http://gwt-code-reviews.appspot.com/1432801/diff/4001/samples/mobilewebapp/war/WEB-INF/web.xml File samples/mobilewebapp/war/WEB-INF/web.xml (right):
http://gwt-code-reviews.appspot.com/1432801/diff/4001/samples/mobilewebapp/war/WEB-INF/web.xml#newcode11 samples/mobilewebapp/war/WEB-INF/web.xml:11: --> Its protected by GaeAuthFilter, not here. If we protect it here, then GAE will respond to RequestFactory requests with a URL redirect, which RequestFactory client code has no idea how to handle. This is a shortcut to quickly redirect users to the login page if they try to access the app without being logged in. The filter is the main check as to whether the user is logged in. http://gwt-code-reviews.appspot.com/1432801/diff/4001/samples/mobilewebapp/war/WEB-INF/web.xml#newcode47 samples/mobilewebapp/war/WEB-INF/web.xml:47: <url-pattern>/gwtRequest/*</url-pattern> GaeAuthFilter checks that the user is logged in when a gwtRequest is sent. This needs to work this way because a user could log out while the app is running. The expenses sample does the same thing. http://gwt-code-reviews.appspot.com/1432801/ -- http://groups.google.com/group/Google-Web-Toolkit-Contributors
