Hi folks, I'm sure this is just me being foolish, but I have the following in my web.xml:
<security-constraint> <web-resource-collection> <url-pattern>/comment/*</url-pattern> <url-pattern>/entry/*</url-pattern> <url-pattern>/series/*</url-pattern> <url-pattern>/upload/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>admin</role-name> </auth-constraint> </security-constraint> However, even with this in place, I can still hit urls like these without logging in: http://xxx.appspot.com/entry/edit/2001 http://xxx/appspot.com/series/edit/42 What am I missing? Thanks in advance, ~rob -- You received this message because you are subscribed to the Google Groups "Google App Engine for Java" group. To post to this group, send email to google-appengine-java@googlegroups.com. To unsubscribe from this group, send email to google-appengine-java+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-appengine-java?hl=en.