Hi,
in the application I am developing I need to authenticate REST api-
calls that are used both from a real API point-of-view (the api-key
and the api-secret is passed on each call) and from the user-interface
(with OpenId and Java session). I am implementing this feature with
servlet filters.
Some questions:
- each openid user has a "UserAccount" (stored in the DB) associated
with it needed to the REST calls. Do you think it is better to put
this information in the JSESSION or in the memcache? Is it true that
GAE manage the httpsession natively with memcache? The only
requirement to put instances on session/memcache is that they
implement the interface "Serializable", am I right?
- which is the best way to pass this "UserAccount" from the filter to
the REST API (implemented with Jersey and Jackson)? I think with this:
request.setAttribute("userAccount", <the-instance-of-the-object-
retrieved>)
- I would like to have a user authenticated as much as possible
(something like "remember me"), so I code this:
session.setMaxInactiveInterval(-1);
Is it enough?
I don't know if it is bug or I am wrong, but I noticed that if I
change the Google Account without logging-out to my web-application I
reamain logged with the previous one
- I need also some information on the client-side (for example the
languages enabled). Do you think it is a good practice to store
something also on the client side with cookie? Or it is better to pass
all the information via REST api calls? At the moment the user-
interface makes this request each time to find out the informations
associated with the user:
/rest/useraccounts/me
- Facebook login: I would like also to have the possibility to login
in my webapp with Facebook accounts. I read the documentation and I
found only a Javascript SDK. Have you experience in this argument? Is
it possible to wrap the Facebook login with a session?
--
You received this message because you are subscribed to the Google Groups
"Google App Engine for Java" group.
To post to this group, send email to google-appengine-java@googlegroups.com.
To unsubscribe from this group, send email to
google-appengine-java+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/google-appengine-java?hl=en.
