i've learned that adding a web service to your
app engine based java app is very easy using restlet and this tutorial
(coming from the .net world - rest is very cool!)
*
http://wiki*.*restlet*.org/docs_1.2/13-*restlet*/275-*restlet*/*252*-*restlet*.pdf
the rest of my question deals with how to provide the correct information
when calling a rest web service to correctly identify the user.
When an outside app sends data in, or requests data out - they would need to
securely and correctly provide the google account the data is going to
belong to which would go into buidling a call to the user service on the app
engine side, so persistant data can be read and written to on the users
behalf. In other words, persistant stored object with a app engine user
services user object stored in it would need to be accessed with a jdo query
providing a "user == u" param. If a user loggs in interactivly via the web
site on AE that's a no brainer since we make them log in to their google
account and use the user service.
My best solution so far is to provide users who register on my app engine
site several long key codes and say - ok if you pass me these codes my app
will figure out your gmail account from there inside the app engine code -
but i'd rather they just authenticate with some token the generate on their
end.
i completly agree i don't want to recreate any level of
authentication - i want users to authenticate via google. Instead of trying
to descibe what i'm developing - I think the stockwatcher sample is a great
example for what i'm trying to do since my app will have many users each
with their own persistant data. The users have logged into a web ui running
on the app engine and used the web interface to add some data after logging
in with their google account, just like the tutorial where the
stockwatchter is modified to use the user service
http://code.google.com/webtoolkit/tutorials/1.6/appengine.html
I'd need to expose something like the AddStock Function in
StockServiceImpl.java as a web method so other applications can add a stock
to a users persistant datastore:
public void addStock(String symbol) throws NotLoggedInException {
checkLoggedIn();
PersistenceManager pm = getPersistenceManager();
try {
pm.makePersistent(new Stock(getUser(), symbol));
} finally {
pm.close();
}
}
The next step for me would be to allow other applications (other .net java
etc) running on a pc, or web server etc to consume web services hosted on
the app engine and, in our analogy, add a stock. Users need a way to insert
data into persistant data stores connected to their google accounts from an
app running outside the app engine environment. If i used Restlet to expose
the above function as a REST Web Service, i don't see how getUser()
function would work, or how the calling app would provide credentials in
the code even if the user provided them in their client app.
Really, i'm ok with all User Interfaces i develop running on the app engine
and users logging in normally, but my users will need things like schedule
tasks, windows services etc all feeding records into my app and my
direction was to have users send that data into their own persistant data
store. Maybe that is the wrong direction, i could create a data structure
where users are issued a key code that uniquly identified them to the app -
i'd like users to be isolated from eachother using the app engine user
service.