Hi, in the application I am developing I need to authenticate REST api- calls that are used both from a real API point-of-view (the api-key and the api-secret is passed on each call) and from the user-interface (with OpenId and Java session). I am implementing this feature with servlet filters.
Some questions: - each openid user has a "UserAccount" (stored in the DB) associated with it needed to the REST calls. Do you think it is better to put this information in the JSESSION or in the memcache? Is it true that GAE manage the httpsession natively with memcache? The only requirement to put instances on session/memcache is that they implement the interface "Serializable", am I right? - which is the best way to pass this "UserAccount" from the filter to the REST API (implemented with Jersey and Jackson)? I think with this: request.setAttribute("userAccount", <the-instance-of-the-object- retrieved>) - I would like to have a user authenticated as much as possible (something like "remember me"), so I code this: session.setMaxInactiveInterval(-1); Is it enough? I don't know if it is bug or I am wrong, but I noticed that if I change the Google Account without logging-out to my web-application I reamain logged with the previous one - I need also some information on the client-side (for example the languages enabled). Do you think it is a good practice to store something also on the client side with cookie? Or it is better to pass all the information via REST api calls? At the moment the user- interface makes this request each time to find out the informations associated with the user: /rest/useraccounts/me - Facebook login: I would like also to have the possibility to login in my webapp with Facebook accounts. I read the documentation and I found only a Javascript SDK. Have you experience in this argument? Is it possible to wrap the Facebook login with a session? -- You received this message because you are subscribed to the Google Groups "Google App Engine for Java" group. To post to this group, send email to google-appengine-java@googlegroups.com. To unsubscribe from this group, send email to google-appengine-java+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-appengine-java?hl=en.