Inside my servlets, this is how I authenticate user
UserService userservice=UserServiceFactory.getUserService();
User user = userservice.getCurrentUser();
if(user == null){
response.redirect(userservice.createLoginURL("../userhome"));
}
More recently, in the same project I used Google Cloud Endpoints with authentication to access data using a JS client. The JS client authorizes using Oauth
gapi.auth.authorize(...);
Although they belong to the same App Engine Project and share the same credentials, the servlet and JS client ask the user to sign in independent of each other - as if they were two different applications.
I want a single sign in for the whole application. How do I do this?
Here are some points:
It is important that you have authentication at both the levels. This is a good practice and does not leave your functionality open for execution without any authentication mechanism.
When you are doing the authentication on the client side, the whole authentication layer passes this
Userobject to your Google Cloud Endpoints code. So, it is good if you could inject theUserobject in your Cloud Endpoints method to extract out the information of the user and do your own authorization if needed.In summary, you are not really doing an authentication again at the Server side if you notice. You are only checking if the authentication is done or not and then proceeding forward.
来源:https://stackoverflow.com/questions/25211395/gae-user-api-with-oauth2