java - Saving the values to the database without log in into the application -


i working on java/j2ee based web application have 1 module called leave management in when employee request leave manager approves or reject leave log in application,here log in application creates overhead user , trying implement feature manager can approve or reject his/her mail mail sent manager every time employee request leave based on parameters in url in link without log in application https://my.xyz.com//leave#leavereq#123#1545#state

so question

  1. is possible achieve without log in application , saving values database , without breaching security.

2.if yes, how can implement this?

yes could. pass in other parameters call token contain "random" string in database.

each request doesn't require authentication should pass in token. check token in database if there request, if not, know do. if token consumed, either delete db (meaning each token one-time use only).

edit: regarding whether correct manager approves/reject, that's difficult without authentication identity manager.

we rely on fact that url can used once, , can seen on email of appropriate person.


Comments

Popular posts from this blog

c# - Better 64-bit byte array hash -

webrtc - Which ICE candidate am I using and why? -

php - Zend Framework / Skeleton-Application / Composer install issue -