Java Reference
In-Depth Information
C H A P T E R 6
■ ■ ■
Authenticating Users
Nearly every web application nowadays requires user authentication of some sort,
whether it's simply to change your e-mail address or manage your stock portfolio.
Your application will be no different. You'll build out your authentication framework
to let users enter and view timecard entries—naturally, only for themselves.
Authentication with App Engine comes in two flavors. You can choose to plug
into Google's Accounts service (a.k.a Users service), or you can roll your own with
custom classes, tables, and memcache. Developing your own authentication
framework using memcache and sessions is fairly straightforward, but given the
simplicity of Google Accounts, no one seems to do it. For most cases it just doesn't
make sense to create a sign-up page, the ability to store user passwords, and add a
“forgot my password” function, when you can use Google's code instead. You might
want to make your own if you need to implement custom profiles and permissions,
but typically you can just plug into Google Accounts and mark this requirement off
your checklist. You'll get first-hand knowledge of the authentication functionality in
Google Accounts because you'll be implementing this service for your application
as well.
Introducing Google Accounts
Google Accounts is a mature and robust offering that currently boasts millions of
active users. App Engine easily ties into this service and offers a smooth and familiar
sign-in process for your users. There are cases when you may not want to use Google
Accounts, but it is a quick and easy way to get users up and running with your
application.
If your application is running under a Google Apps account, you can even use
these Accounts features with members of your organization, eliminating the need to
train users on how to create and manage their own accounts.
