There is probably a better way, but you could look at the user agent
string (I see in my logs that the user agent string for pages launched
by cron look like "AppEngine-Google; (+http://code.google.com/
appengine)".
Also, cron jobs are executed as admin. You may be able to use the
"userService.isUserAdmin()" functionality, although I haven't tested
that.
Thanks,
Jason
On Dec 8, 5:08 am, Raphael André Bauer <raphael.andre.ba...@gmail.com>
wrote:
> Hi,
>
> I am currently trying to secure my urls that are accessed by cron jobs /
> tasks.
>
> Normally I would use web.xml like that:
>
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>Protected Area</web-resource-name>
> <url-pattern>/cron/*</url-pattern>
> </web-resource-collection>
> <auth-constraint>
> <role-name>admin</role-name>
> </auth-constraint>
> </security-constraint>
>
> However, I got a constraint, where these urls should be allowed to be
> triggered by other authentification mechanisms.
>
> Therefore I tried to use the UserService if a authenticated user is
> hitting the url. I though cron is an authenticated user...
>
> UserService userService = UserServiceFactory.getUserService();
>
> if (!userService.isUserLoggedIn()) {
>
> //do nothing
>
>
>
> } else if (!userService.isUserAdmin()) {
> //do nothing
> }
>
> //allow stuff to work...
>
> }
>
> But I do not get a logged in user when cron is programmatically hitting my
> urls.
>
> Is there a way to determine if google app engine is hitting my urls
> without using web.xml security constraints?
>
> Thanks,
>
> Best,
>
> Raphael
--
You received this message because you are subscribed to the Google Groups
"Google App Engine for Java" group.
To post to this group, send email to google-appengine-java@googlegroups.com.
To unsubscribe from this group, send email to
google-appengine-java+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/google-appengine-java?hl=en.
