从Java客户端连接到App Engine上受管理员保护的网络服务
[英]Connecting to Admin secured webservice on App Engine from Java client
问题描述
I've got a simple Java tool that I use for calling webservices on App Engine to help me with maintenance and management. 
我有一个简单的Java工具,可用来在App Engine上调用网络服务,以帮助我进行维护和管理。 I currently secure the pages by only allowing admin access using the web.xml file and 我目前仅通过使用web.xml文件和
<security-constraint>
<web-resource-collection>
<web-resource-name>xxxxxx</web-resource-name>
<url-pattern>/xxxxxx</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
Which is fine when making calls from a browser as it goes through the authentication process, but if I want to access the page using a Java client what should my approach be? 在浏览器进行身份验证过程中从浏览器进行调用时,这很好,但是如果我想使用Java客户端访问页面,我的方法应该是什么?
1 个解决方案
解决方案1
1 2015-12-04 16:44:57
Typically, each of your requests must contain credentials that allow it to be executed. 通常,您的每个请求都必须包含允许其执行的凭据。 All requests without such credentials are rejected. 没有此类凭据的所有请求都将被拒绝。
In the most simple form, you can include a client-secret - a long random string that is very hard to guess - with your requests. 在最简单的形式中,您可以在请求中包含一个客户机密-一个很难猜的长随机字符串。 Your code will include this secret, while requests from outside won't know to include it. 您的代码将包含此秘密,而外界的请求将不知道包含此秘密。
For a more secure/robust implementation you may look at an existing library , but it may be too much for a simple tool. 为了实现更安全/可靠的实现,您可以查看现有的库 ,但是对于一个简单的工具而言,它可能太多了。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.