Home/ Questions/Q 8064815
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-05T11:29:01+00:00

I have a website that outputs Excel reports with hyperlinks back to secure content.

  • 0

I have a website that outputs Excel reports with hyperlinks back to secure content. One of the links would look like this…

http://www.[site].com/externalLinkDigester?externalSession=[SHA Encrypted Text]

The query string argument (externalSession) is a unique alphanumeric string that is only valid for 24 hours and can only be accessed by the user who created the report. My controller looks something like this…

class ExternalLinkDigester{

   def springSecurityService;

    def index = {
        def currentUser = springSecurityService?.currentUser

        if (!currentUser){
            redirect(controller:'login')
        }

        def request = ExternalSession.findByName(params.externalSession);

        if (request.isExpired(){
            //show expired content page
        }


        if (sameUser(currentUser, request.user){
            //show content
        }else{
            redirect(controller:'login')
        }



    }
}

The problem is that no matter what the springSecurityService.currentUser is always null when coming form an external program like Excel even when I am logged before clicking the link however, if I copy and paste the link into the browser it seems to work fine. Help!

How can I securely access content this way?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Is it possible that Excel is opening up a different browser than the one you logged in with (eg. you logged in with Firefox and when clicking the link within excel, it defaults to opening the link within Internet Explorer). The new browser will not have the session cookie for the authenticated session so “currentUser” will appear as null.

    • 0