another topic: - which is the difference between filter the HTTP request and the <auth-constraint> in web.xml. I think it is the same. Am I right?
On Oct 6, 5:47 pm, Miguel <[email protected]> wrote: > Hi, > in the application I am developing I need to authenticate REST api- > calls that are used both from a real API point-of-view (the api-key > and the api-secret is passed on each call) and from the user-interface > (with OpenId and Java session). I am implementing this feature with > servlet filters. > > Some questions: > - each openid user has a "UserAccount" (stored in the DB) associated > with it needed to the REST calls. Do you think it is better to put > this information in the JSESSION or in the memcache? Is it true that > GAE manage the httpsession natively with memcache? The only > requirement to put instances on session/memcache is that they > implement the interface "Serializable", am I right? > > - which is the best way to pass this "UserAccount" from the filter to > the REST API (implemented with Jersey and Jackson)? I think with this: > request.setAttribute("userAccount", <the-instance-of-the-object- > retrieved>) > > - I would like to have a user authenticated as much as possible > (something like "remember me"), so I code this: > session.setMaxInactiveInterval(-1); > Is it enough? > I don't know if it is bug or I am wrong, but I noticed that if I > change the Google Account without logging-out to my web-application I > reamain logged with the previous one > > - I need also some information on the client-side (for example the > languages enabled). Do you think it is a good practice to store > something also on the client side with cookie? Or it is better to pass > all the information via REST api calls? At the moment the user- > interface makes this request each time to find out the informations > associated with the user: > /rest/useraccounts/me > > - Facebook login: I would like also to have the possibility to login > in my webapp with Facebook accounts. I read the documentation and I > found only a Javascript SDK. Have you experience in this argument? Is > it possible to wrap the Facebook login with a session? -- You received this message because you are subscribed to the Google Groups "Google App Engine for Java" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-appengine-java?hl=en.
