How to authorize a compute engine to access a secured servlet in app engine?

Question

I deployed a jar file in a compute engine, this jar file trying to access a servlet deployed in app-engine with this details:

servlet path: https:/pathToAppEngine/tasks/sendMail

and its secured by this:

<security-constraint>
<web-resource-collection>
<web-resource-name>my-tasks</web-resource-name>
<url-pattern>/tasks/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>

And the compute engine is linked to a service account with owner privileges And both app-engine and compute engine instance are within the same google project

as a result, whenever this jar file (in compute engine) try to access this servlet (in app engine) it shows the google login page.

And if I removed the security from this servlet then it can be accessed easily from that jar file

so how can I authorize this compute engine to access this secured servlet in app-engine plz?

score 0 · Answer 1 · answered Feb 28 '18 at 10:49

I believe the behaviour you are seeing right now is expected, as the <security-constraint> enforces authentication for Google Accounts which requires a Google Account or G Suite Domain.

You might want to look at the Endpoins Auth documentation instead of using <security-constraint> if you will be using a service account authenticating these requests.

Also, you could create you own logic in your App Engine code and add an API key or your own auth string to your request.

GET https://application.com/endpoint&key=###

you could always obfuscate the key.

Lastly, you could also implement your own auth logic when sending the request from the compute engine instance to App Engine.c cheers

How to authorize a compute engine to access a secured servlet in app engine?

1 Answers1