Sessions enabled - do we have to clean them up ourselves? - google-app-engine

When we turn sessions on in google app engine like:
// appengine-web.xml
<sessions-enabled>true</sessions-enabled>
does app engine automatically clean up expired sessions, or do we have to do it ourselves? After turning them on, I see in the datastore that some entries are being generated like _ah_session, I'm wondering if those are them?
Thanks

Yes those are the session entries. Google's app engine documentation includes the following:
The implementation creates datastore entities of the kind _ah_SESSION, and memcache entries using keys with a prefix of _ahs.
(http://code.google.com/appengine/docs/java/config/appconfig.html)
As for cleaning up session data. I found the following 2 discussions:
http://groups.google.com/group/google-appengine-java/browse_thread/thread/4f0d9af1c633d39a
http://www.mail-archive.com/google-appengine-java#googlegroups.com/msg01372.html
HTH,
Steve

From Cleaning Up Expired Sessions From App Engine Datastore:
You need to configure the cleanup servlet provided by Google to be run regularly. Note: the servlet cleans at most 100 entries at time. Be sure to decide how often do you need this to be called and determine the interval as appropriate to you.
In web.xml:
<web-app...>
<servlet>
<servlet-name>_ah_sessioncleanup</servlet-name>
<servlet-class>com.google.apphosting.utils.servlet.SessionCleanupServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>_ah_sessioncleanup</servlet-name>
<url-pattern>/_ah/sessioncleanup</url;-pattern>
</servlet-mapping>
<security-constraint>
<web-resource-collection>
<web-resource-name>session-cleanup</web-resource-name>
<url-pattern>/_ah/sessioncleanup</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
...
</web-app>
And in cron.xml:
<cronentries>
<cron>
<url>/_ah/sessioncleanup?clear</url>
<description>Clean up sessions</description>
<schedule>every 15 minutes</schedule>
</cron>
...
</cronentries>

Related

Does RemoteApiOption method useServiceAccountCredential works with P12 file?

Does useServiceAccountCredential works with P12 file. I am trying to use it in Java and get error com.google.appengine.repackaged.com.google.api.client.http.HttpResponseException‌​: 302 Found
Yes it does. You need to have an AppEngine app serving the remote API. E.g., you would have a python app, with the following lines in app.yaml:
- url: /remoteapi.*
script: google.appengine.ext.remote_api.handler.application
Or java app with the following in web.xml:
<servlet>
<display-name>Remote API Servlet</display-name>
<servlet-name>RemoteApiServlet</servlet-name>
<servlet-class>com.google.apphosting.utils.remoteapi.RemoteApiServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>RemoteApiServlet</servlet-name>
<url-pattern>/remote_api</url-pattern>
</servlet-mapping>
Please note that depending on your client, it might call a bit different url, e.g. /remote_api
Also, if you have deployed the AppEngine app in a module, take that into account in the client code, you would have:
RemoteApiOptions raoptions = new RemoteApiOptions()
.server("my-module-dot-my-project.appspot.com", 443)
.useServiceAccountCredential("my-service-account-id", "my-p12-file.p12");
RemoteApiInstaller installer = new RemoteApiInstaller();
installer.install(raoptions);
Hope that helps!

Email bouncing when sending mail to appengine

I have set up appengine to allow incoming mail, and if I have my web.xml file with
<servlet>
<servlet-name>mailhandler</servlet-name>
<servlet-class>VerifyReply</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>mailhandler</servlet-name>
<url-pattern>/_ah/mail/*</url-pattern>
</servlet-mapping>
<security-constraint>
<web-resource-collection>
<url-pattern>/_ah/mail/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
it works and runs the VerifyReply servlet, but if I want to limit incoming emails to only those sent to the verifyreply#... email address with (notice the url-pattern is different than above)
<servlet>
<servlet-name>mailhandler</servlet-name>
<servlet-class>VerifyReply</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>mailhandler</servlet-name>
<url-pattern>/_ah/mail/v*</url-pattern>
</servlet-mapping>
<security-constraint>
<web-resource-collection>
<url-pattern>/_ah/mail/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
it stops working and I get an email bounce back to the sender. My logs page shows the server ran /_ah/mail/verifyreply#... but it doesn't run the servlet and bounces the email.
Any ideas, I think I am following the guide at https://developers.google.com/appengine/docs/java/mail/receiving
According to the docs, filtering on address is not supported:
When App Engine moved to a standard Java Web Server, the ability to specify richer matching patterns was lost (e.g. one used to be able to specify a url-pattern like /_ah/mail/support*). If such pattern matching is desired, consider using a filter-based approach based on the following code snippets.
It would consider it a bug that specifying the full address does work. The page contains an example on how to do address matching in a mail handler filter (a filter in the servlet sense). You should match the address there and return a 404 if you do not want to accept the message. Or you can just ignore messages you don't want if you don't care about bouncing them.

