contextfw/gist:1049718

## gistfile1.java
// NOTE. This example is extremely simplified and shows only the idea.

public interface AuthService {

    boolean login(String username, String password);

    /**
     * 1. Generates random key
     * 2. Sends key to given email if it was registered
     * 3. Returns the generated key
     */
    String sendPasswordRequest(String email);

    String findUsernameByEmail(String email);

    void savePassword(String username, String newPassword);
}


public class Authenticator extends Component {

    AuthService authService;

    String email = null;
    String securityKey = null;

    @Attribute
    String username; = null;

    /**
     * Remoted means that method is callable from web client.
     */
    @Remoted
    public void login(String username, String password) {
        if (authService.login(username, password)) {
           // Do something here. Probably reload page
        } else {
           // Show an error message
        }
    }

    @Remoted
    public void requestPasswordChange(String email) {
        this.email = email;
        this.securityKey = authService.sendPasswordRequest(email);
        // Inform the user that request has been sent to given email
        // and should be checked.
    }

    /**
     * This is called when user has copied the key from email and is entered to
     * proper input field.
     */
    @Remoted
    public void recoverPassword(String securityKey) {
        if (this.email != null && this.securityKey.equals(securityKey)) {
            this.username = authService.findUsernameByEmail(this.email);
            // Show the username to user
        } else {
            // Show an error
        }
    }

    @Remoted
    public void changePassword(String newPassword) {
        if(this.username != null) {
            authService.savePassword(this.username, newPassword);
            // Show confirmation of succesfull password change
        } else {
            // Show error message stating that recovery process has
            // not yet been finished.

            // Also, if this happens there is high chance that the request
            // is forged and should probably be logged.
        }
    }
}
	// NOTE. This example is extremely simplified and shows only the idea.

	public interface AuthService {

	boolean login(String username, String password);

	/**
	* 1. Generates random key
	* 2. Sends key to given email if it was registered
	* 3. Returns the generated key
	*/
	String sendPasswordRequest(String email);

	String findUsernameByEmail(String email);

	void savePassword(String username, String newPassword);
	}


	public class Authenticator extends Component {

	AuthService authService;

	String email = null;
	String securityKey = null;

	@Attribute
	String username; = null;

	/**
	* Remoted means that method is callable from web client.
	*/
	@Remoted
	public void login(String username, String password) {
	if (authService.login(username, password)) {
	// Do something here. Probably reload page
	} else {
	// Show an error message
	}
	}

	@Remoted
	public void requestPasswordChange(String email) {
	this.email = email;
	this.securityKey = authService.sendPasswordRequest(email);
	// Inform the user that request has been sent to given email
	// and should be checked.
	}

	/**
	* This is called when user has copied the key from email and is entered to
	* proper input field.
	*/
	@Remoted
	public void recoverPassword(String securityKey) {
	if (this.email != null && this.securityKey.equals(securityKey)) {
	this.username = authService.findUsernameByEmail(this.email);
	// Show the username to user
	} else {
	// Show an error
	}
	}

	@Remoted
	public void changePassword(String newPassword) {
	if(this.username != null) {
	authService.savePassword(this.username, newPassword);
	// Show confirmation of succesfull password change
	} else {
	// Show error message stating that recovery process has
	// not yet been finished.

	// Also, if this happens there is high chance that the request
	// is forged and should probably be logged.
	}
	}
	}