No, signed requests will still be redirected. Auth-constraint only applies to Users logged in via the web or OpenID.
This is a good feature request, however, and I will bring it up. On Wed, Jun 30, 2010 at 12:00 PM, Derek Battams <de...@battams.ca> wrote: > I am now using OAuth for authentication to my app. I've protected > some URLs in my web.xml with: > > <auth-constraint> > <role-name>*</role-name> > </auth-constraint> > > However, a signed OAuth request to one of these URLs still replies > with a 302 redirect to the Google signin page for my app. Is this > expected behaviour? I'd expect that a signed OAuth request to these > protected URLs would be considered "signed in" and would therefore not > respond with a 302, but instead process the request. > > I know the request is signed properly because I am able to get the > User via the OAuthService.getCurrentUser() call and log their email > address, etc. > > Can I not use auth-constraints in my web.xml when using OAuth only? > > Help appreciated, > > Derek > > -- > You received this message because you are subscribed to the Google Groups > "Google App Engine for Java" group. > To post to this group, send email to > google-appengine-j...@googlegroups.com. > To unsubscribe from this group, send email to > google-appengine-java+unsubscr...@googlegroups.com<google-appengine-java%2bunsubscr...@googlegroups.com> > . > For more options, visit this group at > http://groups.google.com/group/google-appengine-java?hl=en. > > -- Ikai Lan Developer Programs Engineer, Google App Engine Blog: http://googleappengine.blogspot.com Twitter: http://twitter.com/app_engine Reddit: http://www.reddit.com/r/appengine -- You received this message because you are subscribed to the Google Groups "Google App Engine for Java" group. To post to this group, send email to google-appengine-j...@googlegroups.com. To unsubscribe from this group, send email to google-appengine-java+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-appengine-java?hl=en.