Summary of new Security Features in Servlet 3.0

Servlet 3.0 specification which is part of JavaEE 6 has many new features and some of them are in the area of security. The  post by Ron Monzillo gives a high level summary of the security features that he added in the Servlet 3.0 specification.  In this post i would like to focus on the aspect of Programmatically adding and configuring security for the servlet. Additionally i would provide links to other posts by me and team members on new security features of servlet 3.0.  You can access more information about the API's from the JavaEE 6 Javadocs here. The ability to programmatically add a servlet to a context is useful for framework developers. For example a framework could declare a controller servlet using this method. The return value of this method is a ServletRegistration or a ServletRegistration.Dynamic object which further allows you to setup the other parameters of the servlet like init-params, url-mappings, security-constraints etc. The addServlet() method on ServletRegistration.Dynamic can be called from a ServletContextListener and it allows adding a new servlet to the context. Then you can add servlet url-mappings and finally add the security constraints for the servlet by calling setServletSecurity.  The API class that holds the security-constraints is calledjavax.servlet.ServletSecurityElement.   Quoting from the specification : "The javax.servlet.ServletSecurityElement argum...

Date: December, 28 2009
Url: http://www.java.net/blog/kumarjayanti/archive/2009/12/28/summary-new-security-features-servlet-30

Others News