Java EE 6 and Servlet 3.0 Converge on Container Security Functionality
By monzillo on Dec 10, 2009
On the topic of Portability, Servlet 3.0 also takes another (albeit conservative) step toward convergence with Java EE 6 by recommending that all Servlet 3.0 containers support the integration of custom authentication mechanisms via the Servlet Container profile of JSR 196, as is required of all full-platform, Java EE 6 Compatible Servlet containers. Support for the profile is significant to developers because any such container exports a common interface that may be used to configure custom authentication mechanisms that will be applied by the the container in its processing of security constraints. This ensures that applications can remain decoupled from the security enforcement done by the container on their behalf and that common implementations of custom authentication mechanisms can be developed for use in any compatible container.
Servlet 3.0 also defined the @ServletSecurity annotation to extend to web developers the practice, introduced in EE 5, of using annotations to define the security constraints applied by containers on behalf of applications.