Hi folks,
I'm sure this is just me being foolish, but I have the following in my
web.xml:
<security-constraint>
<web-resource-collection>
<url-pattern>/comment/*</url-pattern>
<url-pattern>/entry/*</url-pattern>
<url-pattern>/series/*</url-pattern>
<url-pattern>/upload/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
However, even with this in place, I can still hit urls like these
without logging in:
http://xxx.appspot.com/entry/edit/2001
http://xxx/appspot.com/series/edit/42
What am I missing?
Thanks in advance,
~rob
--
You received this message because you are subscribed to the Google Groups
"Google App Engine for Java" group.
To post to this group, send email to google-appengine-java@googlegroups.com.
To unsubscribe from this group, send email to
google-appengine-java+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/google-appengine-java?hl=en.
