Ok, thanks for the answer. The solution you describe was my alternative if this would not work.
Thanks! On Jan 20, 11:00 pm, "Ikai L (Google)" <[email protected]> wrote: > No, you won't be able to authenticate the second application once a user is > logged into the first. If you think about the security issues here - and > there are many - this is something that just won't work and won't be > supported in the manner you have described. > > One solution to the problem you have described may be to create your own > authentication mechanism between your two applications. The User object does > not contain that much information. The simplest authentication mechanism > would be to use a shared secret, timestamp and hash the data being sent from > one application to another over HTTPS. There are more sophisticated models > of authentication, but that falls a bit out of scope of the discussion of > Google App Engine. You'll want to use your favorite search engine to learn a > bit about web security and secure communications in general if you go this > route. > > > > > > On Thu, Jan 14, 2010 at 12:10 PM, Wouter <[email protected]> wrote: > > Hi, > > I have a question regarding Google cookies and REST security. I have > > 2 > > apps both running on GAE (java) where 1 application is a GWT based > > app > > which communicates with another app that is a REST (Restlet 2) based > > that provides backend services. This works really good (especially > > when using caching in the GWT app). My only problem is that my REST > > application is currently not secured while my GWT application is > > secured using a Google user id. How can i reuse the Google > > authentication cookie(s) used in my GWT app to secure my REST app ? > > Can I just add the google cookies to each REST request i make (using > > HttpClient) or would that be to simple ? Any other thought on how to > > secure my REST app are also welcome > > regards > > Wouter > > > -- > > You received this message because you are subscribed to the Google Groups > > "Google App Engine for Java" group. > > To post to this group, send email to > > [email protected]. > > To unsubscribe from this group, send email to > > [email protected]<google-appengine-java%2B > > [email protected]> > > . > > For more options, visit this group at > >http://groups.google.com/group/google-appengine-java?hl=en. > > -- > Ikai Lan > Developer Programs Engineer, Google App Engine
-- You received this message because you are subscribed to the Google Groups "Google App Engine for Java" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-appengine-java?hl=en.
