[appengine-java] Why are filters not used on first access?
Hi, I have a filter set for all requests. Yet the first request to GAE seems to bypass the filter. Why/How could that be? I do have a welcome file set welcome-fileMyAppGAE.html/welcome-file but shouldn't that get called by the following filter filter-mapping filter-nameAuthenticationFilter/filter-name url-pattern/*/url-pattern /filter-mapping Using a url like (running locally) http://127.0.0.1:/MyAppGAE.html?gwt.codesvr=127.0.0.1:9997#login, why does the filter get bypassed on first access. Subsequest rpc calls to the app do trigger the filter but I'm worried that before I can authenticate the user, they have a chance to make an rpc call. It's a huge potential security hole. If it's the browser caching something, then when I change the welcome page MyAppGAE.html, I would expect the filter to be applied when the user gets the new page. I can see the new page but still don't see the filter applied. What am I not understanding??? Shawn -- You received this message because you are subscribed to the Google Groups Google App Engine for Java group. To post to this group, send email to google-appengine-j...@googlegroups.com. To unsubscribe from this group, send email to google-appengine-java+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-appengine-java?hl=en.
Re: [appengine-java] Why are filters not used on first access?
Please read the second paragraph of: http://code.google.com/appengine/docs/java/gettingstarted/staticfiles.html You'll need to exclude your files from static-files in appengine-web.xml if you are relying on a custom filter for authentication purposes. On Mon, Jul 12, 2010 at 3:27 AM, Shawn Brown big.coffee.lo...@gmail.comwrote: Hi, I have a filter set for all requests. Yet the first request to GAE seems to bypass the filter. Why/How could that be? I do have a welcome file set welcome-fileMyAppGAE.html/welcome-file but shouldn't that get called by the following filter filter-mapping filter-nameAuthenticationFilter/filter-name url-pattern/*/url-pattern /filter-mapping Using a url like (running locally) http://127.0.0.1:/MyAppGAE.html?gwt.codesvr=127.0.0.1:9997#login, why does the filter get bypassed on first access. Subsequest rpc calls to the app do trigger the filter but I'm worried that before I can authenticate the user, they have a chance to make an rpc call. It's a huge potential security hole. If it's the browser caching something, then when I change the welcome page MyAppGAE.html, I would expect the filter to be applied when the user gets the new page. I can see the new page but still don't see the filter applied. What am I not understanding??? Shawn -- You received this message because you are subscribed to the Google Groups Google App Engine for Java group. To post to this group, send email to google-appengine-j...@googlegroups.com. To unsubscribe from this group, send email to google-appengine-java+unsubscr...@googlegroups.comgoogle-appengine-java%2bunsubscr...@googlegroups.com . For more options, visit this group at http://groups.google.com/group/google-appengine-java?hl=en. -- You received this message because you are subscribed to the Google Groups Google App Engine for Java group. To post to this group, send email to google-appengine-j...@googlegroups.com. To unsubscribe from this group, send email to google-appengine-java+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-appengine-java?hl=en.
Re: [appengine-java] Why are filters not used on first access?
Hi, Please read the second paragraph of: http://code.google.com/appengine/docs/java/gettingstarted/staticfiles.html You'll need to exclude your files from static-files in appengine-web.xml if you are relying on a custom filter for authentication purposes. Thanks. IMHO it should be documented here http://code.google.com/appengine/docs/java/config/webxml.html#Filters Anyway, thanks! Shawn -- You received this message because you are subscribed to the Google Groups Google App Engine for Java group. To post to this group, send email to google-appengine-j...@googlegroups.com. To unsubscribe from this group, send email to google-appengine-java+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-appengine-java?hl=en.