
      birthdayMonth, birthdayDay, birthdayYear, jobTitle, groupIds, 
      organizationIds, roleIds, userGroupIds, sendEmail, serviceContext);

    // Reminder query

    String question = ParamUtil.getString(
      serviceContext, "reminderQueryQuestion");
    String answer = ParamUtil.getString(
      serviceContext, "reminderQueryAnswer");

    if (Validator.isNotNull(question) || Validator.isNotNull(answer)) {
      if (question.equals(UsersAdminUtil.CUSTOM_QUESTION)) {
        question = ParamUtil.getString(
          serviceContext, "reminderQueryCustomQuestion");
      }

      updateReminderQuery(user.getUserId(), question, answer);
    }

    return user;
  }

}

您可以覆盖CreateAccount Struts操作,但我认为在服务中执行此操作更安全,以便在出现错误时进行事务处理(例如,如果用户未输入提醒查询)...但你应该检查它确定!

此外,您可能还必须自定义Struts操作,以便处理可能的UserReminderQueryException ...

相关问题
最新问题