A Servlet 3.1 (JSR-340) specification targeted to the Java EE 7 platform.
A Servlet 3.1 (JSR-340) specification targeted to the Java EE 7 platform. Servlet 3.1 was in Public Review in Janurary 2013. And it is in Proposed Final Draft now. Most of the new features are related to security. In this following, I will highlight features since Servlet 3.1 Public Review:
- add new API
javax.servlet.http.Part#getSubmittedFileName add new API
javax.servlet.ServletContext#getVirtualServerNameThis API allows a JASPIC module to be registered in a Servlet container in a portable way.default deny semantic
Prior to Servlet 3.1, if the given HTTP methods are not covered by the given security constraint for given URL patterns, then the HTTP methods are not protected for the corresponding URL patterns. This may not be the desired behavior. A new element deny-uncovered-http-methods is added to web.xml so that the behavior of those HTTP methods for the given URL patterns can be configured easily.
- authenticated role,
If the role name is not explicitly defined in web.xml, it is used to denote the role name of all authenticated users. The role name can be used in defining an security-constraint in web.xml and as argument of HttpServletRequest#isUSerInRole.
