Hi,
I am currently trying to secure my urls that are accessed by cron jobs / tasks.
Normally I would use web.xml like that:
<security-constraint>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<url-pattern>/cron/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
However, I got a constraint, where these urls should be allowed to be
triggered by other authentification mechanisms.
Therefore I tried to use the UserService if a authenticated user is
hitting the url. I though cron is an authenticated user...
UserService userService = UserServiceFactory.getUserService();
if (!userService.isUserLoggedIn()) {
//do nothing
} else if (!userService.isUserAdmin()) {
//do nothing
}
//allow stuff to work...
}
But I do not get a logged in user when cron is programmatically hitting my urls.
Is there a way to determine if google app engine is hitting my urls
without using web.xml security constraints?
Thanks,
Best,
Raphael
--
You received this message because you are subscribed to the Google Groups
"Google App Engine for Java" group.
To post to this group, send email to google-appengine-java@googlegroups.com.
To unsubscribe from this group, send email to
google-appengine-java+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/google-appengine-java?hl=en.
