Hi,
I am currently trying to secure my urls that are accessed by cron jobs / tasks. Normally I would use web.xml like that: <security-constraint> <web-resource-collection> <web-resource-name>Protected Area</web-resource-name> <url-pattern>/cron/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>admin</role-name> </auth-constraint> </security-constraint> However, I got a constraint, where these urls should be allowed to be triggered by other authentification mechanisms. Therefore I tried to use the UserService if a authenticated user is hitting the url. I though cron is an authenticated user... UserService userService = UserServiceFactory.getUserService(); if (!userService.isUserLoggedIn()) { //do nothing } else if (!userService.isUserAdmin()) { //do nothing } //allow stuff to work... } But I do not get a logged in user when cron is programmatically hitting my urls. Is there a way to determine if google app engine is hitting my urls without using web.xml security constraints? Thanks, Best, Raphael -- You received this message because you are subscribed to the Google Groups "Google App Engine for Java" group. To post to this group, send email to google-appengine-java@googlegroups.com. To unsubscribe from this group, send email to google-appengine-java+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-appengine-java?hl=en.