Java Virtal

[ News ] rss

February 01, 2011

Mark Wielaard: New GPG key. Finally created a new GPG key using gnupg. The old one was a DSA/1024 bits one and 8 years old. The new one is a RSA/2048 bits one. I will use the new one in the future to sign any release tarballs I might create. pub 2048R/57816A6A 2011-01-29 Key f...

More »

February 01, 2011

Andrew Hughes: [SECURITY] IcedTea6 1.7.8, 1.8.5, 1.9.5 Released!. We are pleased to announce a new set of security releases, IcedTea6 1.7.8, IcedTea6 1.8.5 and IcedTea6 1.9.5. This update contains the following security updates: The IcedTea project provides a harness to build the source code from OpenJDK6 u...

More »

161718 19202122

[ Archives News
for 'Java Technology' ]

home > news > java technology > summary of new security features in servlet 3.0

Summary of new Security Features in Servlet 3.0

Servlet 3.0 specification which is part of JavaEE 6 has many new features and some of them are in the area of security. The  post by Ron Monzillo gives a high level summary of the security features that he added in the Servlet 3.0 specification.  In this post i would like to focus on the aspect of Programmatically adding and configuring security for the servlet. Additionally i would provide links to other posts by me and team members on new security features of servlet 3.0.  You can access more information about the API's from the JavaEE 6 Javadocs here. The ability to programmatically add a servlet to a context is useful for framework developers. For example a framework could declare a controller servlet using this method. The return value of this method is a ServletRegistration or a ServletRegistration.Dynamic object which further allows you to setup the other parameters of the servlet like init-params, url-mappings, security-constraints etc. The addServlet() method on ServletRegistration.Dynamic can be called from a ServletContextListener and it allows adding a new servlet to the context. Then you can add servlet url-mappings and finally add the security constraints for the servlet by calling setServletSecurity.  The API class that holds the security-constraints is calledjavax.servlet.ServletSecurityElement.   Quoting from the specification : "The javax.servlet.ServletSecurityElement argum...

Date: December, 28 2009

Others News

© Mobirise Templates | best web design software | best website builder software | top free website builder | bootstrap navbar