Support > Repository > Account > Password reminder
ja | en

You can forget your password, or you can initialize your password yourself when your account is locked (by entering an incorrect password multiple times).

When this function is enabled, the link "※ Forgot your password? Here" appears on the logon screen.

Figure 1 Link to password reminder appears

When this link is pushed, the screen shown in Fig. 2 is displayed.

Figure 2 Password reset screen

Perform password resetLogon AccountPlease input, and click "send" button.

Figure 3 Specify logon account to reset password

An e-mail containing a URL for resetting the password is sent to the e-mail address associated with the logon account.From the security point of view, this URL is only valid for one hour.

Figure 4 Mail sent

The mail text is as follows.

Dear Mr. *** (User name: ***) We have received your request to reset your password.
Please reset the password from the following URL.

Http: // YOURDOMAIN / wagby / setNewPassword.do? Id = **** * This URL is valid until 08/01/2014, 10: xx minutes xx seconds.

************************************************** In addition, if you do not recognize this content, there is a possibility that the other person mistookly input the mail address.
In that case, I hope that you can delete this mail.
**************************************************

After the mail arrives, open the page of the URL stated in the sentence.The screen as shown in Figure 5 is displayed.

Figure 5 Password change screen

Reset the new password.

Figure 6 Password resetting

This procedure initializes the password for the logon account.If the account is locked, it will be unlocked.

The security problems caused by this function and their countermeasures are as follows.

  • We do not disclose any important information such as password other than registered mail address.
  • The availability of this function and the destination of notification mail areLogon users themselvesYou can change it at any time.
  • The expiration date of the password change password is 1 hour.
  • Once you manipulate the password change URL, the same URL will be invalid even within one hour.That is, this URL can not be used once it is used.
  • The act of changing the password by this function is logged.
  • This function can not be used if the logon account does not have "password change authority".
  • You can freely modify the sentence of the email you send.
  • By using this function, the logon user himself can unlock the account.Therefore, if you want to limit the logon of a specific user due to retirement, graduation, etc., set "Account Lock Information" on the account update screen and disable "Change Password" and "System Administrator" authority (Principal) Please.

Along with these systematic countermeasures, we also inform users that there is an attack called "password reset fraud" and encourage them to implement security improvement education.

Specifically, you can visually check that the sender of the mail and the URL you click are correct.

Password reminder setting

Open "Application> Password reminder" from the environment menu.Write "USE" in the "Use password reminder function" column and enter the appropriate e-mail address in the "From" field.

(The user sees the sender's e-mail address and judges whether the received e-mail is valid or a suspicious e-mail.In general it is better to specify the e-mail address that will lead to the system administrator.)

"Body" can be edited freely.You can use notation such as $ {username} as in the example in the sentence.

Notation method Description Examples of character strings expanded in mail text
${username} Logon Account yamada
${userid} username Yamada
${url} Temporarily prepared URL for password change http://localhost:8921/wagby/setNewPassword.do?id=...
${host} Host part of url http://localhost:8921/wagby/
${path} The part on the right side from the host part of url setNewPassword.do?id=...
Normally you specify $ {url} in the mail text.In an environment using reverse proxy, if you want to specify a different host name, you can specify $ {path} after the fixed character string (host name).
${limitdate} Expiration date of password change URL September 01, 2014 18: 00: 00 second
Figure 7 Password reminder setting

Mail server settings

Since the password reminder function performs mail transmission processing, please set the mail host name on the "Mail" tab of the same environment setting.

If your mail host needs to set port number, protocol, SMTP authentication, etc., please describe the "Mail setting (transmission)" column appropriately.Ask your network administrator about what value to set.

Fig. 8 Mail transmission settings

When the password reminder function is enabled, a field is provided for setting whether to use this function on each user's "preferences" setting screen.

By setting "Password reminder" to "use" here and designating a mail address in the input field, this user's logon account can use this function.

This function can not be used if there is no mention of the mail address.
Figure 9 Setting preferences

In the following cases, we recommend that you use this method.

  1. We extend the logon account (juser) provided by Wagby and prepare mail address items.
  2. We defined another model with the logon account as the primary key, and we prepared the mail address item there.

In this case, you can also use the already registered mail address information with the password reminder function.

