Re: [appengine-java] Citical Security error in Accounts Java API: request.getUserPrincipal() gets wrong username/email
Yes, i implemented this already. I developped the widget in GAE in Java. There I used OAuth to authenticate against the gdata-api. Then I stored the combination of usern...@gappdomain.xxx and the OAuth accesskey in the GAE persistant storage. Everything works fine. So when i log in google apps the includes Gadget reads the logged in username (request.getUserPrincipal().getName() )) and searches with this username for the OAuth key. But than the problem: sometimes the username (request.getUserPrincipal().getName() ) is wrong, so i read the data (e.g. Contacts List) of the wrong user. So actuelly I don't need a solution for authentication but I need to know which user is actually really logged in to google apps. Any ideas? This should be a quite important topic for all developpers who want to enhance google apps with gae, isn' t it? thanks 2010/2/25 Ikai L (Google) ika...@google.com Probably OAuth, though I'm not sure how that will work with a gadget. In most places gadgets will include a user ID with the makeRequest. On Tue, Feb 23, 2010 at 12:23 PM, Thomas Schnocklake thomas.schnockl...@googlemail.com wrote: Thank you for your answer. So what would you suppose to use for authentication for a gadget that is places in google apps (e.g. gmail, google sites ) ? thanks thomas 2010/2/18 Ikai L (Google) ika...@google.com Yes, this seems to make sense. Being logged into Google Apps is independent of being logged into an App Engine application. They don't use the same cookie. App Engine's User service allows you to use Google logins, but not the Google Apps session. On Tue, Feb 16, 2010 at 3:29 AM, tsschnoc thomas.schnockl...@googlemail.com wrote: Hello, I use App Engine in my Google Apps domain and restricted the authentification of app engine to my apps domain. (see http://code.google.com/appengine/articles/auth.html ) I developed a widget and use this in multiple accounts of my google apps domain. When i switch from one account (of my apps domain) to the other, the former account is displayed in the widget (Java: request.getUserPrincipal().getName() ). So the gadget placed on my Google Apps Inbox displays data of a user different to the user logged in to google apps. I noticed that the problems goes away when i wait some minutes ( session expiration ?? ). see picture: http://picasaweb.google.com/lh/photo/QDcR2Lgk2xI2-UQ77BoGXw?feat=directlink -- You received this message because you are subscribed to the Google Groups Google App Engine for Java group. To post to this group, send email to google-appengine-j...@googlegroups.com. To unsubscribe from this group, send email to google-appengine-java+unsubscr...@googlegroups.comgoogle-appengine-java%2bunsubscr...@googlegroups.com . For more options, visit this group at http://groups.google.com/group/google-appengine-java?hl=en. -- Ikai Lan Developer Programs Engineer, Google App Engine http://googleappengine.blogspot.com | http://twitter.com/app_engine -- You received this message because you are subscribed to the Google Groups Google App Engine for Java group. To post to this group, send email to google-appengine-j...@googlegroups.com. To unsubscribe from this group, send email to google-appengine-java+unsubscr...@googlegroups.comgoogle-appengine-java%2bunsubscr...@googlegroups.com . For more options, visit this group at http://groups.google.com/group/google-appengine-java?hl=en. -- You received this message because you are subscribed to the Google Groups Google App Engine for Java group. To post to this group, send email to google-appengine-j...@googlegroups.com. To unsubscribe from this group, send email to google-appengine-java+unsubscr...@googlegroups.comgoogle-appengine-java%2bunsubscr...@googlegroups.com . For more options, visit this group at http://groups.google.com/group/google-appengine-java?hl=en. -- Ikai Lan Developer Programs Engineer, Google App Engine http://googleappengine.blogspot.com | http://twitter.com/app_engine -- You received this message because you are subscribed to the Google Groups Google App Engine for Java group. To post to this group, send email to google-appengine-j...@googlegroups.com. To unsubscribe from this group, send email to google-appengine-java+unsubscr...@googlegroups.comgoogle-appengine-java%2bunsubscr...@googlegroups.com . For more options, visit this group at http://groups.google.com/group/google-appengine-java?hl=en. -- You received this message because you are subscribed to the Google Groups Google App Engine for Java group. To post to this group, send email to google-appengine-j...@googlegroups.com. To unsubscribe from this group, send email to google-appengine-java+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-appengine-java?hl=en.
