Shiro does not provide any database write logic out of the box, there are a lot of things at play here, mail server config, db update command, password reset GUI, etc.
Take a look at this: https://github.com/apache/shiro/blob/1.3.x/core/src/main/java/org/apache/shiro/realm/SimpleAccountRealm.java#L162-L164 (this is not a complete example, as you would still need to handle the ExpiredCredentialsException) There was also a related thread a few days ago: http://shiro-user.582556.n2.nabble.com/Shiro-and-OTP-MFA-tc7581190.html On Tue, Aug 2, 2016 at 9:25 AM, I PVP <[email protected]> wrote: > What is the recommended approach to implement password reset functionality > with Shiro ? > > Should I just generate a new password, update the database, send to the > end user over email and force the user to change on the next login? Or Is > there something more elegant that should be done using Shiro ? > > > Thanks > > IPVP > >
