It's very easy to get authentication running on app engine for google accounts. I'm looking for the simplest way to only allow a specific set of accounts access to the page, more generally the resources (servlets, static files, etc). I would be perfectly happy with a hardcoded list of email names in web.xml. Or something similar in the java code. Flexility is not the priority. The context is a GWT+GAE application that only 3 users ever should have access to.
Thanks, Matyas
pseudo code might look like this for your login_required decorator.
def myuser_login_required(f):
def wrap(request, *args, **kwargs):
if not (user and user in ["allowedemail","andallowedemail"]):
return redirect()
return f(request, *args, **kwargs)
wrap.__doc__=f.__doc__
wrap.__name__=f.__name__
return wrap
If you are willing to give administration access to those users (given your security restrictions), you can add a security constraint for those resources. See the docs for further details. You can give them the viewer role, which is the one with less privileges. It also depends on how many users you want to add to that list.
