如何从自己的AppEngine网络服务调用安全页面?
[英]How do I call a secured page from my own AppEngine web-service?
问题描述
To send a HTML email I'd like to call a different URL of my own App, to have the comfort of JSP for rendering the Email-content. 
要发送HTML电子邮件,我想调用我自己的应用程序的其他URL,以方便使用JSP呈现电子邮件内容。
To execute the HTTP-call to my own app I first tried to use " http://localhost/emailreport " as URL, but that failed with a DNS-error. 为了对我自己的应用程序执行HTTP调用,我首先尝试使用“ http:// localhost / emailreport ”作为URL,但是由于DNS错误而失败。 Next I tried the external URL: 接下来,我尝试了外部URL:
String appid = ApiProxy.getCurrentEnvironment().getAttributes()
.get("com.google.appengine.runtime.default_version_hostname").toString();
appid = appid.substring(0, appid.indexOf('.'));
URL url = new URL("http://" + appid + ".appspot.com/emailreport");
This works, but only for pages without security-constraints in web.xml. 这有效,但仅适用于web.xml中没有安全性约束的页面。 My emailreport however needs to be secured. 但是,我的电子邮件报告需要保护。
Any Idea how to retrieve that page? 任何想法如何检索该页面? Do I need to use a Service-Account-Key? 我需要使用服务帐户密钥吗? Isn't there a simple trick? 有没有简单的把戏?
ADDED: 添加:
I want to secure the pages by adding this to the web.xml: 我想通过将其添加到web.xml中来保护页面:
<security-constraint>
<web-resource-collection>
<web-resource-name>SecureName</web-resource-name>
<url-pattern>/mytask</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
1 个解决方案
解决方案1
0 2016-11-17 10:55:13
I solved it by using the following workaround: 我通过使用以下解决方法解决了它:
Caller creates a secret token and stores it in MemCache and adds a header to the request. 调用方创建一个秘密令牌并将其存储在MemCache中,并将标头添加到请求中。
Endpoint reads that header and compares it with the value in MemCache. 端点读取该标头并将其与MemCache中的值进行比较。 If it matches, it processes the request, otherwise it returns a 401. 如果匹配,则处理请求,否则返回401。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.