Reputation: 4636
Connecting to Admin secured webservice on App Engine from Java client
I've got a simple Java tool that I use for calling webservices on App Engine to help me with maintenance and management. I currently secure the pages by only allowing admin access using the web.xml file and
<security-constraint>
<web-resource-collection>
<web-resource-name>xxxxxx</web-resource-name>
<url-pattern>/xxxxxx</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
Which is fine when making calls from a browser as it goes through the authentication process, but if I want to access the page using a Java client what should my approach be?
Upvotes: 0
Views: 33
Answers (1)
Reputation: 41089
Typically, each of your requests must contain credentials that allow it to be executed. All requests without such credentials are rejected.
In the most simple form, you can include a client-secret - a long random string that is very hard to guess - with your requests. Your code will include this secret, while requests from outside won't know to include it.
For a more secure/robust implementation you may look at an existing library, but it may be too much for a simple tool.
Upvotes: 1
Related Questions
- How to authenticate programmatically to google app engine (with Java)?
- Java based Google App Engine, Android and authentication oauth2
- Google App Engine authentication using OAuth
- Google App Engine User API
- AppEngine WebService authentication handling
- Authenticating UserService FROM appengine
- Using Oauth to connect a Java application with a GAE application
- App engine authentication
- Configuring authentication for Google App Engine application
- Web site login in Java + Google App Engine