I was going through this article and got stuck with one issue. Imagine I have following rule in web.xml:
<security-constraint>
<web-resource-collection>
<web-resource-name>Admin access</web-resource-name>
<url-pattern>/AdminPanel.jsp</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
Then non-admin user opens AdminPanel.jsp, GAE redirects him to Google Accounts login page, he enters his credentials and logically gets this page
Error: Forbidden
Your client does not have permission to get URL /AdminPanel.jsp from this server.
Now I can't re-login with another Google Account because I'm still authenticated as wrong user and GAE put ACSID cookie for app url. I will always get error message I mentioned above. Is there a way to elegantly solve this issue ? I'd like customer to be able to re-login with appropriate credentials. Also situation when customer is signed into more than one account is possible. I personally have Google Apps account and Gmail account. All Google applications such as GMail have options to Switch in between accounts. Can I do the same ?