Setting method

Write "USESQL" in the "Use password reminder function" column.

Figure 10 Using the password reminder function

On the "Mail" tab of the environment setting, set the mail host name.

Fig. 11 Mail transmission settings

Setting of jfcbase.properties

Set up "what sort of SQL will be used to retrieve e-mail addresses".

Copy wagbydesigner \ bin \ webpage \ WEB - INF \ src \ jfcbase.properties as customize \ resources \ myjfcbase.properties.

A text editor (Notepad attached to Windows OS isUsage prohibitedis.Please use other text editor.), Edit the copied myjfcbase.properties file.

This file has the following description.

; jp/jasminesoft/jfc/HibernateUserInfo.java:
; HQL query
;
; case 1 : juser model
;jp.jasminesoft.jfc.HibernateUserInfo.getEmailByUserid.query=\
; select c.email_ from jp.jasminesoft.jfc.model.juser.Juser as c where c.userid_ = :userid
;
; case 2 : staff model related to juser
;jp.jasminesoft.jfc.HibernateUserInfo.getEmailByUserid.query=\
; select c.mailaddress_ from jp.jasminesoft.wagby.model.staff.Staff as c where c.userid_ = :userid

The entry "case 1" corresponds to "1. Extension of account definition (juser) provided by Wagby".In this case, for the lines below case 1Remove the first semicolon (;) and enable this setting.

jp.jasminesoft.jfc.HibernateUserInfo.getEmailByUserid.query=\
 select c.email_ from jp.jasminesoft.jfc.model.juser.Juser as c where c.userid_ = :userid

Then rewrite this SQL as necessary.

It is in HQL format interpreted by Hibernate.

Specifically, the email address item name (English) on the definition file is entered in the "email" section of select c.email_ ....

The item name and model name need to refer directly to the Hibernate mapping file and check the actual property name.For example, when the item name is "mobile_email", the property name is "mobileEmail_".The Hibernate mapping file is generated under the wagbydesigner \ webapps \ wagbydesigner \ WEB - INF \ env \ work \ srcgen \ webpage \ WEB - INF \ classes folder under the model ". Hbm.xml" extension format.

The entry "case 2" corresponds to "2. Define a different model with the logon account as the primary key".In this case, for the lines below case 2Remove the first semicolon (;) and enable this setting.

jp.jasminesoft.jfc.HibernateUserInfo.getEmailByUserid.query=\
 select c.mailaddress_ from jp.jasminesoft.wagby.model.staff.Staff as c where c.userid_ = :userid

Then rewrite this SQL as necessary.Specifically, the mail address item name (English) on the definition file is entered in "mailaddress" part of select c.mailaddress_ ... ...Modify the model name (from Staff in this example) in the from clause appropriately.

For case 1 and case 2, please enable only one of them.You can not enable both.

Delete the entries for * other than this modification *.The myjfcbase.properties file is automatically merged with the original file at build time.(For deleted parts, the value of the original file jfcbase.properties is used.In other words, myjfcbase.properties describes only the difference information from the original file.)

Depending on the user you want to specify a different email address

Even if you set up to use the e-mail address held inside the system as described above, the user can individually enter another e-mail address from the "preferences" screen.In this case, the setting on the preference screen takes precedence.

I want to register the e-mail address for password reminder function at once

By defining mail address items referenced by USESQL for juser models, staff models, etc., administrators can register data collectively using the CSV upload update function.

Even in this case, if the user specifies a mail address on the preference screen, that will take precedence.

In "Customize> Preferences" in the environment menu, you can specify "Switchable by user" on password reminder.

Figure 12 Setting preferences

The difference in behavior by the setting in Figure 12 is as follows.

When the user setting change possible is "enabled"

If you set "Password reminder" to "use" in the application's "preference" (Figure 9 on this page), take precedence over that setting.

If you do not use it, prioritize "initial value" in the definition file.

When "user setting change possible" is "impossible"

When the initial value of Fig. 11 was "use", this function is used.
This function is not used when the initial value of Fig. 11 is "not used".

Can I use the password reminder function separately or can I set the setting of itself without batch

can not.Since it is a design philosophy that the user himself opts in the function by enabling the function, it is a policy not to prepare a mechanism of collective registration.