Connecting to Admin secured webservice on App Engine from Java client
Question
I've got a simple Java tool that I use for calling webservices on App Engine to help me with maintenance and management. I currently secure the pages by only allowing admin access using the web.xml file and
<security-constraint>
<web-resource-collection>
<web-resource-name>xxxxxx</web-resource-name>
<url-pattern>/xxxxxx</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
Which is fine when making calls from a browser as it goes through the authentication process, but if I want to access the page using a Java client what should my approach be?
1 answers
solution1
1 2015-12-04 16:44:57
Typically, each of your requests must contain credentials that allow it to be executed. All requests without such credentials are rejected.
In the most simple form, you can include a client-secret - a long random string that is very hard to guess - with your requests. Your code will include this secret, while requests from outside won't know to include it.
For a more secure/robust implementation you may look at an existing library , but it may be too much for a simple tool.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.