Jeff, thanks - i completly agree i don't want to recreate any level of authentication - i want users to authenticate via google. Instead of trying to descibe what i'm developing - I think the stockwatcher sample is a great example for what i'm trying to do since my app will have many users each with their own persistant data. The users have logged into a web ui running on the app engine and used the web interface to add some data after logging in with their google account, just like the tutorial where the stockwatchter is modified to use the user service
http://code.google.com/webtoolkit/tutorials/1.6/appengine.html I'd need to expose something like the AddStock Function in StockServiceImpl.java as a web method so other applications can add a stock to a users persistant datastore: public void addStock(String symbol) throws NotLoggedInException { checkLoggedIn(); PersistenceManager pm = getPersistenceManager(); try { pm.makePersistent(new Stock(getUser(), symbol)); } finally { pm.close(); } } The next step for me would be to allow other applications (other .net java etc) running on a pc, or web server etc to consume web services hosted on the app engine and, in our analogy, add a stock. Users need a way to insert data into persistant data stores connected to their google accounts from an app running outside the app engine environment. If i used Restlet to expose the above function as a REST Web Service, i don't see how getUser() function would work, or how the calling app would provide credentials in the code even if the user provided them in their client app. Really, i'm ok with all User Interfaces i develop running on the app engine and users logging in normally, but my users will need things like schedule tasks, windows services etc all feeding records into my app and my direction was to have users send that data into their own persistant data store. Maybe that is the wrong direction, i could create a data structure where users are issued a key code that uniquly identified them to the app - i'd like users to be isolated from eachother using the app engine user service...thanks for your help! Ben On Jun 8, 2009 7:10pm, "Jeff S (Google)" <[email protected]> wrote: > Hi Ben, > If at all possible it is a good idea to avoid requiring the user to enter > their Google Account username and password into your site or another > person's application. Injecting yourself as a middleman capable of > stealing a user's password generally does not inspire a lot of trust and > there are often ways to avoid needing their password. Your application > could issue a user an API token which could be used in requests, this > would be along the lines of OAuth (http://oauth.net/) or AuthSub > (http://code.google.com/apis/accounts/docs/AuthSub.html). > Alternately, the built in accounts API looks for a browser cookie to > determine who the current user is. If you included this cookie as an HTTP > header in the requests to the webserver, the users API would be able to > identify the user making the request. > How do you envision that the third party client applications will make > these web service requests? Will they be other websites, desktop client > applications? > Thank you, > Jeff > On Fri, Jun 5, 2009 at 11:16 AM, mscwd01 [email protected]> wrote: > I have implemented a RESTful web service using Restlet: > http://blog.noelios.com/2009/04/11/restlet-in-the-cloud-with-google-app-engine/ > It was fairly straightforward to set up. > Regarding your question about the client needing to specify the google > account credentials - this is a question i'd like the answer to. > Hope that helps. > On Jun 5, 5:08 pm, [email protected] wrote: > > I am seeing a lot of variations on this question where i think some > other > > people are getting stuck on this. I'm sorry my SOA expertise comes from > the > > world of .net that i've painfully extracted myself from. I know i'm > missing > > some basic info on SOA and Java - If anyone can help point me in the > right > > direction you'll save my weekend of research. > > > > I have my stockwatcher tutorial humming along and using the GWT and App > > Engine to use the user service and store lists of stocks based on the > > user's google account. For my example i want to add a web service to the > > project so someone out in Timbukto can have a WSDL and call a function > in > > the stockwatcher app to - say - add /remove stocks from their list using > > another UI. If this was .net, i'd add a .asmx file with a code behind > that > > did the work. and they would consume the url > http://myapp.appspot.com/service.asmx > > > > The client would need to provide google account credentials to the > service > > (right?) so they can work with the data object they entered using the > > normal GWT based web page running on appspot.com (ie their list of > stocks) > > Any help in going about added a web service to the stockwatcher example > and > > exposing some of the methods would be greatly appreciated. I'm deep into > > REST and RPC but fear i'm on the wrong track. > > > > - Ben > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en -~----------~----~----~----~------~----~------~--~---
