Hi Ricardo, You are right the ServletModule does not implement the security mechanisms available in web.xml. This is mostly because it is not particularly generalizable. Most applications provide their own application layer security, using a filter to lock out certain URLs, etc.
The security constraint system requires deep integration with the servlet container to provide in any useful fashion (even appengine does not fully implement this, as you may be aware). So we have deliberately stayed away from it in GS2. Short answer: yes, you can simply fallback on web.xml for this part, or apply a custom filter that does the securing the way you require it (recommended). Regards, Dhanji. On Tue, Jul 28, 2009 at 2:14 AM, Ricardo Rocha <[email protected]>wrote: > > Hi. > > I'm using Guice in an application running against appengine. I've > followed the instructions and it works fine, but i couldn't figure out > the equivalent of the <security-constraint> available in the > appengine's web.xml in the ServletModule configuration. > > I mean this: > > http://code.google.com/appengine/docs/java/config/webxml.html#Security_and_Authentication > > Is there a way to pass it or do i need the web.xml to use the > appengine's built-in auth? > > Thanks in advance, > Ricardo > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "google-guice" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/google-guice?hl=en -~----------~----~----~----~------~----~------~--~---