BlobStore Redirects being ignored by ServletModule wired servlets

After the blobstore handles the upload request of a file it redirects to the url it is given, in this case "/upload". If I configure the UploadServlet url in web.xml like this:
<servlet>
<servlet-name>uploadServlet</servlet-name>
<servlet-class>com.....servlet.UploadServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>uploadServlet</servlet-name>
<url-pattern>/upload</url-pattern>
</servlet-mapping>
It works. If I use Guice to wire the servlet:
serve("/upload").with(UploadServlet.class);
I get the error:
Problem accessing /upload. Reason:NOT_FOUND
It seems as though the com.google.inject.servlet.ServletModule does not handle redirects. Is there a way around this?
I have struggled with the same issue myself today. This solved my problem and may be related:
https://groups.google.com/forum/#!topic/google-appengine-java/oqfvEmZGrdw
In dev mode, the blobstore service uses
RequestDispatcher.forward() rather than an HTTP request:
<filter-mapping>
<filter-name>guiceFilter</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<filter-mapping>
<filter-name>guiceFilter</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>FORWARD</dispatcher>
</filter-mapping>
Of course, may be too late for you but for others it might help :-)

Require user login in GWT with web.xml

I develop an application with GAE and GWT where the user has to be logged in with his Google Account when he access the site. So I defined the following in the web.xml file...
<security-constraint>
<web-resource-collection>
<url-pattern>/index.html</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
</security-constraint>
When I'm running the local dev server I get promted with the test login-screen when I open the app the first time, but when I deploy it, I directly come to my application without any authentication.
First I thought, that could be, because I'm already logged in to other Google services, but I tried it in other browsers and in incognito mode too.
I would suggest trying one is to use the URL pattern to * so that all your resources are secure and secondly addind web-resource-name tag to "all" value, as shown in code snippet below.
And I am assuming you already have servlet mapping to service etc
<security-constraint>
<web-resource-collection>
<web-resource-name>all</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
</security-constraint>

Setting up App Engine to receive email addresses with ids in the address

I am writing an App Engine app that is supposed to receive emails in this form:
addcontact.someID#my-app.appspotmail.com (someID is an alphanumeric ID that I generate).
I have this in my web.xml thinking it would catch emails that start
with 'addcontact.':
<servlet>
<servlet-name>addNewContactServlet</servlet-name>
<servlet-class>com.mycompany.server.AddNewContactServlet</servlet-
class>
</servlet>
<servlet-mapping>
<servlet-name>addNewContactServlet</servlet-name>
<url-pattern>/_ah/mail/addcontact.*</url-pattern>
</servlet-mapping>
However, both on my dev machine and on google's servers email is not
received. On the dev machine I get this message (I get a similar error
in the deployed log)
Message send failure
HTTP ERROR 404
Problem accessing /_ah/mail/
addcontact.z1vnq3p2bvtfsuzbxg13sfon#myapp.appspotmail.com.
Reason:
NOT_FOUND
I can receive email at fully specified addresses or when I use /_ah/mail/*
The google documentation made me believe it was possible to include partial email addresses in web.xml. Am I not using the wildcard correctly? Does the period have something to do with it? Can this be done somehow?
The reason why I think it should work is the google docs at: http://code.google.com/appengine/docs/java/mail/receiving.html
In it there is this example web.xml file:
<servlet>
<servlet-name>handleowner</servlet-name>
<servlet-class>HandleOwner</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>handleowner</servlet-name>
<url-pattern>/_ah/mail/owner*</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>handlesupport</servlet-name>
<servlet-class>HandleSupport</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>handleowner</servlet-name>
<url-pattern>/_ah/mail/support*</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>catchallhandler</servlet-name>
<servlet-class>MailCatchallServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>catchallhandler</servlet-name>
<url-pattern>/_ah/mail/*</url-pattern>
</servlet-mapping>
<security-constraint>
<web-resource-collection>
<url-pattern>/_ah/mail/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
It looks like the support and owner email addresses are wildcarded to match any that begin with that address.
This should work. Are you sure it's not your handler returning the 404? I would suggest trying a couple of things to figure out the source of the problem:
Set up a catchall handler for /_ah/mail/* and check that works
If it does, set up one for a simpler prefix, or exact address.

Resources