如何在登录名中使用自定义身份验证:app.yaml中的required属性(Google App引擎,python)
[英]How to use custom authentication with the login: required attribute in app.yaml ( Google app engine, python )
问题描述
On Google app engine I use a custom user class with methods. 
在Google App Engine上,我使用带有方法的自定义用户类。 ( Not the class and functions provided by webapp2 ) (不是webapp2提供的类和功能)
However, I still need to block users from accessing certain static directory url's with html pages behind them. 但是,我仍然需要阻止用户访问后面带有html页面的某些静态目录url。 The current solution I have is that the user authentication happens after the user visits the page, but they still see the entire page loaded for a moment. 我目前拥有的解决方案是,用户身份验证是在用户访问页面后进行的,但是他们仍然会看到加载的整个页面片刻。 This looks bad and is not very secure. 这看起来很糟糕,也不是很安全。
How can I use a custom authentication option with the login : required attribute in the YAML file? 如何在YAML文件中的login:required属性中使用自定义身份验证选项? So that users are immediately redirected ( before landing on the page ) when they are not logged in. 这样,当用户未登录时,他们会立即被重定向(在登陆页面之前)。
1 个解决方案
解决方案1
2 已采纳 2015-03-27 22:45:30
Essentially, you have the following alternatives: either give up on static file / dir serving directly from App Engine infrastructure (transparently to your application), or give up on using your custom user class for authentication. 从本质上讲,您有以下选择: 要么放弃对静态文件/目录直接从App Engine的基础设施服务(透明到您的应用程序), 或放弃使用自定义用户类进行身份验证。
I suspect you'll pick the first alternative, serving all files from your app (at least, all files that must be kept secret from all but authorized users) -- that "just" costs more resources (and possibly slightly increases latency for users), but lets you implement whatever functionality you require. 我怀疑您会选择第一种方法,即从您的应用程序中提供所有文件(至少,所有文件必须对所有未经授权的用户保密)–“仅”花费更多资源(并且可能会稍微增加用户的延迟) ),但可让您实现所需的任何功能。
The advantage of serving static files/dirs directly with the static_files: &c directives in app.yaml is that your app does not actually get involved -- App Engine's infrastructure does it all for you, which saves you resources and possibly makes things faster for users (better caching/CDN-like delivery). 直接使用static_files:提供静态文件/目录的static_files: app.yaml &c指令实际上并未涉及您的应用程序– App Engine的基础结构为您完成了所有操作,从而节省了资源,并可能使用户的工作更快(更好的缓存/类似CDN的传递)。 But if your app does not actually get involved, then how could any code you wrote for custom auth possibly be running?! 但是,如果您的应用并未真正参与其中,那么您为自定义身份验证编写的任何代码将如何运行? That would be a logical contradiction... 那将是一个逻辑上的矛盾。
If you're reluctant to serve static files from your app specifically because they're very large, then you can get the speed fully back (and then some), and some resource savings back too, by serving the URL from your app, but then, after authentication, going right on to Google Cloud Storage for it to actually do the serving. 如果您不愿意专门从应用程序中提供静态文件,因为它们很大,那么可以通过从应用程序中提供URL来完全恢复速度(然后恢复一些速度),并节省一些资源,但是然后,在身份验证之后,将会对上至谷歌云存储为它实际上做的服务。
More generally, a mix of files you don't actually need to keep secret (place those in static_dir &c app.yaml directives), ones that are large enough to warrant serving from Cloud Storage, and ones your app can best serve directly, can let you optimize along all fronts -- while keeping full control of your custom auth wherever it matters! 更一般而言,您实际上不需要保密的文件混合(将这些文件放置在static_dir&c app.yaml指令中),足够大以保证可以从Cloud Storage提供服务的文件以及可以最好直接提供服务的文件可以让您全方位地进行优化-不论何时何地都能完全控制自定义身份验证!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.