Good morning Bruno,
The required configuration seems reasonable and the workflow is as
discussed in a previous thread.
Does it make sense to validate that the passed value is e-mail address
(maybe by using Apache Commons EmailValidator) before passing it to the
service?
btw I had to catch an InvalidKeySpecException inside TokenServiceImpl
class in order to compile the password-reset.
On Thu, 2013-12-12 at 03:49 -0200, Bruno Oliveira wrote:
Open questions
- The usability is easy, tricky..the configuration files are too much?
- Where the package “api” should be added? ag-security? nowhere?
- Is the workflow ok for you?
Thoughts, suggestions?