Already authorized access url send to customer by email, How to?

[mooniatico]

Hello.

I have a requisite to create an authorized url and send it by email to a client. So the client only have to push the url an access the application. In order to have a real security access, I need a way to send the autorization in the url.

Could you help me in the way to solution? Is there any way to do this?

Thanks in advance.

[romeo]

yuo can use something like openid

[mooniatico]

Thanks but it doesn´t resolve my problem. User can´t access without login.

I need some way to autorize a user by creating a url and send it to the client.

[Rob Winch]

Before I propose a solution to your goals, I would like to caution you that including the credentials in the URL sent in an email is not a secure solution. This is because SMTP is inherently insecure.

If you choose to (or are forced to) ignore this, then you will want to use some sort of token in the URL. A standard answer to providing access with a token would be to use OAuth and to include token in the url. Spring Security has an OAuth extension project that can help you to achieve this. A lower-fi solution would be to include something like the remember me tokens on the URL. You would then need to modify Spring Security to look at the URL instead of a cookie.

[mooniatico]

I was thinking on send user and password in a url, (I´m forced by a customer greatest mind), but a MD5 encoded password in the url. I suppose, this is not a great solution, and also have some security problems. But as the customer said "Customers are always right"..