GWT / GAE（Java）的：当GAE，app.yaml中/ web.xml中的用户认证和登录/注销合并不真正工作

我正在写使用GWT和GAE（Java）的一个Web应用程序。我知道GAE pretty好，尤其是Python版本;我是新来GWT和GAE的Java版本。

I'm writing a web app using GWT and GAE (Java). I know GAE pretty well, especially the Python version; I'm new to GWT and the Java version of GAE.

我试图建立我的应用程序，使用户曾在访问中记录;从app.yaml中。

I tried to set up my app so that the user had to be logged in to access; from app.yaml.

application: myapp
version: 1
runtime: java

welcome_files:
 - index.jsp
 - index.html

handlers:

- url: /admin/*
#  secure: always
 login: admin

- url: /MyApp.html
#  secure: always
 login: required

这似乎产生了主页上的访问限制一个web.xml：

This seems to generate a web.xml that has access restrictions on the main page:

 <security-constraint>
   <web-resource-collection>
     <url-pattern>/MyApp.html</url-pattern>
   </web-resource-collection>
   <auth-constraint>
     <role-name>*</role-name>
   </auth-constraint>
 </security-constraint>

正如预期的那样，当蚂蚁下运行DEVMODE我需要假冒登录当我第一次去的网页。

As expected, when run under ant devmode I am required to fake-login when I first go to the page.

不过，我希望用户有一个注销URL。

However I wanted the user to have a logout url.

首先，似乎有没有办法做到这一点在客户端上，这似乎是离奇：怎么会这样，我有打服务器只生成一个URL，以便用户可以注销？但是，没有看到另一种选择，我写了一个RPC服务做到这一点。

First, there seems to be no way to do this on the client, which seems bizarre: how can it be that I have to hit the server just to generate a URL so that the user can logout? However, not seeing an alternative, I wrote an RPC service to do this.

我以前在GWT HTML元素把页面上的链接;这似乎当我把链接，谷歌搜索等。当我把网址注销（这是生成到用户返回链接到需要登录（东西我都没有用GAE的Python版本之前完成主页工作所有，而不致再要求（然后登录看到主页）Ajax的东西），我只是得到一个404未找​​到。/_ah/MyApp.html我想这也许是下DEVMODE运行Chrome插件的一些影响，所以其实我的编译应用程序并运行它作为一个编译GAE应用程序（dev_appserver.sh）;完全相同的问题。

I used an HTML element in GWT to put the link on the page; this seems to work when I put links to google searches, etc. When I put the URL to logout (which was generated to link the user back to the main page which requires login (something I have done before with the Python version of GAE without all the Ajax stuff) instead of getting asked to login again (and then seeing the main page), I just get a 404 Not found: /_ah/MyApp.html . I thought this was perhaps some effect of the Chrome plugin running under devmode, so I actually compiled the app and ran it as a compiled GAE app (dev_appserver.sh); exact same problem.

另一个奇怪的效果是，在某些情况下（后也许刚刚做了以上）我去我的应用程序和RPC服务的主页，我写来获取用户的注销URL回复该用户没有登录英寸

Another odd effect is that under some circumstances (perhaps after having just done the above) I go to the main page of my app and the RPC service I wrote to get the logout URL for the user replies that the user is not logged in.

由于app.yaml设定（这似乎正确地产生web.xml）中，甚至没有让用户看到的网页，除非他们登录，怎么可能为实现这一目标，甚至发生？即使用户正在正确地退出（由时任说，404页），我怎能去我的应用程序主页面，但没有登录？

Given the app.yaml configuration (which seems to correctly generate the web.xml) to not even let the user see the page unless they are logged in, how is it possible for that to even happen? Even if the user is being correctly logged out (by the page when then says 404), how can I ever go to my app main page and yet not be logged in?

这是一个Ajax效果，用户被注销，但页面上显示周围，然后将RPC打服务器，并发现该用户现在已经退出（当用户在登录在已经被渲染）？如果是这样的话，那么它似乎相当没有意义的，限制在app.yaml中/ web.xml文件的访问，因为我也有我每次得到一个RPC调用反正时间来检查，不是吗？ （我假设的app.yaml配置可能节省一些服务器往返的用户第一次访问页面？）

Is this an Ajax effect where the user is logged out, but the page says around (having already been rendered when the user was logged in) and then the RPC hits the server and finds out that the user is now logged out? If this is the case, then it seems rather pointless to restrict access in the app.yaml / web.xml as I also have to check it every time I get an RPC call anyway, right? (I suppose the app.yaml configuration might save a few server round-trips the first time the user visits the page?)

我运行OS X 10.6.8（86）的先进的最新版本。
我的浏览器Chrome的是：16.0.912.63（正式版本113337）

I'm running an up-to-date version of OS X 10.6.8 (x86). My browser is Chrome: 16.0.912.63 (Official Build 113337)

$ java -version
java version "1.6.0_29"
Java(TM) SE Runtime Environment (build 1.6.0_29-b11-402-10M3527)
Java HotSpot(TM) 64-Bit Server VM (build 20.4-b02-402, mixed mode)

我使用GWT-2.4.0。

I'm using gwt-2.4.0.