GAE用户API和OAuth2 [英] GAE User API with OAuth2
问题描述
在我的servlet中,这是我对用户进行身份验证的方式
UserService userservice = UserServiceFactory.getUserService();
User user = userservice.getCurrentUser();
if(user == null){
response.redirect(userservice.createLoginURL(../userhome));
}
最近,在同一个项目中,我使用Google Cloud Endpoints进行身份验证数据使用JS客户端。 JS客户端授权使用Oauth
gapi.auth.authorize(...);
尽管它们属于同一个App Engine项目并共享相同的凭据,但servlet和JS客户端会问用户彼此独立登录 - 就好像他们是两个不同的应用程序一样。
我希望单一登录整个应用程序。我该怎么做呢?
以下是一些要点:
-
您必须在两个级别都进行身份验证。这是一个很好的做法,不会让您的功能在没有任何身份验证机制的情况下处于打开状态。
-
当您在客户端进行身份验证时,身份验证层将此
总而言之,如果您注意到,您并不是真的在服务器端再次进行身份验证。您只是检查身份验证是否完成,然后继续前进。用户对象传递给您的Google Cloud Endpoints代码。因此,如果您可以在您的Cloud Endpoints方法中注入User对象来提取用户的信息并根据需要执行您自己的授权,那就太好了。
Inside my servlets, this is how I authenticate user
UserService userservice=UserServiceFactory.getUserService();
User user = userservice.getCurrentUser();
if(user == null){
response.redirect(userservice.createLoginURL("../userhome"));
}
More recently, in the same project I used Google Cloud Endpoints with authentication to access data using a JS client. The JS client authorizes using Oauth
gapi.auth.authorize(...);
Although they belong to the same App Engine Project and share the same credentials, the servlet and JS client ask the user to sign in independent of each other - as if they were two different applications.
I want a single sign in for the whole application. How do I do this?
Here are some points:
It is important that you have authentication at both the levels. This is a good practice and does not leave your functionality open for execution without any authentication mechanism.
When you are doing the authentication on the client side, the whole authentication layer passes this
Userobject to your Google Cloud Endpoints code. So, it is good if you could inject theUserobject in your Cloud Endpoints method to extract out the information of the user and do your own authorization if needed.In summary, you are not really doing an authentication again at the Server side if you notice. You are only checking if the authentication is done or not and then proceeding forward.
这篇关于GAE用户API和OAuth2的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
