CS6320:  SW Engineering of Web Based Systems

 

GAE: Google Account Authentication --a way to restrict access --DOING IT WITH FRONT END

NOTE: you can do this in code also using UserService

 

  • Do this with configuration specification --- specify minimum level of a condition required to acess a resourse

 

In Java --- web.xml file

 

<security-constraint>
    <web-resource-collection>
        <web-resource-name>myaccount</web-resource-name>
        <url-pattern>/myaccount/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
        <role-name>*</role-name>
    </auth-constraint>
</security-constraint>

 

  • <web-resource-collection> = specifies URL pattern we are wanting to constrain
  • <auth-constraint> has <role-name> = gives the minimum level of authentication
        • <role-name> = *      this means any user not signed it they are redirect with the Google Accounts sign-in and authentication
        • <role-name> = admin     this means only a suer who is both signed in and registered developer for application can access the resource.

 


If a URL does not have an authentication constraint, then anyone can access the URL,
whether or not the client represents a signed-in user, and whether or not the app is set
to use a members-only access policy.

© Lynne Grewe