Google App Engine Security Constraint is not working_问答_开发者

Google App Engine Security Constraint is not working

开发者 https://www.devze.com 2023-03-02 05:03 出处：网络

I\'m using the following security constraint in the deployment descriptor of my GWT app, which is deployed on Google App Engine (GAE) for Java:

I'm using the following security constraint in the deployment descriptor of my GWT app, which is deployed on Google App Engine (GAE) for Java:

<security-constraint>
    <web-resource-collection>
        <url-pattern>ds/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
    开发者_开发问答    <role-name>admin</role-name>
    </auth-constraint>
</security-constraint>

My app is using Google Accounts for authentication.

It works perfectly fine in the hosted mode (Eclipse), but when I deploy the app to GAE, the constraint doesn't work. For example, in the hosted mode, when I try to access a resource in the ds folder, it redirects me to the login page. After login, it gives access to admin users only. But in the deployed app, anyone can access the resource without any authentication / authorization.

I haven't had a chance to test this on the "default" version of the app (http://myappid.appspot.com), but it surely doesn't work on other versions (like http://5.myappid.appspot.com).

Am I missing something obvious here?

Thanks.

I'd have thought you needed /ds/* . Your example doesn't have a preceding slash.