Hello,
If you are using an SDK, try to rebuild the project and re-opening the SDK. Doing this will ensure that the problem is not coming from the SDK running an older build. However, If the urls are still not asking for admin privileges, I would recommend adding security constraints to each file separately by putting the full path and see if that works first. Doing this, you will be able to confirm if somehow the problem is url-pattern related. You can read more about how url mappings and security constraints are handled in the chapter 11 “Mapping Requests to Servlets” and 12.8 “Specifying Security Constraints” of this third party document Java(TM) Servlet Specification 2.4 Final Release <http://download.oracle.com/otndocs/jcp/servlet-2.4-fr-spec-oth-JSpec/>, you would need to accept the licence agreement and download the first document. As for your second question, requests are routed to the Service control API which decides if these are permitted or not depending on how you configure your API, before sending it to the endpoints of your application, please review this document Endpoints Frameworks <https://cloud.google.com/endpoints/docs/frameworks/frameworks-extensible-service-proxy#endpoints_frameworks> in order to learn more about endpoints frameworks and how requests are handled on the App Engine standard environment. For more information about adding user authentication to an API for applications using Cloud Endpoints Frameworks, please review this document Authenticating users <https://cloud.google.com/endpoints/docs/frameworks/java/authenticating-users> . On Friday, August 17, 2018 at 10:59:41 PM UTC-4, Azeem Haider wrote: > > > I'm using App Engine standard environment. I want to make all url to > access only admin. > > Here is my web.xml but this one is not working for me I test it on local > development. > > > <web-app> > ...... > > <!-- Security --> > <security-role> > <role-name>admin</role-name> > </security-role> > <security-constraint> > <web-resource-collection> > <web-resource-name>admin</web-resource-name> > <url-pattern>/*</url-pattern> > </web-resource-collection> > <auth-constraint> > <role-name>admin</role-name> > </auth-constraint> > </security-constraint> > > ..... > </web-app> > > > > I checked the documentation right here Security and Authentication > <https://cloud.google.com/appengine/docs/standard/java/config/webxml#Security_and_Authentication> > > Can you please let me know why this one is not working for me. What I'm > doing wrong ? > > And second thing I want to ask is that If I protect all urls to access > only admin can I still use cloud endpoint lib in Android can my app access > endpoints or not without any login ? > > I'm using java8 > -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/google-appengine. To view this discussion on the web visit https://groups.google.com/d/msgid/google-appengine/64d2b6ae-bd9a-4064-9fe1-422bdb1aecdd%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
