GAE Java 8: need urlfetch to communicate between modules

25 views
Skip to first unread message

Bob Evans

unread,
Apr 16, 2019, 10:34:29 PM4/16/19
to Google App Engine

Hi,

After a bunch of experimentation I had to revert to the urlfetch handler ( <url-stream-handler>urlfetch</url-stream-handler>) because calling our backends  failed with a 302 redirect error. With the urlfetch handler, it works.

This seems wrong. Please tell me how I should properly design this.

Current design (has been working for years):

Frontend module gets https request forwards it to a backend module using UrlConnection and the doNotFollowRedirects=false.
Backend module is marked in web.xml CONFIDENTIAL and locked to admin role. Also, it checks the header for X-Google-Inbound-Appid to match our project.

After upgrading, it stopped working and the backend module sends a 302 redirect. 

If I add the  <url-stream-handler>urlfetch</url-stream-handler> to the frontend appengine-web.xml then it works again.

It looks like the native httpconnection in java 8 does not send the X-Google-Inbound-Appid header either.

Overall, how should one properly configure a backend module in the Java 8 environment to receive frontend connections yet keep it inaccessible from external queries?

Thanks for any help.
Bob

Les Vogel

unread,
Apr 17, 2019, 12:36:10 PM4/17/19
to Google App Engine
[bcc: a googler]
Yes - we changed the behavior with the move to Java8 but left the work-a-round that you've found.  I don't believe the work-a-round will work w/ later versions of Java.

The current recommendation is that you create a JWT in one module and check it in the other.   See this Python example [rootdir].  I don't think there is a Java sample yet. (I saw the bug for it a few weeks ago).  

--
You received this message because you are subscribed to the Google Groups "Google App Engine" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-appengi...@googlegroups.com.
To post to this group, send email to google-a...@googlegroups.com.
Visit this group at https://groups.google.com/group/google-appengine.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-appengine/077f9644-1308-48a2-a805-26007b2e966d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


--

  •  Les Vogel
  •  Cloud Developer Relations
  •  le...@google.com
  •  +1-408-676-7023 

Reply all
Reply to author
Forward
0 new messages