Hello,
for an online bug report web application, I need to find a way how any user can submit a bug report (using HTTP POST) to a Servlet in a Google App Engine application, while all other Servlets (the application admin interface) are protected so that they grant access only to users which have logged in with their Google account. The application runs at /* and if this URL is secured using Google Accounts, no servlet will be available without authentication and there seems to be no way to exclude a URL from authentication.
So this should be protected:
<url-pattern>/*</url-pattern>
While this should be public:
<url-pattern>/addbugreport</url-pattern>
- just an idea for a workaround: all servlets in the application (except the public one) could check if a user has logged on (and forward to a login page if not logged in)