Please read the second paragraph of: http://code.google.com/appengine/docs/java/gettingstarted/staticfiles.html
You'll need to exclude your files from <static-files> in appengine-web.xml if you are relying on a custom filter for authentication purposes. On Mon, Jul 12, 2010 at 3:27 AM, Shawn Brown <[email protected]>wrote: > Hi, > > I have a filter set for all requests. Yet the first request to GAE > seems to bypass the filter. Why/How could that be????? > > I do have a welcome file set > > <welcome-file>MyAppGAE.html</welcome-file> > > but shouldn't that get called by the following filter > > <filter-mapping> > <filter-name>AuthenticationFilter</filter-name> > <url-pattern>/*</url-pattern> > </filter-mapping> > > Using a url like (running locally) > http://127.0.0.1:8888/MyAppGAE.html?gwt.codesvr=127.0.0.1:9997#login, > why does the filter get bypassed on first access. Subsequest rpc > calls to the app do trigger the filter but I'm worried that before I > can authenticate the user, they have a chance to make an rpc call. > It's a huge potential security hole. > > If it's the browser caching something, then when I change the welcome > page MyAppGAE.html, I would expect the filter to be applied when the > user gets the new page. I can see the new page but still don't see > the filter applied. > > What am I not understanding??????? > > Shawn > > -- > You received this message because you are subscribed to the Google Groups > "Google App Engine for Java" group. > To post to this group, send email to > [email protected]. > To unsubscribe from this group, send email to > [email protected]<google-appengine-java%[email protected]> > . > For more options, visit this group at > http://groups.google.com/group/google-appengine-java?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Google App Engine for Java" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-appengine-java?hl=en.
