Google App Engine中的安全性错误
[英]Security Error in google app Engine
问题描述
i am trying to make an application in google app engine i am trying to authenticate a user in my google app. 
我正在尝试在Google App引擎中创建一个应用程序,我正在尝试对我的Google App中的用户进行身份验证。 it is working perfectly but when i enter user name and password of a user browser shows me a warning This is probably not the site you are looking for! 它工作正常,但是当我输入用户名和用户浏览器的密码时,会向我显示警告。这可能不是您正在寻找的网站!
You attempted to reach www.onemoredemo.appspot.com, but instead you actually reached a server identifying itself as *.appspot.com. 您试图访问www.onemoredemo.appspot.com,但实际上是到达了一个将自身标识为* .appspot.com的服务器。 This may be caused by a misconfiguration on the server or by something more serious. 这可能是由于服务器上的配置错误或更严重的情况引起的。 An attacker on your network could be trying to get you to visit a fake (and potentially harmful) version of www.onemoredemo.appspot.com. 您网络上的攻击者可能试图使您访问伪造(且可能有害)的www.onemoredemo.appspot.com版本。 You cannot proceed because the website operator has requested heightened security for this domain. 您无法继续,因为网站运营商已要求为此域提高安全性。
here is my servlet code 这是我的servlet代码
public class HelloWorld9Servlet extends HttpServlet {
public void doGet(HttpServletRequest req, HttpServletResponse resp)
throws IOException {
OAuthConsumer consumer;
OAuthProvider provider;
provider=new DefaultOAuthProvider("https://accounts.google.com/o/oauth2/auth",)
;
signer = new OAuthHmacSigner();
signer.clientSharedSecret = Constants.CONSUMER_SECRET;
consumer=new DefaultOAuthConsumer(Constants.CLIENT_ID,Constants.CLIENT_SECRET);
String redirect_uri="https://accounts.google.com/o/oauth2/auth?client_id="+
Constants.CLIENT_ID+"&redirect_uri="
+Constants.REDIRECT_URL+"&response_type="
+Constants.response_type+"&scope="
+Constants.SCOPE;
resp.sendRedirect(redirect_uri);
}
for redirecting him to google authentication page can any one please tell why i am getting this warning and how to remove this. 用于将他重定向到google身份验证页面的任何人都可以告诉我为什么我收到此警告以及如何删除此警告。 you can see the demonstration i hosted this app on onemoredemo.appspot.com 您可以在onemoredemo.appspot.com上看到我主持此应用程序的演示
1 个解决方案
解决方案1
0 2012-08-17 08:48:21
The wildcard https certificate that google uses covers *.appspot.com and *.*.appspot.com , but not all browsers accept this. google使用的通配符https证书涵盖*.appspot.com和*.*.appspot.com ,但并非所有浏览器都接受。 Some browsers (notably Firefox) complains about using *.*.appspot.com certificate. 一些浏览器(尤其是Firefox)抱怨使用*.*.appspot.com证书。
See: Wildcard subdomains on appengine over https on firefox 请参阅: 通过Firefox上的https通过Appengine上的通配符子域
Which browser are you using? 您正在使用哪个浏览器?
Edit: 编辑:
Solutions: 解决方案:
- Use ssl with custom domain , ie
www.onemoredemo.com将ssl与自定义域一起使用,即www.onemoredemo.com - Use only domain matching
*.appspot.com, ieonemoredemo.appspot.com仅使用匹配*.appspot.com域,即onemoredemo.appspot.com - Use alternate hostname notation as described in docs : replace
.使用docs :replace中所述的备用主机名表示法 .with-dot-, ie usewww-dot-onemoredemo.appspot.com使用-dot-,即使用www-dot-onemoredemo.appspot.com
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.