Skip to main content

Blog Archive for swchan2 during April 2013

Servlet 3.1 Specification (JSR 340) and Java Authorization Contract for Containers (JSR 115) MR3 are almost ready for release. Besides "*", the role-name "**" is introduced in the above two specifications. In a nutshell, "*" means any role defined in web.xml and "**" means any authenticated user. Prior to Servlet 3.1, web containers use proprietary mechanisms to add security-constraints for any...
Servlet 3.1 Specification (JSR 340) is almost ready for the release. Several new security features have been added in this version of Servlet specification. In this blog, I will explain one of the security features, namely deny-uncovered-http-methods. Let us take a look at a simple security-constraint in web.xml as follows: <web-app xmlns="http://www.w3.org/2001/XMLSchema" ...
Update: One should not use response in AsyncListener#onComplete. Only print debug in this example. Servlet 3.1 (JSR 340) is almost ready for the release. One of the new features is the support for non-blocking IO. ReadListener and WriteListener are introduced to allow non-blocking processing in Servlet. Non-blocking IO can only be used in async (defined in Servlet 3.0) or the upgrade mode. We can...