Dear Sir,
I have experience in Java for 7+ years and I have done simmilar programming for several software systems.
I could explain how is my approach to develop your requirement.
1. User clicks on 'forgot password' link and user will be redirect forgot password page to enter username.
2. Once username enters and click submit, 'ForgotPassword' http servlet will be called and it will verify whether the username exist on the database.
3. I will use a test database (Mysql) with following;
create table userlogin (id int PRIMARY KEY, username varchar (255), password varchar (255), email varchar(255),forgotusrrequested boolean, forgotrequeston timestamp, forgottoken varchar(128));
4. If username not available on the database reply mentioning that 'User name not found'.
5. If username available, userlogin will be updated with 'forgotusrrequested = true', 'forgotrequeston = <current timestamp>', 'forgottoken = <system generated random code>' and an email will be sent to the email address including 'username' and the 'forgottoken'.
6 When user returning from the email link which is sent, it will be calling 'PasswordReset' http servlet and verify wether the username and the forgottokens are matching. And after it will check the returning time stamp and 'forgotrequeston' difference is less than or equal to 24 hours.
7. If validation on point 6 is success, user will be redirected to password reset page.
I'm ready to discuss any changes and ready to start immediately. Thanks