Absolutely, store the files in the data store or something but serve them as though they were normal pages; simply serving a static resource via servlet won't achieve anything.
Also; don't use code splitting as a security measure; it's a client side thing, which means it can be avoided. (Yes, I know, it's a server side thing, but _triggering_ it is a client side thing, and you can do that even if the application doesn't want you to). ~ Doug. On Feb 10, 5:20 am, Simon <[email protected]> wrote: > @dougx > Thanks for your post, I didn't knew that app engine did not support > 304. > > One difference: I want the files to be accessed *only* by servlet, ie > the servlet should serve the files, not redirect to them. > > On 9 fév, 09:44, dougx <[email protected]> wrote: > > > > > Serve content via servlet, it's fair easy. For an example look > > here:http://blog.goodcamel.com/2010/01/08/workaround-for-google-app-engine... > > > You can then check in the servlet for authentication via cookie / id > > and refuse to serve unauthenticated users. > > > ~ > > Doug. > > > On Feb 9, 6:26 am, Simon <[email protected]> wrote: > > > > Yes that is the basics of app engine security. I use it to get the > > > Google account of the user. > > > > This is the first step of the login: Google authentication. > > > Second step I want to validate the Google account against my own set > > > of users, > > > Last step I want to send to the user the whole javascript app. > > > > On 8 fév, 23:04, Youngster <[email protected]> wrote: > > > > > Did you have a look at this > > > > page:http://code.google.com/appengine/docs/java/config/webxml.html#Securit... > > > > ? -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
