Home/ Questions/Q 4009032
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-20T08:49:40+00:00

I am building web application where i am building the first stage with user

  • 0

I am building web application where i am building the first stage with user registration and login.

I am thinking of

class User 
{
    private userid;
    private firstname
    .........
    //getters and setters
}

class UserService {

    public boolean authenticate(username, password) {}
    public addUser()
    public saveuser()
    public ConfirmEmail()
    public resetPassword()
    ......

}

I have few questions

  1. Is my approach correct?
  2. Also i have diff function in front end and for backend admin user, so should i put all in one class or, i have to make diff for front end and backend?
  3. As this is the most common thing which every organisation requires, so is it possible to find it from internet so that i can see how enterprise people approach this?
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    First thing, I’d look at whether you can use another authentication system like Google or Facebook, or Open ID (StackOverflow uses these and more).

    Secondly, I’d look into using a security framework like Spring Security.

    Finally, if you want/need to do it on your own from scratch, here are some pointers

    • Always store passwords using a 1-way hashing mechanism e.g. SHA
    • Use salt when hashing your password – you should have a random salt value per password (see this SO question for it’s length)
    • You can also have a constant application-wide salt value that is not stored next to the password
    • Give the users roles. This will solve your front end/back end users problem

    I’m assuming you’re using a database. Here’s an example schema (MySQL)

    CREATE TABLE users (
  id INTEGER UNSIGNED NOT NULL PRIMARY KEY AUTO_INCREMENT
  mail VARCHAR(255) NOT NULL,
  name VARCHAR(255) NOT NULL,
  enc_password VARCHARCHAR(64) NOT NULL,
  salt CHAR(8) NOT NULL,
  is_mail_authenticated TINYINT(1) UNSIGNED NOT NULL DEFAULT 0,
  UNIQUE KEY (mail)
) ENGINE = InnoDB;

CREATE TABLE roles (
  id INTEGER UNSIGNED NOT NULL PRIMARY KEY AUTO_INCREMENT
  name VARCHAR(32) NOT NULL,
  UNIQUE KEY (name)
) ENGINE = InnoDB;

CREATE TABLE users_roles (
  user_id NTEGER UNSIGNED NOT NULL,
  role_id NTEGER UNSIGNED NOT NULL,
  FOREIGN KEY (user_id) REFERENCES users (id),
  FOREIGN KEY (roel_id) REFERENCES roles (id),
) ENGINE = InnoDB;

    That’ll do it for a very basic user model. You’ll need a tool to generate your salt. I’d use randomAlphanumeric from Apache commons lang.

    You may want to add some stuff to lock user accounts after too many failed login attempts. And you may want to track the IP with which they’ve logged in from. This is left as an exercise to the reader 🙂

    I added the is_mail_authenticated field to track whether the user had authenticated their mail. This is usually accomplished by clicking a link from one’s email.

    • 0