By Tori Wieldt-Oracle on Jul 09, 2013
Java EE 7 is live, and it includes many changes in 14 active JSRs. One of them is Servlet 3.1. Java Servlets extend and enhance Web servers. They are a provide a component-based, platform-independent method for building Web-based applications, without the performance limitations of CGI programs. And unlike proprietary server extension mechanisms, servlets are server- and platform-independent.
Several of the new features in Servlet 3.1 are in the area of security. Spec Lead Shing Wai Chan told OTN "the changes in Servlet 3.1 will make development much easier, especially in the areas of role mapping." He has written some blogs about the new functionality in Servlet 3.1:
Security Constraint by Role
Prior to Servlet 3.1, web containers use proprietary mechanisms to add security-constraints for any authenticated user. See how you can create security constraints for authenticated users.
One of the new security features is deny-uncovered-http-methods.
Servlet 3.1 now provides support for protocol upgrade.
For more information
Follow Shing Wai Chan's blog
Visit the JSR-340 page, where you can download the Servlet 3.1 spec.