I am running a java application on google app engine. I protected my admin servlets with a security constraint:
<security-constraint>
<web-resource-collection>
<web-resource-name>tasks</web-resource-name>
<url-pattern>/admin/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
Now I want to call one of these servlet from server side code. This seems to be not possible because of this security constraint. Is there a role preventing regular users from accessing this resources but prevents access to calls from server side code? Or is there another approach to my problem?
You can move the method that you need outside of a secure servlet. Then you can access it either through a secure servlet, or internally.