AppEngine Plugin

Allow user to enable https and set role-based access permissions ( basic or admin )

Details

  • Type: Improvement Improvement
  • Status: Closed Closed
  • Priority: Major Major
  • Resolution: Fixed
  • Affects Version/s: None
  • Fix Version/s: None
  • Component/s: None
  • Labels:
    None
  • Patch Submitted:
    Yes

Description

The attached patch lets you define the following properties in your config files:

google.appengine.sessionEnabled = true // default true
google.appengine.enableSsl = true // default true
google.appengine.security.useHttps = ["/secure", "/shoppingcart/*", "/admin"]
google.appengine.security.requireAdmin = ["/admin", "/notsecuredadmin"]
google.appengine.security.requireLogin = ["/admin", "/", "/yabbadabbadoo"]

Based on these definitions, it will provide access control for the google app engine ( like JSecurity / Spring Security ) based on the Google App Engine's security model.

Given that App Engine only allows * and admin roles ( star means the user needs to be logged in, admin means the person needs to be an application admin ), there is no need for more robust declaration of roles.

useHttps in the .appspot.com domain will redirect to https://appname.appspot.com

more on google app engine security here : http://code.google.com/appengine/docs/java/config/webxml.html#Security_and_Authentication

Activity

Ascending order - Click to sort in descending order
Hide
Permalink
Marcel Overdijk added a comment - - edited

Yes, a DSL to secure url's based on the Google Accounts API would be very welcome.

Show
Marcel Overdijk added a comment - - edited Yes, a DSL to secure url's based on the Google Accounts API would be very welcome.
Hide
Permalink
Graeme Rocher added a comment -

Thanks for the patch

Show
Graeme Rocher added a comment - Thanks for the patch
Hide
Permalink
Marcel Overdijk added a comment -

I have no patch but maybe add something to the controller:

def secure = "*" or // requires login
def secure = "admin" // requires admin login

This as alternative/addition to:

google.appengine.security.requireAdmin = ["/admin", "/notsecuredadmin"]
google.appengine.security.requireLogin = ["/admin", "/", "/yabbadabbadoo"]

I'm not opening the issue, but what do you think?

Show
Marcel Overdijk added a comment - I have no patch but maybe add something to the controller: def secure = "*" or // requires login def secure = "admin" // requires admin login This as alternative/addition to: google.appengine.security.requireAdmin = ["/admin", "/notsecuredadmin"] google.appengine.security.requireLogin = ["/admin", "/", "/yabbadabbadoo"] I'm not opening the issue, but what do you think?

People

Vote (1)
Watch (1)

Dates

  • Created:
    Updated:
    Resolved:
Atlassian JIRA (v4.4.1#660-r161644) | Report a problem
Powered by a free Atlassian JIRA open source license for Grails project. Try JIRA - bug tracking software for your team.