stackoom
  简体   繁体   中英

google app engine cloud endpoint security

 原文  2016-04-21 16:46:10       java/ security/ google-app-engine/ google-cloud-endpoints

Question

I am starting a new project and using javascript based UI as fronted and google cloud endpoints backed by google datastore for data storage.

I don't need to use any of the google services for user login etc. In other words, i will have my own table to store username, pwd and other profile info.

So, the questions are: 1. How will my service based frontend will hold the session? 2. How will it understand that requests are going for which user account to return user specific data?

Also to start with, I have so far created an endpoint which basically returns true or false on passing username to it. (just to mimic valid user or not).

The question is do i really need to configure any security to invoke this api from the javascript client i have?

2 answers

solution1
 1  2016-04-22 05:55:15

Even if you want to use custom usernames and passwords, you'll need more than just a process to send and retrieve this data from your endpoint.

Consider using something that's there already. Eg webapp2 has a basic auth module which allows you to have your own database with usernames and passwords but already has many required security measures in place.

A tutorial I've used to implement this in the past: https://blog.abahgat.com/2013/01/07/user-authentication-with-webapp2-on-google-app-engine/

solution2
 1  2016-04-23 06:38:44

So the basic answer is Google Cloud Endpoints is best suited for applications which users google accounts as authentication mechanism.

So if you are using cloud endpoints, and wanted to have custom authentication mechanism, you have to create your own.

How will my service based frontend will hold the session?

Upon successful authentication (by any form either user credentials, third party social login etc), you need to setup session for that user eg; by using session cookies.

How will it understand that requests are going for which user account to return user specific data?

Cloud Endpoint cannot tell that, so you have to write an custom filter or interceptor to check if valid session or cookie exists and either reject or continue the request.

To pass the current authenticated user who is requesting the api, you need to inject the user informations somehow (using DI, or request properties etc) into the ApiEndpoints, so with that you can process the request accordingly

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Connect to Cloud SQL with Google App Engine Endpoint Google App Engine Generating Cloud Endpoint failed due to connection reset How to create a rest endpoint using Google App Engine (Java) to upload multi part data to google cloud storage Security Error in google app Engine staging server for google-cloud endpoint app-engine connected android project "ClassNotFoundException: sun.security.provider.Sun" when running Google Cloud Dataflow pipeline in Google App Engine endpoint query from datastore google app engine Create method in endpoint class - Google App Engine Google Cloud sql and Google app engine Google App Engine for Java and Google Cloud Storage
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM