Thursday, November 19, 2009

Web Services On Google App Engine

i've learned that adding a web service to your
app engine based java app is very easy using restlet and this tutorial
(coming from the .net world - rest is very cool!)

the rest of my question deals with how to provide the correct information
when calling a rest web service to correctly identify the user.

 When an outside app sends data in, or requests data out - they would need to
securely and correctly provide the google account the data is going to
belong to which would go into buidling a call to the user service on the app
engine side, so persistant data can be read and written to on the users
behalf.  In other words, persistant stored object with a app engine user
services user object stored in it would need to be accessed with a jdo query
providing a "user == u" param. If a user loggs in interactivly via the web
site on AE that's a no brainer since we make them log in to their google
account and use the user service.

My best solution so far is to provide users who register on my app engine
site several long key codes and say - ok if you pass me these codes my app
will figure out your gmail account from there inside the app engine code -
but i'd rather they just authenticate with some token the generate on their

i completly agree i don't want to recreate any level of  
authentication - i want users to authenticate via google. Instead of trying  
to descibe what i'm developing - I think the stockwatcher sample is a great  
example for what i'm trying to do since my app will have many users each  
with their own persistant data. The users have logged into a web ui running  
on the app engine and used the web interface to add some data after logging  
in with their google account, just like the tutorial where the  
stockwatchter is modified to use the user service
I'd need to expose something like the AddStock Function in as a web method so other applications can add a stock  
to a users persistant datastore:
public void addStock(String symbol) throws NotLoggedInException {
PersistenceManager pm = getPersistenceManager();
try {
pm.makePersistent(new Stock(getUser(), symbol));

} finally {

The next step for me would be to allow other applications (other .net java  
etc) running on a pc, or web server etc to consume web services hosted on  
the app engine and, in our analogy, add a stock. Users need a way to insert  
data into persistant data stores connected to their google accounts from an  
app running outside the app engine environment. If i used Restlet to expose  
the above function as a REST Web Service, i don't see how getUser()  
function would work, or how the calling app would provide credentials in  
the code even if the user provided them in their client app.

Really, i'm ok with all User Interfaces i develop running on the app engine  
and users logging in normally, but my users will need things like schedule  
tasks, windows services etc all feeding records into my app and my  
direction was to have users send that data into their own persistant data  
store. Maybe that is the wrong direction, i could create a data structure  
where users are issued a key code that uniquly identified them to the app -  
i'd like users to be isolated from eachother using the app engine user  

No comments:

Post a Comment