COMP 405
|
Authentication in GAE |
![]() ![]() ![]() ![]() ![]() ![]() ![]() |
You can restrict access to a URL to only those clients that are logged in either as regualr Google users or administrators for your application.
All you need to do is add a login parameter to the URL route to that page. For example:
- url: /[url path]/* # this covers all pages in the folder. # other parameters... login: admin
Your app can authenticate users using any one of 3 options:
The following discussion covers the logging of a browser-based client into a server app, not one server app logging in to another server app.
The logging in and out process involves the creation of URLs to which clients are directed to perform the actual log in/out. Embedded in this URL however is a second URL to which the user is automatically redirected after the log in/out is performed. This process insures that the proper authenticating host is the one performing the log in/out but does it in a semi-transparent way to the application.
The following example only works on the server-side:
UserService userService = UserServiceFactory.getUserService(); // Get the User service if (!userService.isUserLoggedIn()) { // check if the user is already logged in String loginURL = userService.createLoginURL( logged_in_URL ); // The logged_in URL is often this page, since it can handle a logged in user. // direct the user to this login URL } else { String logoutURL = userService.createLogoutURL( log_out_URL ) // log_out_URL is often the app's home page // Use this URL in a log out button or the like String userNickname = userService.getCurrentUser().getNickname(); // Get some info about the user // Do processing as per a logged in user }
Since authentication is fundamentally a server-side operation, you can't even import the com.google.appengine.api.users package in GWT client code.
Fundamentally, what one has to do is to go through the server to get any authentication information, e.g. user info, log in/out URLs, etc. There are two ways to do this:
© 2013 by Stephen Wong