Skip to main content

Shing Wai Chan

currently specification lead for Servlet 3.1 and implementation lead on web container in GlassFish. Previously he was an expert group member on JASPIC and worked on reference implementations of JACC, JASPIC, JSR 250 and Servlet 3.0.

 

Weblogs

Servlet 3.1 (JSR 340) is final and is part of Java EE 7. I and Rajiv had presented the session CON 4854, "What's New in JSR 340, Servlet 3.1?", on...

javax.servlet.http.HttpSession provides a way to identify an user across...

Java API for WebSocket is a new JSR to Java EE 7. It provides a stardard Java API for creating...

WebSocket is a bi-directional, full-duplex, TCP based messaging protocol. It is originally proposed as part of HTML5 and is a IETF-defined Protocol (...

Expression Language (EL) was first introduced as part of JSTL 1.0, was then moved JSP 2.0 and was unified with JSF 1.2 in JSP 2.1. In Java EE 7, EL is a new separate JSR,...

Asynchronous operation was introduced in Servlet 3.0. ...

Asynchronous operation is supported in Servlet 3.0. I have discussed startAsync in my previous blog,...

Servlet 3.1 Specification (JSR 340) is almost ready for the release. One of the new features is the support for protocol upgrade.

HTTP...

Servlet 3.1 Specification (JSR 340) is almost ready for the release. Several new security features have been added in this version of Servlet...

Servlet 3.1 (JSR 340) is almost ready for the release. One of the new features is the support for non-blocking IO. ...

Servlet 3.1 was in Public Review in Janurary 2013. And it is in Proposed Final Draft now. Most of the new features are related to security.
In this following, I will highlight features since...

Servlet 3.1 is in Public Review now.
New features in Servlet 3.1 and changes since the EDR are listed below:

  • support Non Blocking IO

Prior to Servlet 3.0, a servlet may need to wait for a long operation to complete and can cause thread starvation in web container. In Servlet...

Cross-site request forgery (CSRF)
is a malicious attack exploiting the trust of a site from a user's browser.
As...

In GlassFish, when no error page is specified for a given web application, a default error page will be displayed. In some use cases, it is desirable to turn off the default error page.
In...

GlassFish supports the preseving of HTTP session data across the redeployment of web application.

Prior to GlassFish 3.1, one can achieve this through the command line as follows:
...

Single Sign On allows web applications to share the same authentication state.

GlassFish v2 supports ...