CODEWITHSUNDEEP
google-app-engine.htaccessjspservlets
Aashutosh Shrivastava
Aashutosh Shrivastava

Reputation: 399

how to create password protected web pages in google app engine

I am developing a website using jsp-servlet in google app engine. I want to secure some web pages from all the users that visit my site. So is there any way to password protect my web pages. I know it is easily done by htaccess in apache. Can htaccess work in google app engine? if Yes, please specify the process.

Upvotes: 0

Views: 4085

Answers (1)

Haldean Brown
Haldean Brown

Reputation: 12721

You can take advantage of the App Engine Users API. This allows users to log in to your app using their Google account. If you want to control who can get into what parts of your app, you could check the logged-in user's ID against a list of allowed users in your data store when they make a request to your servlet.

Edit:
You're not going to find a method exactly like using .htaccess files -- that's just not how App Engine works. You have code in your servlets that are responsible for rendering pages. In this code, you'll need to add a check to see if the user has access, but only for the pages that you'd like to check.

Here's a code sample, which I hope might clarify things. This is a slightly-modified version of the code at the link I sent you.

public class MySecretServlet extends HttpServlet {
    public void doGet(HttpServletRequest req, HttpServletResponse resp)
            throws IOException {
        UserService userService = UserServiceFactory.getUserService();
        resp.setContentType("text/html");

        if (req.getPathInfo().equals("/secret_page") {
            if (req.getUserPrincipal() != null && 
                req.getUserPrincipal().getUserId().equals("admin-id")) {
                // render your protected page here
            } else {
                resp.getWriter().println("<p>Please <a href=\"" +
                                         userService.createLoginURL(thisURL) +
                                         "\">sign in</a>.</p>");
            }
        } else {
            // render your unprotected content here
        }
    }
}

Alternatively, you can use the security constraint features in your web.xml file. You can find the documentation for those here. This is less flexible, though, as you can only change access rights between "everyone" and "admin-only".

Upvotes: 1

Related Questions