Reputation: 10339
Problems with UserService on google app engine
I am trying to write an application for google app engine that would be available only for myself. (I know it sounds strange..just for the time being) I am trying to write a Login servlet that would authenticate user using google's UserService and let the user into the app only if I login and would show a brief message prompting for logout for everyone else.
Here is the code I have written :
public class MainPageServlet extends HttpServlet {
public void doGet(HttpServletRequest req, HttpServletResponse resp)
throws IOException {
resp.setHeader("Cache-Control", "no-store, no-cache, must-revalidate");
resp.setContentType("text/html");
UserService userService = UserServiceFactory.getUserService();
User user = userService.getCurrentUser();
if (user != null) {
if(user.getEmail().equals("[email protected]")) {
resp.getWriter().println("done");
}
else {
resp.getWriter().println("Hello, " + user.getNickname()+"<br>");
resp.getWriter().println("Thanks for your interest. But this application is still not available to everybody.");
resp.getWriter().println("<a href="+UserServiceFactory.getUserService().createLogoutURL(userService.createLoginURL(req.getRequestURI()))+">Log out</a>");
}
} else {
resp.sendRedirect(userService.createLoginURL(req.getRequestURI()));
}
}
}
The code related to "driving away" all other users works fine. But I am facing problems when I login : After I login, it shows the message "done" as expected. However, after this, if I open some other google service and logout from there and again invoke this servlet, it still shows the message "done". I had expected that the app would prompt me for login again..which is not happening..I thought its happening because the result is getting cached and so disabled caching(1st line in the method)...but the problem persists even after that..whats wrong? How do I get the expected behavior?
Upvotes: 4
Views: 2081
Answers (2)
Reputation: 2199
Im not so sure about this, but when you login the first time to "appengine" application, you have to grant the privileges to access your profile information (I think this is OAuth standard). You can limit this to number of days. After that, the page can automatically read your email, nick and google ID till the access right expires.
The way to go around this is to implement your own session mechanism and use google login just to retrieve userId (and from that your internal profile object) to start the session (aka. login).
If you then want to logout from your page only-you will just kill the session, and not logout from google user account
Upvotes: 0
Reputation: 28419
You don't. If you want the user to logout of your service, then they need to logout of your service (by you calling the logout method of UserManager). The fact that they share the username and password with other google services doesn't mean that logging out of those other services auto-logs them out of yours.
Upvotes: 2
Related Questions
- App Engine UserService calls in servlet throw thread exception - Eclipse java
- UserService.getCurrentUser() returns null
- GAE - cannot deploy gwt app which uses UserService
- UserService, OAuth, and AJAX in App Engine
- Access UserService from Google Cloud Endpoint
- How to login User using UserService on AppEngine Java
- Google App Engine User API
- Authenticating UserService FROM appengine
- UserService retrieves wrong user after logout
- Wiring a UserServiceFactory of Google AppEngine using Spring