Configuring authentication for Google App Engine application

Question

I have a very basic question caused by either lack of experience or lack of documentation (or both).

I'm developing application for GAE/J. I want only certain users can log in and only with their gmail accounts (i.e. admin should have a possibility to list gmail accounts and only those users can work with the application).

So, I have doubts in:

1) Should I implement functionality for admin appointment or google has already done it for me and I'll be able to configure it after deployment?

2) Almost the same doubts about users: should I provide functionality (web interface) for adding/removing users or google has already done it for me too and it's configurable somewhere in configuration console after deployment?

Thanks!

upd: I know about UserService class and its method isUserAdmin() but I can't figure out what should happen for user become an admin?

Answer 1

A few points which will hopefully answer your question(S):

1. When you create your application you can specify which types of accounts you want. You can choose any Google Accounts or set it to be GoogleApps specific.
2. In the application configuration, you can specify if a route is only accessible by the admins, an authenticated user, or by anyone.
3. There is no pre-built in administration of users, other then admins.
4. You can specify admins by adding them to the permissions section of the application dashboard.
5. UserService.isUserAdmin() will return True if the user is in the permissions list of your application (as per #4).

In short, if you want users to have specify access to certain routes, you'll have to develop that yourself.

For more information see: http://code.google.com/appengine/docs/java/config/webxml.html#Security_and_Authentication