My answer hasn't been published yet so I'll add some more thoughts right here
:-)
=> When something doesn't work the way you want, maybe that's because you don't
want the good thing...
I've been thinking about my authentication problem, and finally came to the
conclusion that securing the URLs in the web.xml wasn't the best solution. It
automatically redirects the user to the appengine login page... However, when
calling those Rest resources, I don't care about redirections. I just wanna
know that my authentication is not valid any more..
So the solution was of course disabling appengine security, and using a simple
servlet filter :
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain filterChain) throws IOException, ServletException {
User currentUser = userService.getCurrentUser();
if (currentUser != null) {
filterChain.doFilter(request, response);
} else {
if (response instanceof HttpServletResponse) {
HttpServletResponse httpResponse =
(HttpServletResponse) response;
httpResponse.sendError(HttpServletResponse.SC_FORBIDDEN, "You must authenticate
to access this resource.");
}
}
}
Then, it's all a matter of catching a ResourceException in my Android client,
and checking if the status code is 403...
------------------------------------------------------
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=2644212
