It's always possible if you do it using servlet filters, similar to Spring Security. What you cannot use (judging from the docs only) is "container based" security:
App Engine does not support custom security roles (<security-role>) or alternate authentication mechanisms (<login-config>) in the deployment descriptor. — Source: http://code.google.com/appengine/docs/java/config/webxml.html#Security_and_Authentication -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
