How do I call a secured page from my own AppEngine web-service?

Question

To send a HTML email I'd like to call a different URL of my own App, to have the comfort of JSP for rendering the Email-content.

To execute the HTTP-call to my own app I first tried to use " http://localhost/emailreport " as URL, but that failed with a DNS-error. Next I tried the external URL:

String appid = ApiProxy.getCurrentEnvironment().getAttributes()
   .get("com.google.appengine.runtime.default_version_hostname").toString();
appid = appid.substring(0, appid.indexOf('.'));
URL url = new URL("http://" + appid + ".appspot.com/emailreport");

This works, but only for pages without security-constraints in web.xml. My emailreport however needs to be secured.

Any Idea how to retrieve that page? Do I need to use a Service-Account-Key? Isn't there a simple trick?

ADDED:
I want to secure the pages by adding this to the web.xml:

<security-constraint>
    <web-resource-collection>
        <web-resource-name>SecureName</web-resource-name>
        <url-pattern>/mytask</url-pattern>
    </web-resource-collection>
    <auth-constraint>
        <role-name>admin</role-name>
    </auth-constraint>
</security-constraint>

Answer 1

I solved it by using the following workaround:

Caller creates a secret token and stores it in MemCache and adds a header to the request.

Endpoint reads that header and compares it with the value in MemCache. If it matches, it processes the request, otherwise it returns a 401.