The user service will always return null when cron is calling. The
way to tell that cron is calling is to check for the "X-AppEngine-
Cron" header. It is set by the cron service and is stripped from all
other calls to your URLs. That is the best you can do until the GAE
cron service is better integrated into the user service.
scott
On Dec 8, 4:08 am, Raphael André Bauer <raphael.andre.ba...@gmail.com>
wrote:
> Hi,
>
> I am currently trying to secure my urls that are accessed by cron jobs /
> tasks.
>
> Normally I would use web.xml like that:
>
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>Protected Area</web-resource-name>
> <url-pattern>/cron/*</url-pattern>
> </web-resource-collection>
> <auth-constraint>
> <role-name>admin</role-name>
> </auth-constraint>
> </security-constraint>
>
> However, I got a constraint, where these urls should be allowed to be
> triggered by other authentification mechanisms.
>
> Therefore I tried to use the UserService if a authenticated user is
> hitting the url. I though cron is an authenticated user...
>
> UserService userService = UserServiceFactory.getUserService();
>
> if (!userService.isUserLoggedIn()) {
>
> //do nothing
>
>
>
> } else if (!userService.isUserAdmin()) {
> //do nothing
> }
>
> //allow stuff to work...
>
> }
>
> But I do not get a logged in user when cron is programmatically hitting my
> urls.
>
> Is there a way to determine if google app engine is hitting my urls
> without using web.xml security constraints?
>
> Thanks,
>
> Best,
>
> Raphael
--
You received this message because you are subscribed to the Google Groups
"Google App Engine for Java" group.
To post to this group, send email to google-appengine-java@googlegroups.com.
To unsubscribe from this group, send email to
google-appengine-java+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/google-appengine-java?hl=en.
