During user registration Tolven reduces the likelihood of malicious registrations by requiring that the user have a valid email account and that email account is verified using the process described below.


Mail Configuration


How it Works

Tolven invitations are constructed in an asynchronous process (in a Message Driven Bean) fed by messages sent through a JMS queue. This process, in turn, calls back into the Tolven application to construct the HTML content of the message. In effect, this callback resembles a user sitting at a browser but Tolven captures the response and stores it in the message body. In order to facilitate this connection back to itself, Tolven must know what the host, port, and context root is of the application. (In a larger implementation, this might actually point to a separate Tolven server that won’t interfere with live HTTP traffic.)


The following Properties apply to activation invitations

Name Value Description localhost The domain name or IP address of the Tolven server. localhost is usually sufficient.
tolven.invitation.port 8080 The port that the Tolven web server is listening on. This is usually 8080 during development and 80 for production.
tolven.invitation.root /Tolven Provide the context root of the Tolven web application
tolven.invitation.replyTo When an invitation is sent, this url will be included in the message to allow the receiver to get back into the Tolven application and take action on the message. The host and port (if not 443) should point the user directly back to your running Tolven application. Use either a DNS name or numeric IP address. Localhost won’t work unless you only send invitations to yourself (the sys admin).

Here is an example of what the invitation configuration would look like if you only wanted the application to work for users logged into the same system as the jboss (web) server. While not very practical, it is easy to change later by substituting localhost with the IP address or DNS name of the server and restarting the server:

Process Flow

  1. Upon submission of the registration request, the user is added to ldap, synchronously, in order to reserve the user name.
  2. A task is then scheduled on the invitation queue that completes the activation by sending an invitation to the email address of the new user.
  3. When the user provides a valid, matching invitation id from the email, the Tolven account is created.
  4. At this point, the user can login to Tolven


  • If the user attempts to login to their new account, Tolven will issue an error indicating that the user is valid but is awaiting activation.
  • If the user does not complete the activation within the specified time interval, an email is sent to the user’s email address telling the user that their activation has expired and inviting them to try again.


Back to the top
Back to the top

In Production

The Tolven Platform is rapidly becoming the most widely adopted open source solution for healthcare information technology globally. Tolven clients in Europe, North America, and Asia are leveraging the breadth of solutions the Tolven technology can support to serve their needs.

The Tolven Platform

The Tolven Platform takes advantage of a broad, flexible, and open source architecture that gives healthcare and life sciences professionals as well as patients the information they need in an open and extensible solution. The Tolven Platform and applications have global applicability.

Read more