0

I have GAE application. I have CRON service. It fires www.example.appspot.com/cron/schedule servlet.

PROBLEM: Everyone have access to this servlet. I dont want to have everyone access to this servlet. I need to fire that servlet only cron.

In the other word I need: servlet access permission only for cron

I do something like that:

<security-constraint>
    <web-resource-collection>
        <web-resource-name>cron</web-resource-name>
        <url-pattern>/cron/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
        <role-name>admin</role-name>
    </auth-constraint>
</security-constraint>

every servlet in /cron/ cant be fire eccept admin (If I deploy app, app engine is admin). So is this sulution? what do you think? Am I correct?

that is link

grep
  • 5,465
  • 12
  • 60
  • 112
  • yes your correct, that's exactly how you do it. you can test this of course by trying to hit the url as a non admin user - you should get a 403 – Gwyn Howell Oct 10 '13 at 18:21
  • No, I don't have error 403 :( – grep Oct 10 '13 at 18:44
  • it's my [link](http://ltv-checker.appspot.com/cron/PDValidation) it's redirect to another pages.... I dont understand why – grep Oct 10 '13 at 18:46
  • it's redirecting to http://ltv-checker.appspot.com/_ah/test/test/test/test/test/test/test/test/test/test/test/test/test/test/test/test/test/test/test/test/logIn.jsp. you must have a redirect loop somewhere in your config or code? – Gwyn Howell Oct 10 '13 at 19:02
  • no. no. I only have another servlet on /. This servlet redirects page to www.example.appspot.com/test/login.jsp (if user is not in session). but whay it is redirected on this servlet? I don't undestand. :( Not I'm not at the computer. I will see again tomorow. – grep Oct 10 '13 at 19:38
  • because of I have admin, it tries to find login page. In localhost it redirects to "/_ah/login?", and in deployed app, it cant find the login page migh be. – grep Oct 11 '13 at 07:57

0 Answers0