Thanks for the answers. About filters : yes I use one for authentication. With that filter all the servlets are secured. My question was about all the non-servlet ressources: the html pages, the javascript files, css, images.
So I need to server all those files through servlets (what I suggested in my first post)(also suggested by thomas). I am going to move all the files into the WEB-INF directory of the project, so they will not be public anymore. After that I will define a servlet to serve them. code-splitting is also a solution. On 9 fév, 09:44, dougx <[email protected]> wrote: > Serve content via servlet, it's fair easy. For an example look > here:http://blog.goodcamel.com/2010/01/08/workaround-for-google-app-engine... > > You can then check in the servlet for authentication via cookie / id > and refuse to serve unauthenticated users. > > ~ > Doug. > > On Feb 9, 6:26 am, Simon <[email protected]> wrote: > > > > > Yes that is the basics of app engine security. I use it to get the > > Google account of the user. > > > This is the first step of the login: Google authentication. > > Second step I want to validate the Google account against my own set > > of users, > > Last step I want to send to the user the whole javascript app. > > > On 8 fév, 23:04, Youngster <[email protected]> wrote: > > > > Did you have a look at this > > > page:http://code.google.com/appengine/docs/java/config/webxml.html#Securit... > > > ? -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
