Google App Engine上的安全性(Java) - Servlet SSL? [英] Security on Google App Engine(Java) - Servlet SSL?
问题描述
是否可以在web.xml中使用SSL中的一种servlet映射?
我有一个网站使用GWT浏览器访问和手机访问gae通过servlet中的简单HttpServletRequest。
设置:
$ b
- 浏览器GWT访问
对于该网站,用户通过Google帐户或Facebook登录。然后用户与该网站进行交互 - 由于我使用的是Google App Domain,因此无法在此处设置SSL。
我猜这个有关用户和密码的通信是安全的,在这个senario中有令牌等吗?
- Mobile Access
用户通过手机与Google App Engine(Java)进行交互 - 用户和密码随每次通话传递。这我需要SSL和安全。
我见过这样想:在我的GAEJ应用程序中谨慎使用https
但我没有使用移动访问的RPC。
对此的任何想法 - 提前致谢
此致
因此,我想在Google Ap Engine上使用SSL,但在我的场景中是否可行
是的,可以在appengine中使用ssl,但必须使用* .appspot.com域名,而不是您自己的域名。
请参阅以下链接以获取有关在web.xml中保护appengine中特定网址的信息
http://code.google.com/appengine/docs/java/config/webxml.html#Secure_URLs
Is it possible to use SSL one one of the servlet-mappings in web.xml?
I have a site using GWT for browser access and mobile phones accessing the gae via simple HttpServletRequest in servlets.
The setup:
- Browser GWT Access
For the site, the user log in via Google Account or Facebook. Then the user interacts with the site - no SSL setup here as I am using Google App Domain. I guess the communication regarding user and password is safe in this senario with tokens etc. right?
- Mobile Access
The user interacts with the Google App Engine(Java) from Mobile phones - the user and password is passed along each call. This I need to be SSL and safe.
I have seen thinks like this: using https sparingly in my GAEJ app
But I am not using RPC from the mobile access.
Any thoughts on this - Thanks in advance
Regards
Therefore I am thinking SSL on the Google Ap Engine, but is it posible in my scenario
Yes, it is possible to use ssl with appengine but you have to use the *.appspot.com domain, not your own domain name.
See the following link for information about securing specific urls in appengine in web.xml http://code.google.com/appengine/docs/java/config/webxml.html#Secure_URLs
hth
这篇关于Google App Engine上的安全性(Java) - Servlet SSL?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!