There is probably a better way, but you could look at the user agent string (I see in my logs that the user agent string for pages launched by cron look like "AppEngine-Google; (+http://code.google.com/ appengine)".
Also, cron jobs are executed as admin. You may be able to use the "userService.isUserAdmin()" functionality, although I haven't tested that. Thanks, Jason On Dec 8, 5:08 am, Raphael André Bauer <raphael.andre.ba...@gmail.com> wrote: > Hi, > > I am currently trying to secure my urls that are accessed by cron jobs / > tasks. > > Normally I would use web.xml like that: > > <security-constraint> > <web-resource-collection> > <web-resource-name>Protected Area</web-resource-name> > <url-pattern>/cron/*</url-pattern> > </web-resource-collection> > <auth-constraint> > <role-name>admin</role-name> > </auth-constraint> > </security-constraint> > > However, I got a constraint, where these urls should be allowed to be > triggered by other authentification mechanisms. > > Therefore I tried to use the UserService if a authenticated user is > hitting the url. I though cron is an authenticated user... > > UserService userService = UserServiceFactory.getUserService(); > > if (!userService.isUserLoggedIn()) { > > //do nothing > > > > } else if (!userService.isUserAdmin()) { > //do nothing > } > > //allow stuff to work... > > } > > But I do not get a logged in user when cron is programmatically hitting my > urls. > > Is there a way to determine if google app engine is hitting my urls > without using web.xml security constraints? > > Thanks, > > Best, > > Raphael -- You received this message because you are subscribed to the Google Groups "Google App Engine for Java" group. To post to this group, send email to google-appengine-java@googlegroups.com. To unsubscribe from this group, send email to google-appengine-java+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-appengine-java?hl=en.