Servlet 3.1 Specification (JSR 340) and Java Authorization Contract for Containers (JSR 115) MR3 are almost ready for release. Besides "*", the role-name "**" is introduced in the above two specifications.
In a nutshell, "*" means any role defined in web.xml and "**" means any authenticated user.
Prior to Servlet 3.1, web containers use proprietary mechanisms to add security-constraints for any...
Servlet 3.1 Specification (JSR 340) is almost ready for the release. Several new security features have been added in this version of Servlet specification.
In this blog, I will explain one of the security features, namely deny-uncovered-http-methods.
Let us take a look at a simple security-constraint in web.xml as follows:
<web-app xmlns="http://www.w3.org/2001/XMLSchema" ...
Servlet 3.1 (JSR 340) is almost ready for the release. One of the new features is the support for non-blocking IO. ReadListener and WriteListener are introduced to allow non-blocking processing in Servlet.
Non-blocking IO can only be used in async (defined in Servlet 3.0) or the upgrade mode. We can set the async in a servlet with @WebServlet annotation.
In this blog, we will illustrate the use...