Engine app login redirection error

Question

Engine app login redirection error

On March 1, 2011, App Engine changed its login, breaking my app (see Google Groups post ). This issue also occurred on this stack Overflow question . Suggested Answers

"the application is doing a redirect. That is, createLoginUrl only works when the continue url is the application url. If you need the user to be sent to another application / host after logging in, then your application must do this redirect."

and

"set up a redirect handler in your own application. continue and send the final redirect to your actual target."

I am asking this question to get details on how to make this work. My app consists of two GAE apps, a GWT front end and a back end displaying the REST API. Here is the current stream.

User browses http://my-front.appspot.com/ and GWT makes JSONP calls http://my-back.appspot.com/User servlet.

The / User servlet checks the GAE UserServiceFactory.getUserService (). GetCurrentUser () to find out zero. For non-logged in users, this value is null and the servlet returns JSONP to prevent the user from logging in.

The GWT code receives a "not logged in" message and executes

String login = "http://my-back.appspot.com/Login";
Window.open(login, "_self", "");

Login Servlet:

public void doActualGet(HttpServletRequest req, HttpServletResponse resp) 
    throws ServletException, IOException {

    UserService userService = UserServiceFactory.getUserService();
    String url = "http://my-back.appspot.com/LoginRedirectServlet";
    // String url ="http://my-front.appspot.com";  <--------- Before 1 March
    log.info("Auth then redirect to: " + url);
    String redirect = userService.createLoginURL(url);
    resp.setStatus(301);
    resp.setHeader("Location", redirect);
    resp.setHeader("Connection", "close");
}

My new LoginRedirectServlet has one line:

resp.sendRedirect("http://my-front.appspot.com/");

This usually results in a redirect loop, although sometimes it works after hitting the start URL multiple times. My suspicion is that there is something wrong in the code around Window.open, but I am open to all suggestions.

Thanks Glenn

+1

authentication rest google-app-engine restful-authentication gwt

Glenn 27 Mar 11 at 18:50

source to share

2 answers

Try using Window.Location.assign(url)

instead Window.open(..)

.

Update:

Possible problem: redirecting 301 caches of the browser (e.g. Chrome). Since your Login servlet is doing a redirect, and if caching, it will loop. Try using a different redirect code: 302 or 307.

0

Peter knego 27 Mar 11 at 21:01

source to share

Glenn · Accepted Answer · 2011-03-30T03:32:02+0000

Credit from Nick Johnson for nagging about a dual-app architecture. I never liked it. I translated war / MyFront.html and the compiled GWT code to war / myfront / into the myback project war file, changed all urls to the form http://my-back.appspot.com/ and deployed. It worked!

It's easy to hack, but it proves the principle.

Engine app login redirection error

More articles: