How can I make sure that users cannot access http address on google appengine at all? Now usesrs开发者_JS百科 can use https or http to access site, but is there any way to force users using http protocol to https url?
Ok now I found a way to do it, add following element to your web.xml, and your xml should have following xml definition:
<?xml version="1.0" encoding="utf-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee" version="2.5">
<security-constraint>
<web-resource-collection>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
https://developers.google.com/appengine/docs/java/config/webxml#Secure_URLs
精彩评论