堆栈内存溢出
  简体   繁体   English

App Engine中的UserService,OAuth和AJAX

[英]UserService, OAuth, and AJAX in App Engine

 原文  2013-11-02 20:40:43       java/ google-app-engine/ oauth-2.0/ google-cloud-endpoints

问题描述

I'm running a webapp that checks if a user is logged in with UserService , then shows them their homepage if they are, or redirects them to a login screen if not. 我正在运行一个webapp,该应用程序检查用户是否使用UserService登录,如果显示则显示他们的主页,如果不是,则将他们重定向到登录屏幕。 Once on the page, I would like to be able to update specific portions using AJAX when they click certain elements. 一旦在页面上,当他们单击某些元素时,我希望能够使用AJAX更新特定部分。 Now, I have already written a REST API in the same GAE project using Cloud Endpoints that gets all the information I want, and so in the spirit of DRY I would rather use my own API than write new servlets to handle these requests. 现在,我已经使用Cloud Endpoints在同一GAE项目中编写了REST API,该REST API获取了我想要的所有信息,因此,本着DRY的精神,我宁愿使用自己的API而不是编写新的servlet来处理这些请求。

The problem is that I need to generate an OAuth token in order to access the API. 问题是我需要生成OAuth令牌才能访问API。 I can easily do this from the Google API JavaScript Client Library, but then my user needs to re-authenticate for the rest API, which is not only bad from a UX perspective, but more importantly exposes my client id in the page's javascript and passes a token through HTTP (non- SSL ) headers. 我可以轻松地从Google API JavaScript客户端库中执行此操作,但是我的用户需要重新验证其余的API,这不仅从UX角度来看是很糟糕的,而且更重要的是,我的客户端ID在页面的javascript中公开并通过通过HTTP (非SSL )标头的令牌。

The only option I see is to write a servlet for each request and have duplicate work. 我看到的唯一选择是为每个请求编写一个servlet,并且有重复的工作。 But conceptually, I'm already logged in to Google , so I should just be able to access the API. 但从概念上讲, 我已经登录了Google ,因此我应该能够访问该API。 How does one usually go about this? 通常情况如何? Am I thinking about it all wrong? 我在想这一切错吗?

1 个解决方案

解决方案1
 2 已采纳  2013-11-03 08:40:46

UserService and OAuth are two different authentication (and authorisation) mechanisms and you can not combine them. UserService和OAuth是两种不同的身份验证(和授权)机制,您不能将它们组合在一起。

If you do need OAuth to access some of the APIs than also use server side OAuth . 如果确实需要OAuth访问某些API,则还可以使用服务器端OAuth This way you can access APIs and replace UserService all in one go. 这样,您可以一次性访问API并替换UserService

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Google App Engine上的UserService问题 - Problems with UserService on google app engine Spring Security + Google App Engine + UserService:注销的正确方法是什么? - Spring Security + Google App Engine + UserService: What is the correct way to logout? UserService.getCurrentUser()在Google App Engine上返回null - UserService.getCurrentUser() returns null on Google App Engine Servlet中的App Engine UserService调用引发线程异常-Eclipse Java - App Engine UserService calls in servlet throw thread exception - Eclipse java 登录后如何使用Java在应用引擎上保留查询字符串(使用Google的`userService`)? - How to preserve a Query String after Login(using Google's `userService`) on app engine using Java? 如何在使用Google帐户UserService时更新App Engine应用程序名称 - How to update the App Engine Application Name when using Google Account UserService Google App Engine中的Spring OAuth失败 - Spring OAuth in Google App Engine fails Java App Engine OAuth RSA-SHA1 - Java App Engine OAuth RSA-SHA1 为什么我的oauth2配置不使用我的自定义UserService? - Why is my oauth2 config not using my custom UserService? 如何验证使用oauth2登录名的App Engine网站 - how to verify app engine site that use oauth2 login
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM