No, you won't be able to authenticate the second application once a user is logged into the first. If you think about the security issues here - and there are many - this is something that just won't work and won't be supported in the manner you have described.
One solution to the problem you have described may be to create your own authentication mechanism between your two applications. The User object does not contain that much information. The simplest authentication mechanism would be to use a shared secret, timestamp and hash the data being sent from one application to another over HTTPS. There are more sophisticated models of authentication, but that falls a bit out of scope of the discussion of Google App Engine. You'll want to use your favorite search engine to learn a bit about web security and secure communications in general if you go this route. On Thu, Jan 14, 2010 at 12:10 PM, Wouter <wouter.nie...@gmail.com> wrote: > Hi, > I have a question regarding Google cookies and REST security. I have > 2 > apps both running on GAE (java) where 1 application is a GWT based > app > which communicates with another app that is a REST (Restlet 2) based > that provides backend services. This works really good (especially > when using caching in the GWT app). My only problem is that my REST > application is currently not secured while my GWT application is > secured using a Google user id. How can i reuse the Google > authentication cookie(s) used in my GWT app to secure my REST app ? > Can I just add the google cookies to each REST request i make (using > HttpClient) or would that be to simple ? Any other thought on how to > secure my REST app are also welcome > regards > Wouter > > -- > You received this message because you are subscribed to the Google Groups > "Google App Engine for Java" group. > To post to this group, send email to > google-appengine-j...@googlegroups.com. > To unsubscribe from this group, send email to > google-appengine-java+unsubscr...@googlegroups.com<google-appengine-java%2bunsubscr...@googlegroups.com> > . > For more options, visit this group at > http://groups.google.com/group/google-appengine-java?hl=en. > > > > -- Ikai Lan Developer Programs Engineer, Google App Engine--
You received this message because you are subscribed to the Google Groups "Google App Engine for Java" group.
To post to this group, send email to google-appengine-j...@googlegroups.com.
To unsubscribe from this group, send email to google-appengine-java+unsubscr...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/google-appengine-java?hl=en.
