Java Reference
In-Depth Information
<security-constraint>
<web-resource-collection>
<url-pattern>/private/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
■
Note
Users must be signed in to your application before being granted access. If a user has signed in
to a different application using a Google account, they are not authorized to access your application.
Users API
The Users API consists of a UserService, a User object, and a UserServiceFactory that
creates a new UserService. Methods for the service and User object are described in
Tables 6-1 and 6-2. In addition to the Users API, you can use the standard Servlet API
and access the request object's
getUserPrincipal()
method to determine if the user
has logged in with his Google account. The servlet can also access a user's e-mail
address with
getUserPrincipal.getName().
According to the documentation, App Engine supports storing the User object in
Bigtable as its own special data type, however it does caution against using it as a
stable identifier. You can add entities to the data store that contain a User object but
querying with these identifiers returns no results. Google says that it may update this
service to utilize this user type, but for now your best practice is to persist the user's
e-mail address instead.
Table 6-1. Methods in the UserService class
Method
Description
createLoginURL
Returns a URL that can be used to display a login page to
the user.
createLogoutURL
Returns a URL that can be used to log the current user out
of this application.
