I am trying to debug some issues with task execution and have a
question.
Background
==========
Documentation states that tasks (cron and task queue) are executed by
a system process with admin priviledges.
To protect task execution from unauthorized execution I originally
protected them with a security constraint in the web.xml file. That
seemed to work OK.
Now, for other reasons, I'd like to protect them with code of my own
in a filter.
I have been trying to confirm admin priviledges in the filter, using
code like this:
public boolean isAdmin() {
UserService user = UserServiceFactory.getUserService();
if ( user.isUserLoggedIn() ) {
return user.isUserAdmin();
}
else {
return false;
}
}
and I also tried directly:
return user.isUserAdmin();
without checking for login first.
Problem
=======
In both cases this seems to return false, even when when the request
comes from the system to run a task-queue task.
Despite the statement that these requests are run as admin.
Question:
=======
Can I use the UserService to check admin permissions when the code is
being run in a request started by the system to serve a cron or task-
queue task?
thanks!
--
You received this message because you are subscribed to the Google Groups
"Google App Engine for Java" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/google-appengine-java?hl=en.
