I have a page "admin.html" setup with a security restraint for "admin", which looks like this in my web.xml:
<security-constraint> <web-resource-collection> <url-pattern>/admin.html</url-pattern> </web-resource-collection> <auth-constraint> <role-name>admin</role-name> </auth-constraint> </security-constraint> The documentation says, "If the constraint specifies a user role of admin, then only registered developers (administrators) of the application can access the URL". (this is from http://code.google.com/appengine/docs/java/config/webxml.html#Security_and_Authentication) I have Google Apps Premiere Edition for my domain, and I can successfully deploy my application to AppEngine directly from eclipse with my administrator account, e.g. "my.n...@mydomain.com". The app runs fine too, e.g. at "my-app-name.appspot.com". When I visit my admin.html page at "my-app-name.appspot.com/ admin.html", I am asked to log in -- so I log in with "my.n...@mydomain.com", and I get redirected back to the admin.html page, which gives me the forbidden message "Error: Forbidden Your client does not have permission to get URL /admin.html from this server." I do not understand why this is not working as documented. Surely I must be misunderstanding something. Any pointers? -- You received this message because you are subscribed to the Google Groups "Google App Engine for Java" group. To post to this group, send email to google-appengine-j...@googlegroups.com. To unsubscribe from this group, send email to google-appengine-java+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-appengine-java?hl=en.