Re: [appengine-java] Citical Security error in Accounts Java API: request.getUserPrincipal() gets wrong username/email
Probably OAuth, though I'm not sure how that will work with a gadget. In most places gadgets will include a user ID with the makeRequest. On Tue, Feb 23, 2010 at 12:23 PM, Thomas Schnocklake thomas.schnockl...@googlemail.com wrote: Thank you for your answer. So what would you suppose to use for authentication for a gadget that is places in google apps (e.g. gmail, google sites ) ? thanks thomas 2010/2/18 Ikai L (Google) ika...@google.com Yes, this seems to make sense. Being logged into Google Apps is independent of being logged into an App Engine application. They don't use the same cookie. App Engine's User service allows you to use Google logins, but not the Google Apps session. On Tue, Feb 16, 2010 at 3:29 AM, tsschnoc thomas.schnockl...@googlemail.com wrote: Hello, I use App Engine in my Google Apps domain and restricted the authentification of app engine to my apps domain. (see http://code.google.com/appengine/articles/auth.html ) I developed a widget and use this in multiple accounts of my google apps domain. When i switch from one account (of my apps domain) to the other, the former account is displayed in the widget (Java: request.getUserPrincipal().getName() ). So the gadget placed on my Google Apps Inbox displays data of a user different to the user logged in to google apps. I noticed that the problems goes away when i wait some minutes ( session expiration ?? ). see picture: http://picasaweb.google.com/lh/photo/QDcR2Lgk2xI2-UQ77BoGXw?feat=directlink -- You received this message because you are subscribed to the Google Groups Google App Engine for Java group. To post to this group, send email to google-appengine-j...@googlegroups.com. To unsubscribe from this group, send email to google-appengine-java+unsubscr...@googlegroups.comgoogle-appengine-java%2bunsubscr...@googlegroups.com . For more options, visit this group at http://groups.google.com/group/google-appengine-java?hl=en. -- Ikai Lan Developer Programs Engineer, Google App Engine http://googleappengine.blogspot.com | http://twitter.com/app_engine -- You received this message because you are subscribed to the Google Groups Google App Engine for Java group. To post to this group, send email to google-appengine-j...@googlegroups.com. To unsubscribe from this group, send email to google-appengine-java+unsubscr...@googlegroups.comgoogle-appengine-java%2bunsubscr...@googlegroups.com . For more options, visit this group at http://groups.google.com/group/google-appengine-java?hl=en. -- You received this message because you are subscribed to the Google Groups Google App Engine for Java group. To post to this group, send email to google-appengine-j...@googlegroups.com. To unsubscribe from this group, send email to google-appengine-java+unsubscr...@googlegroups.comgoogle-appengine-java%2bunsubscr...@googlegroups.com . For more options, visit this group at http://groups.google.com/group/google-appengine-java?hl=en. -- Ikai Lan Developer Programs Engineer, Google App Engine http://googleappengine.blogspot.com | http://twitter.com/app_engine -- You received this message because you are subscribed to the Google Groups Google App Engine for Java group. To post to this group, send email to google-appengine-j...@googlegroups.com. To unsubscribe from this group, send email to google-appengine-java+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-appengine-java?hl=en.
Re: [appengine-java] Citical Security error in Accounts Java API: request.getUserPrincipal() gets wrong username/email
Thank you for your answer. So what would you suppose to use for authentication for a gadget that is places in google apps (e.g. gmail, google sites ) ? thanks thomas 2010/2/18 Ikai L (Google) ika...@google.com Yes, this seems to make sense. Being logged into Google Apps is independent of being logged into an App Engine application. They don't use the same cookie. App Engine's User service allows you to use Google logins, but not the Google Apps session. On Tue, Feb 16, 2010 at 3:29 AM, tsschnoc thomas.schnockl...@googlemail.com wrote: Hello, I use App Engine in my Google Apps domain and restricted the authentification of app engine to my apps domain. (see http://code.google.com/appengine/articles/auth.html ) I developed a widget and use this in multiple accounts of my google apps domain. When i switch from one account (of my apps domain) to the other, the former account is displayed in the widget (Java: request.getUserPrincipal().getName() ). So the gadget placed on my Google Apps Inbox displays data of a user different to the user logged in to google apps. I noticed that the problems goes away when i wait some minutes ( session expiration ?? ). see picture: http://picasaweb.google.com/lh/photo/QDcR2Lgk2xI2-UQ77BoGXw?feat=directlink -- You received this message because you are subscribed to the Google Groups Google App Engine for Java group. To post to this group, send email to google-appengine-j...@googlegroups.com. To unsubscribe from this group, send email to google-appengine-java+unsubscr...@googlegroups.comgoogle-appengine-java%2bunsubscr...@googlegroups.com . For more options, visit this group at http://groups.google.com/group/google-appengine-java?hl=en. -- Ikai Lan Developer Programs Engineer, Google App Engine http://googleappengine.blogspot.com | http://twitter.com/app_engine -- You received this message because you are subscribed to the Google Groups Google App Engine for Java group. To post to this group, send email to google-appengine-j...@googlegroups.com. To unsubscribe from this group, send email to google-appengine-java+unsubscr...@googlegroups.comgoogle-appengine-java%2bunsubscr...@googlegroups.com . For more options, visit this group at http://groups.google.com/group/google-appengine-java?hl=en. -- You received this message because you are subscribed to the Google Groups Google App Engine for Java group. To post to this group, send email to google-appengine-j...@googlegroups.com. To unsubscribe from this group, send email to google-appengine-java+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-appengine-java?hl=en.
[appengine-java] Citical Security error in Accounts Java API: request.getUserPrincipal() gets wrong username/email
Hello, I use App Engine in my Google Apps domain and restricted the authentification of app engine to my apps domain. (see http://code.google.com/appengine/articles/auth.html ) I developed a widget and use this in multiple accounts of my google apps domain. When i switch from one account (of my apps domain) to the other, the former account is displayed in the widget (Java: request.getUserPrincipal().getName() ). So the gadget placed on my Google Apps Inbox displays data of a user different to the user logged in to google apps. I noticed that the problems goes away when i wait some minutes ( session expiration ?? ). see picture: http://picasaweb.google.com/lh/photo/QDcR2Lgk2xI2-UQ77BoGXw?feat=directlink -- You received this message because you are subscribed to the Google Groups Google App Engine for Java group. To post to this group, send email to google-appengine-j...@googlegroups.com. To unsubscribe from this group, send email to google-appengine-java+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-appengine-java?hl=en.
