Hello, I have problems and I could not find a solution.

I need to set access to the registration page only for those users who received a link from the admin. I imagine it this way - the admin sends the link and only one user can access it, after the link is not active.

I understand that the admin should generate a link, but I do not know how. And I do not know how to establish access to this link. Did not find information how to do it.

Code:

protected void configure(final HttpSecurity http) throws Exception { http .csrf().disable() .authorizeRequests() .antMatchers("/").permitAll() .antMatchers("/index").hasAnyRole(USER, ADMIN) .antMatchers("/admin").hasRole(ADMIN) .antMatchers("/addUser").hasRole(ADMIN) .and() .formLogin() .loginPage("/login") .defaultSuccessUrl("/index") .failureUrl("/login?error") .usernameParameter("username") .passwordParameter("password") .and() .logout() .logoutSuccessUrl("/login?logout") .and() .exceptionHandling() .accessDeniedPage("/login") .and() .rememberMe() .rememberMeParameter("remember-me") .tokenRepository(persistentTokenRepository()) .tokenValiditySeconds(900); }

Admin panel with new user registration:

 <%@ page language="java" contentType="text/html; charset=ISO-8859-1" pageEncoding="ISO-8859-1"%> <%@ page isELIgnored="false" %> <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %> <%@ taglib prefix="spring" uri="http://www.springframework.org/tags" %> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> <title>Users List</title> <link href="<c:url value='/resources/css/bootstrap.min.css' />" rel="stylesheet"></link> </head> <body> <div class="generic-container"> <%--<%@include file="authheader.jsp" %>--%> <div class="panel panel-default"> <!-- Default panel contents --> <div class="panel-heading"><span class="lead">User Administration</span></div> <table class="table table-hover"> <thead> <tr> <th>Username</th> <th>Firstname</th> <th>Lastname</th> <th>Email</th> <th>Role</th> <sec:authorize access="hasRole('ADMIN')"> <th width="100"></th> </sec:authorize> <sec:authorize access="hasRole('ADMIN')"> <th width="100"></th> </sec:authorize> </tr> </thead> <tbody> <c:forEach items="${users}" var="user"> <tr> <td>${user.username}</td> <td>${user.firstname}</td> <td>${user.lastname}</td> <td>${user.email}</td> <td>${user.roles}</td> <sec:authorize access="hasRole('ROLE_ADMIN')"> <td><a href="<c:url value='/edit-user-${user.username}' />" class="btn btn-success custom-width">edit</a></td> </sec:authorize> <sec:authorize access="hasRole('ROLE_ADMIN')"> <td><a href="<c:url value='/delete-user-${user.username}' />" class="btn btn-danger custom-width">delete</a></td> </sec:authorize> </tr> </c:forEach> </tbody> </table> </div> <sec:authorize access="hasRole('ADMIN')"> <div class="well"> <a href="<c:url value='/addUser' />">Add New User</a> </div> </sec:authorize> </div> </body> </html>

If you need more code, lay out.

  • one
    This is the site of the Russian-speaking community, either ask a question in Russian, or ask it on stackoverflow.com - JK_Action

1 answer 1

There are a lot of solution options, at first glance I would add a string generator and such an implementation:

  • admin generates a string of a certain or arbitrary length
  • the string is saved on the server
  • admin sends the link with the string to the url for example https://example.com/lolgin/tRdskjb33_dksvlg_3444_dskdl
  • the user clicks the link, the string from the URL is checked on the server, is there such, if there is - the value is assigned that the transition is made
  • the string was used, the next time the check will not allow the user to the site

In general, read about cookies and how they can be used to limit user content.

  • How to generate this string? Where to send it? Generally a lot of questions) - Ilia Calinin
  • Google "string generator", "http data exchange" for your language, framework, etc. - Igor Lavrynenko