CODEWITHSUNDEEP
javaspringspring-mvc
Ilia Calinin
Ilia Calinin

Reputation: 13

How to set access for a jsp page, only via link

I'm new at spring, but here I have some problem, and I cant find any answer. So, I need to set access for a registration page, only for users who have a link from admin. I see that like, admin send the link and only one user can enter and register, after that link will be unavailable. First of all, I know that admin should generate some link, but I don't know how to. And I don't know how to set that access from a link. Well, I can say that I don't know anything :) Can you help me? Like I cant even find some tutorials or information about this. The code is:

protected void configure(final HttpSecurity http) throws Exception {
        http
                .csrf().disable()
                .authorizeRequests()
                    .antMatchers("/").permitAll()
                    .antMatchers("/index").hasAnyRole(USER, ADMIN)
                    .antMatchers("/admin").hasRole(ADMIN)
                    .antMatchers("/addUser").hasRole(ADMIN)
                .and()
                    .formLogin()
                    .loginPage("/login")
                    .defaultSuccessUrl("/index")
                    .failureUrl("/login?error")
                    .usernameParameter("username")
                    .passwordParameter("password")
                .and()
                    .logout()
                    .logoutSuccessUrl("/login?logout")
                .and()
                    .exceptionHandling()
                    .accessDeniedPage("/login")
                .and()
                    .rememberMe()
                    .rememberMeParameter("remember-me")
                    .tokenRepository(persistentTokenRepository())
                    .tokenValiditySeconds(900);
    }

Admin page where is button for register new user

<%@ page language="java" contentType="text/html; charset=ISO-8859-1" pageEncoding="ISO-8859-1"%>
<%@ page isELIgnored="false" %>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
<%@ taglib prefix="spring" uri="http://www.springframework.org/tags" %>


<html>

<head>
    <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
    <title>Users List</title>
    <link href="<c:url value='/resources/css/bootstrap.min.css' />" rel="stylesheet"></link>

</head>

<body>
<div class="generic-container">
    <%--<%@include file="authheader.jsp" %>--%>
    <div class="panel panel-default">
        <!-- Default panel contents -->
        <div class="panel-heading"><span class="lead">User Administration</span></div>
        <table class="table table-hover">
            <thead>
            <tr>
                <th>Username</th>
                <th>Firstname</th>
                <th>Lastname</th>
                <th>Email</th>
                <th>Role</th>
                <sec:authorize access="hasRole('ADMIN')">
                    <th width="100"></th>
                </sec:authorize>
                <sec:authorize access="hasRole('ADMIN')">
                    <th width="100"></th>
                </sec:authorize>
            </tr>
            </thead>

            <tbody>
            <c:forEach items="${users}" var="user">
                <tr>
                    <td>${user.username}</td>
                    <td>${user.firstname}</td>
                    <td>${user.lastname}</td>
                    <td>${user.email}</td>
                    <td>${user.roles}</td>
                    <sec:authorize access="hasRole('ROLE_ADMIN')">
                        <td><a href="<c:url value='/edit-user-${user.username}' />" class="btn btn-success custom-width">edit</a></td>
                    </sec:authorize>
                    <sec:authorize access="hasRole('ROLE_ADMIN')">
                        <td><a href="<c:url value='/delete-user-${user.username}' />" class="btn btn-danger custom-width">delete</a></td>
                    </sec:authorize>
                </tr>
            </c:forEach>
            </tbody>
        </table>
    </div>

    <sec:authorize access="hasRole('ADMIN')">
        <div class="well">
            <a href="<c:url value='/addUser' />">Add New User</a>
        </div>
    </sec:authorize>
</div>
</body>
</html>

If you well need some additional code, tell me. Sorry if something wrong, it's my second question here.

Upvotes: 1

Views: 310

Answers (1)

don
don

Reputation: 144

You can generate a token (which will be hard to guess)

UUID id = UUID.randomUUID();
String t = id.toString();
//your link generation goes here
String link  = baseUrl+"/register?token="+t;
//Save the token in db with a field expired=false
Token token = new Token();
token.setUuid(t);
token.setCreatedDate(new Date());
token.setExpired(false);
tokenRepo.save(token)

In the request handling, get the token into the RestController and

//let t be the captured token
Token token = tokenRepo.findByUuid(t);
if(token.expired){
//tell them link is expired
}else{
token.setExpired(true)
//give them the reg page and take it from here
}

Upvotes: 1

Related Questions