Class AppEngineInternalAuthenticationMechanism

  • All Implemented Interfaces:
    AuthenticationMechanism

    public class AppEngineInternalAuthenticationMechanism
    extends java.lang.Object
    implements AuthenticationMechanism
    Authentication mechanism which uses the X-AppEngine-QueueName header set by App Engine for internal requests.

    Task queue push task requests set this header value to the actual queue name. Cron requests set this header value to __cron, since that's actually the name of the hidden queue used for cron requests. Cron also sets the header X-AppEngine-Cron, which we could check, but it's simpler just to check the one.

    App Engine allows app admins to set these headers for testing purposes. Because of this, we also need to verify that the current user is null, indicating that there is no user, to prevent access by someone with "admin" privileges. If the user is an admin, UserService presumably must return a User object.

    See task handler request header documentation

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      AuthResult authenticate​(javax.servlet.http.HttpServletRequest request)
      Attempt to authenticate an incoming request.
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Constructor Detail

      • AppEngineInternalAuthenticationMechanism

        @Inject
        public AppEngineInternalAuthenticationMechanism​(com.google.appengine.api.users.UserService userService)
    • Method Detail

      • authenticate

        public AuthResult authenticate​(javax.servlet.http.HttpServletRequest request)
        Description copied from interface: AuthenticationMechanism
        Attempt to authenticate an incoming request.
        Specified by:
        authenticate in interface AuthenticationMechanism
        Parameters:
        request - the request to be authenticated
        Returns:
        the results of the authentication check; if the request could not be authenticated, the mechanism should return AuthResult.NOT_AUTHENTICATED