GAE Newbie question - User Login page

[Jimin Park]

I am new to the web application development and recently ventured on a journey to build one (was not aware of the servlets prior to this so I am really new). I am stuck on creating the log-in page using OpenID.

If I want every single page to require the user to be logged in to even view, how would I achieve this using servlets? Would I be putting in user login status at the beginning of doGet() of all servlets and if the user is not logged in, redirect to the log-in page and redirect back to the servlet? This seems like some boiler-plate code, is there some kind of configuration I can do to achieve the same thing easily?

Also, I do appreciate Google's openID documentation, it is not detailed enough for me to understand how the work flow is in this framework. Is there a helpful tutorial site anyone knows? Had not much luck in google searches either...

Thanks guys!

[Alejandro González Rodrigo]

Hello,

There is a lot of ways of doing and securing your application.

GAE has an UserService and easy tutorials the get it rolling. You have security constrains as well, that can secure the urls you want and the only thing you need is to define them in your web.xml

To secure services i would use Filters rather than implementing the security in each servlet doGet/doPost, this way you have all security centralized and the same for all servlets calls.

Cheers!

[Vinny P]

On Wed, Aug 7, 2013 at 12:10 PM, Jimin Park <jimin...@gmail.com> wrote:

This seems like some boiler-plate code, is there some kind of configuration I can do to achieve the same thing easily?

 

 

You're right, login/logout is boilerplate code.  If you would prefer not to use Google's built-in Users service, you can use a framework such as Spring: http://www.springsource.org/features  (click on Spring Security). Here's a tutorial for it: http://krams915.blogspot.se/2011/02/spring-security-3-openid-login-with_13.html

 

On Wed, Aug 7, 2013 at 12:10 PM, Jimin Park <jimin...@gmail.com> wrote:

If I want every single page to require the user to be logged in to even view, how would I achieve this using servlets? Would I be putting in user login status at the beginning of doGet() of all servlets and if the user is not logged in, redirect to the log-in page and redirect back to the servlet?

 

 

The code doesn't have to be very complicated. Just check with UserService.isUserLoggedIn() to see if the user's logged in, redirect to a login page if not, and then redirect back when the user's logged in (redirects can be handled by using resp.sendRedirect("url") ).

 

 

On Wed, Aug 7, 2013 at 12:10 PM, Jimin Park <jimin...@gmail.com> wrote:

Also, I do appreciate Google's openID documentation, it is not detailed enough for me to understand how the work flow is in this framework. Is there a helpful tutorial site anyone knows? Had not much luck in google searches either...

 

 

For a good general overview of OpenID, try http://openidexplained.com/ 

 

 

-----------------

-Vinny P

Technology & Media Advisor

Chicago, IL

App Engine Code Samples: http://www.learntogoogleit.com

 

[Satyarao Kambapu]

Hi Vinny,

    I am not much aware of this project, but I can suggest you with helpful link, please look at once.

Shiro on GAE.

If you are looking for both authentication and authorization OAuth2.0 API will help you better, I think.

--
You received this message because you are subscribed to the Google Groups "Google App Engine" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-appengi...@googlegroups.com.
To post to this group, send email to google-a...@googlegroups.com.
Visit this group at http://groups.google.com/group/google-appengine.
For more options, visit https://groups.google.com/groups/opt_out.

--
Satya

[Vinny P]

On Mon, Aug 12, 2013 at 12:56 AM, Satyarao Kambapu <saty...@veersoftsolutions.com> wrote:

Hi Vinny,

    I am not much aware of this project, but I can suggest you with helpful link, please look at once.

Shiro on GAE.

If you are looking for both authentication and authorization OAuth2.0 API will help you better, I think.

 

 

For the record, you're answering the wrong person. I didn't ask this question, Mr. Park did ( https://groups.google.com/d/msg/google-appengine/-JWSl_fioiA/IYdwwdGbM3gJ ).

 

Secondly, the OP asked for OpenID authentication specifically, and Apache Shiro's OpenID support is not quite production-ready. See https://issues.apache.org/jira/browse/SHIRO-21 for the open issue, and http://grails.org/plugin/shiro-openid for the beta OpenID support.