I have set up appengine to allow incoming mail, and if I have my web.xml file with
<servlet>
<servlet-name>mailhandler</servlet-name>
<servlet-class>VerifyReply</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>mailhandler</servlet-name>
<url-pattern>/_ah/mail/*</url-pattern>
</servlet-mapping>
<security-constraint>
<web-resource-collection>
<url-pattern>/_ah/mail/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
it works and runs the VerifyReply servlet, but if I want to limit incoming emails to only those sent to the verifyreply#... email address with (notice the url-pattern is different than above)
<servlet>
<servlet-name>mailhandler</servlet-name>
<servlet-class>VerifyReply</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>mailhandler</servlet-name>
<url-pattern>/_ah/mail/v*</url-pattern>
</servlet-mapping>
<security-constraint>
<web-resource-collection>
<url-pattern>/_ah/mail/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
it stops working and I get an email bounce back to the sender. My logs page shows the server ran /_ah/mail/verifyreply#... but it doesn't run the servlet and bounces the email.
Any ideas, I think I am following the guide at https://developers.google.com/appengine/docs/java/mail/receiving
According to the docs, filtering on address is not supported:
When App Engine moved to a standard Java Web Server, the ability to specify richer matching patterns was lost (e.g. one used to be able to specify a url-pattern like /_ah/mail/support*). If such pattern matching is desired, consider using a filter-based approach based on the following code snippets.
It would consider it a bug that specifying the full address does work. The page contains an example on how to do address matching in a mail handler filter (a filter in the servlet sense). You should match the address there and return a 404 if you do not want to accept the message. Or you can just ignore messages you don't want if you don't care about bouncing them.
Related
When auth-constraint is specified in AppEngine Development server web.xml file. The User injected to endpoint and User received from UserService.getCurrentUser() in HttpServlet are different.
The user Id for endpoint user is zero and for HttpServlet it is a fixed number. When the auth-constraint tag is removed from web.xml file, both user ids are zero. But this tag is required for production server.
How to get a single user for development server?
<security-constraint>
<web-resource-collection>
<web-resource-name>all</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
Im using Eclipse and AppEngine SDK 1.7.5.
I tried to validate war folder in my Google App Engine project. There is Invalid Content with my web.xml:
Invalid content was found starting with element 'url-pattern'.
One of '{"http://java.sun.com/xml/ns/javaee":web-resource-name}'
is expected. web.xml /project/war/WEB-INF line 121 XML Problem
This is the xml referred on the error:
<security-constraint>
<web-resource-collection>
<url-pattern>/admin/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
How to fix the error?
It's a dup, see: Eclipse reporting problem in my web.xml, but it is processed fine
Anyway, try adding a web-resource-name element as follows:
<web-resource-collection>
<web-resource-name>Admin Resources</web-resource-name>
<url-pattern>/admin/*</url-pattern>
</web-resource-collection>
I develop an application with GAE and GWT where the user has to be logged in with his Google Account when he access the site. So I defined the following in the web.xml file...
<security-constraint>
<web-resource-collection>
<url-pattern>/index.html</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
</security-constraint>
When I'm running the local dev server I get promted with the test login-screen when I open the app the first time, but when I deploy it, I directly come to my application without any authentication.
First I thought, that could be, because I'm already logged in to other Google services, but I tried it in other browsers and in incognito mode too.
I would suggest trying one is to use the URL pattern to * so that all your resources are secure and secondly addind web-resource-name tag to "all" value, as shown in code snippet below.
And I am assuming you already have servlet mapping to service etc
<security-constraint>
<web-resource-collection>
<web-resource-name>all</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
</security-constraint>
When we turn sessions on in google app engine like:
// appengine-web.xml
<sessions-enabled>true</sessions-enabled>
does app engine automatically clean up expired sessions, or do we have to do it ourselves? After turning them on, I see in the datastore that some entries are being generated like _ah_session, I'm wondering if those are them?
Thanks
Yes those are the session entries. Google's app engine documentation includes the following:
The implementation creates datastore entities of the kind _ah_SESSION, and memcache entries using keys with a prefix of _ahs.
(http://code.google.com/appengine/docs/java/config/appconfig.html)
As for cleaning up session data. I found the following 2 discussions:
http://groups.google.com/group/google-appengine-java/browse_thread/thread/4f0d9af1c633d39a
http://www.mail-archive.com/google-appengine-java#googlegroups.com/msg01372.html
HTH,
Steve
From Cleaning Up Expired Sessions From App Engine Datastore:
You need to configure the cleanup servlet provided by Google to be run regularly. Note: the servlet cleans at most 100 entries at time. Be sure to decide how often do you need this to be called and determine the interval as appropriate to you.
In web.xml:
<web-app...>
<servlet>
<servlet-name>_ah_sessioncleanup</servlet-name>
<servlet-class>com.google.apphosting.utils.servlet.SessionCleanupServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>_ah_sessioncleanup</servlet-name>
<url-pattern>/_ah/sessioncleanup</url;-pattern>
</servlet-mapping>
<security-constraint>
<web-resource-collection>
<web-resource-name>session-cleanup</web-resource-name>
<url-pattern>/_ah/sessioncleanup</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
...
</web-app>
And in cron.xml:
<cronentries>
<cron>
<url>/_ah/sessioncleanup?clear</url>
<description>Clean up sessions</description>
<schedule>every 15 minutes</schedule>
</cron>
...
</cronentries>
I am writing an App Engine app that is supposed to receive emails in this form:
addcontact.someID#my-app.appspotmail.com (someID is an alphanumeric ID that I generate).
I have this in my web.xml thinking it would catch emails that start
with 'addcontact.':
<servlet>
<servlet-name>addNewContactServlet</servlet-name>
<servlet-class>com.mycompany.server.AddNewContactServlet</servlet-
class>
</servlet>
<servlet-mapping>
<servlet-name>addNewContactServlet</servlet-name>
<url-pattern>/_ah/mail/addcontact.*</url-pattern>
</servlet-mapping>
However, both on my dev machine and on google's servers email is not
received. On the dev machine I get this message (I get a similar error
in the deployed log)
Message send failure
HTTP ERROR 404
Problem accessing /_ah/mail/
addcontact.z1vnq3p2bvtfsuzbxg13sfon#myapp.appspotmail.com.
Reason:
NOT_FOUND
I can receive email at fully specified addresses or when I use /_ah/mail/*
The google documentation made me believe it was possible to include partial email addresses in web.xml. Am I not using the wildcard correctly? Does the period have something to do with it? Can this be done somehow?
The reason why I think it should work is the google docs at: http://code.google.com/appengine/docs/java/mail/receiving.html
In it there is this example web.xml file:
<servlet>
<servlet-name>handleowner</servlet-name>
<servlet-class>HandleOwner</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>handleowner</servlet-name>
<url-pattern>/_ah/mail/owner*</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>handlesupport</servlet-name>
<servlet-class>HandleSupport</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>handleowner</servlet-name>
<url-pattern>/_ah/mail/support*</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>catchallhandler</servlet-name>
<servlet-class>MailCatchallServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>catchallhandler</servlet-name>
<url-pattern>/_ah/mail/*</url-pattern>
</servlet-mapping>
<security-constraint>
<web-resource-collection>
<url-pattern>/_ah/mail/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
It looks like the support and owner email addresses are wildcarded to match any that begin with that address.
This should work. Are you sure it's not your handler returning the 404? I would suggest trying a couple of things to figure out the source of the problem:
Set up a catchall handler for /_ah/mail/* and check that works
If it does, set up one for a simpler prefix, or exact address.