Liferay makes it easy to customize the registration process. Recently a customer required Liferay to do email address verification directly after registration and then auto login after verifying. This post shows how to use a hook to create your own Liferay custom registration process.

To use a hook, override two classes in liferay-hook.xml:


The first class, CustomCreateAccountAction, is the class called when the user registers. The code needs to redirect to the email verification page if successful.

actionResponse.sendRedirect(themeDisplay.getPathMain() + "/portal/verify_email_address");

When users are required to verify their email address, Liferay creates a Ticket object with a verification code. The verification code is sent to the user with a link via email. The link points to a page where the user can enter the verification code they were sent. The unique verification code is looked up in the Ticket table, and if matched the email address is considered verified.

In the second class, CustomVerifyEmailAddressAction, I needed to add the code below to validate the user verification key input and fetch the user that just verified. Here is how it is accomplished.

protected User verifyEmailAddress(HttpServletRequest request, HttpServletResponse response, ThemeDisplay themeDisplay)
        throws Exception {
    AuthTokenUtil.checkCSRFToken( request, CustomVerifyEmailAddressAction.class.getName());
    String ticketKey = ParamUtil.getString(request, "ticketKey");
    Ticket tick = TicketLocalServiceUtil.getTicket(ticketKey);
    //this is the email of the user
    String email = tick.getExtraInfo();
    return UserLocalServiceUtil.getUserByEmailAddress(themeDisplay.getCompanyId(), email);

Add a new method for auto login

public static void login(User user, HttpServletRequest request) throws Exception {
    String username = String.valueOf(user.getUserId());
    String password = user.getPassword();
    boolean encPassword = user.isPasswordEncrypted();
    HttpSession session = request.getSession();
    session.setAttribute("j_username", username);
    if (encPassword) {
        session.setAttribute("j_password", password);
    } else {
        throw new Exception("Password encryption not implemented");
    session.setAttribute("j_remoteuser", username);

Finally, in the execute method of CustomVerifyEmailAddressAction, call the two methods this way:

User user = verifyEmailAddress(request, response, themeDisplay);
if(user != null){
  login(user, request);
  response.sendRedirect(PortalUtil.getPathMain() + "/portal/login");


Share This