README notes

'Since we use Spring's 'username' column name in the DB (and not 'email' as planned), it is important to know that we expect the username to be the email of the user. we count on it by sending email to this address.' Currently, the flows jar supports all flows (except change password): forgot password, create account. a mail is sent to the inbox of the user (we assume that the 'username' is the email!), with a link with encrypted data. Endpoints in the flows jar handle these events respectively.
OhadR · Dec 4, 2013 · 823f289 · 823f289
1 parent a2ef907
commit 823f289
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -61,6 +61,10 @@ In DaoAuthenticationProvider.additionalAuthenticationChecks(), Spring checks the
 user entered, in front of the one in the DB. It calls to passwordEncoder.isPasswordValid().
 IT gets there only AFTER the check that user exists in 'user' table, *and in 'authorities' table*.
 
+Since we use Spring's 'username' column name in the DB (and not 'email' as planned), it is important to
+know that we expect the username to be the email of the user. we count on it by sending email to this 
+address.
+
 
 TODO:
 remember me - decide what to do