Context:
- Tasks as defined in
http://code.google.com/appengine/docs/java/taskqueue/overview.html
- Secured URLs as described in
http://code.google.com/appengine/docs/java/config/webxml.html
In the following excerpts, you can see I want to be sure that only
administrators can access over SSL resources in the /_admin folder.
This works fine when I access JSP page or call a servlet. However, the
automatic task execution fails continuously on production, which
generates a never ending task rescheduling...
- Sample task scheduling:
QueueFactory.getDefaultQueue().add(url("/
_admin/...").method(Method.GET));
- web.xml part:
<security-constraint>
<web-resource-collection>
<url-pattern>/_admin/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
As tasks are issued server-side and consumed there without having
transited on the public Internet (I hope so), I don't think there's a
risk of having non encrypted task calls.
I've just created another path for my tasks entry points (/_tasks) and
the path is not covered by the SSL restriction. Is it the right way?
Or did I hit a defect?
Thanks,
A+, Dom
--
You received this message because you are subscribed to the Google Groups
"Google App Engine for Java" group.
To post to this group, send email to google-appengine-j...@googlegroups.com.
To unsubscribe from this group, send email to
google-appengine-java+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/google-appengine-java?hl=en.
