Google AppEngine:自定义身份验证

时间:2011-07-15 18:09:44

标签: java security google-app-engine authentication

我可以使用Google帐户在AppEngine中对用户进行身份验证的方式非常棒。

但是,我需要使用自定义身份验证登录系统

我将有一个AppUsers表,包含用户名和加密密码。

我阅读了有关gae会话的内容,但我需要有关启动应用安全性的帮助。

如何跟踪经过身份验证的用户会话?设置cookie?

初学者。

1 个答案:

答案 0 :(得分:6)

你可以使用cookie来实现......真的不是那么难。您可以使用cookie来跟踪用户的身份验证,并将会话密钥存储在gae数据存储区中。

有一个例子(它只显示基本思路,我不保证代码可以直接使用)

基本用户表:

# simply add an property to store the session key
class User(db.Model):    
    username = db.StringProperty()
    password = db.StringProperty()
    session = db.StringProperty()

登录功能

# Do the following step:
# 1. make sure user provide correct username and password
# 2. generate a random session key 
# 3. store the session key to datastore
# 4. set the session key and user name in cookie
class LoginAPI( Webapp.RequestHandler ):   
    def get(self):
        username = self.getVar( 'username', username )
        password = self.getVar( 'password', password )

        user = User.all().filter("username = ", username).get()
        password = encrypted_the_password(password) # encrypted your password with your own method!

        if user.password == password:
             # User login successfually
             session = generate_random_session_key() # generate your session key here
             user.session = session
             user.put()

             expires_time = decide_your_expires_time() # decide how long the login session is alive.
             cookie_time_format = "%a, %d-%b-%Y %H:%M:%S GMT"
             expires_datetime = datetime.datetime.fromtimestamp(expires_time)

             # set cookie as session
             self.response.headers.add_header( "Set-Cookie", "user=%s; expires=%s; path=/" % ( user.username,expires_datetime.strftime( cookie_time_format ) ) )
             self.response.headers.add_header( "Set-Cookie", "session=%s; expires=%s; path=/" % ( user.session, expires_datetime.strftime( cookie_time_format ) ) )
        else:
             #User login failed
             pass

退出功能

# Remove the previous cookie info 
class LoginAPI( Webapp.RequestHandler ):
        def get(self):
            # remove the cookie
            self.response.headers.add_header( "Set-Cookie", "user=%s; expires=%s; path=/" % ( "",expires_datetime.strftime( cookie_time_format ) ) )
            self.response.headers.add_header( "Set-Cookie", "session=%s; expires=%s; path=/" % ( "", expires_datetime.strftime( cookie_time_format ) ) )

当您需要用户登录时

# Get the session info from cookie. If the session info match the info stored in datastore
# Then user authenticate successfully.
class SomePage(Webapp.RequestHandler):
    def get(self):
        # get cookie info
        username_from_cookie = self.request.cookies.get("user", "")
        session_from_cookie = self.request.cookies.get("session", "")

        if username_from_cookie and session_from_cookie:
            user = User.all().filter("username = ", username_from_cookie).get()
            if user.session == session_from_cookie:
                # the user is login correctly
                pass
            else:
                # the user is not login
                pass
        else:
            # the user is not login
            pass
相关问题
最新问题