Problems with UserService on google app engine
Question
I am trying to write an application for google app engine that would be available only for myself. (I know it sounds strange..just for the time being) I am trying to write a Login servlet that would authenticate user using google's UserService and let the user into the app only if I login and would show a brief message prompting for logout for everyone else.
Here is the code I have written :
public class MainPageServlet extends HttpServlet {
public void doGet(HttpServletRequest req, HttpServletResponse resp)
throws IOException {
resp.setHeader("Cache-Control", "no-store, no-cache, must-revalidate");
resp.setContentType("text/html");
UserService userService = UserServiceFactory.getUserService();
User user = userService.getCurrentUser();
if (user != null) {
if(user.getEmail().equals("aaadith@gmail.com")) {
resp.getWriter().println("done");
}
else {
resp.getWriter().println("Hello, " + user.getNickname()+"<br>");
resp.getWriter().println("Thanks for your interest. But this application is still not available to everybody.");
resp.getWriter().println("<a href="+UserServiceFactory.getUserService().createLogoutURL(userService.createLoginURL(req.getRequestURI()))+">Log out</a>");
}
} else {
resp.sendRedirect(userService.createLoginURL(req.getRequestURI()));
}
}
}
The code related to "driving away" all other users works fine. But I am facing problems when I login : After I login, it shows the message "done" as expected. However, after this, if I open some other google service and logout from there and again invoke this servlet, it still shows the message "done". I had expected that the app would prompt me for login again..which is not happening..I thought its happening because the result is getting cached and so disabled caching(1st line in the method)...but the problem persists even after that..whats wrong? How do I get the expected behavior?
2 answers
solution1
2 ACCPTED
You don't. If you want the user to logout of your service, then they need to logout of your service (by you calling the logout method of UserManager). The fact that they share the username and password with other google services doesn't mean that logging out of those other services auto-logs them out of yours.
solution2
0
Im not so sure about this, but when you login the first time to "appengine" application, you have to grant the privileges to access your profile information (I think this is OAuth standard). You can limit this to number of days. After that, the page can automatically read your email, nick and google ID till the access right expires.
The way to go around this is to implement your own session mechanism and use google login just to retrieve userId (and from that your internal profile object) to start the session (aka. login).
If you then want to logout from your page only-you will just kill the session, and not logout from google user account
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.