Spring Security is well-known for being highly customizable, so for my first attempt at working with Google App Engine, I decided to create a simple application which would explore the use of GAE features by implementing some core Spring Security interfaces. In this article we’ll see how to:
- Authenticate using Google Accounts.
- Implement “on-demand” authentication when a user accesses a secured resource.
- Supplement the information from Google Accounts with application-specific roles.
- Store user account data in an App Engine datastore using the native API.
- Setup access-control restrictions based on the roles assigned to users.
- Disable the accounts of specific users to prevent access.