如何安全建立两个应用程序之间建立在谷歌应用程序引擎上的沟通 [英] How to securely establish communication between two apps built on google app engine?
问题描述
我们遇到了两个在谷歌应用程序引擎(java)上制作的应用程序,我们之间需要建立安全通信。基本上,我们有:
APP1:<公共> APP,它基于JSON格式的请求提供JSON格式的数据。这些数据是私人的,仅针对特定请求。
APP2:内部/非公开APP向JSON中的APP1请求数据格式,并需要以JSON格式接收响应。
上面的场景工作正常,我们有两个应用程序彼此进行通信。然而,我们需要这种沟通是安全的,我们需要确定(授权和认证过程),这是真正向APP1请求数据的APP2。
想到很多方法,但我们还没有遇到最终的解决方案,我希望有人实现了类似的东西。
$ b $ 1我们考虑过使用oAuth构建一个提供者APP,并通过该提供者使APP2订阅我们的APP1。我们之所以看这个解决方案,是因为未来我们可能会允许第三方应用(APP3)以订阅模式从APP1中获取数据。
问候。
现在,此功能已内置到App Engine API中。应用可以安全地将自己的身份提供给其他应用。
We have come across two apps made on google app engine (java) and we need to establish a secure communication between then. Basically we have:
APP1: "Public" APP that provides data in JSON format based on requests in JSON format. The data is private, subject just to the specific request.
APP2: "Internal/Not public" APP that request data to APP1 in JSON format and needs to receive response in JSON format.
The scenario above is working fine, we have both apps communicating between each other. However, we need this communication to be secure and we need to identify (authorization and authentication process) that is really the APP2 that is requesting data to the APP1.
We have thought of many approaches but we haven't come across a final solution, I was hoping someone has implemented something similar.
1) We thought about using oAuth, building a "Provider APP" and making APP2 subscribing to our APP1 through this provider. The reason for us to have look at this solution, it's that maybe in future we will allow a third party app (APP3) to consume the data from APP1 in a subscription mode.
Regards.
This functionality is now built into the App Engine API. Apps can securely assert their identity to other apps.
这篇关于如何安全建立两个应用程序之间建立在谷歌应用程序引擎上的沟通的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
