Java EE 6 and Servlet 3.0 Converge on Container Security Functionality

Prior to today's release of the Java EE 6 and Servlet 3.0 specifications, only Java EE compatible Servlet Containers were required to implement the security-constraint related processing defined in the Servlet specification. In practice, all Servlet containers delivered some level of support for security-constraint processing, but the optional nature of this functionality outside of Java EE resulted in incomplete and divergent implementation. Servlet 3.0 remedies that problem by requiring common support for security-constraint processing among all Servlet 3.0 containers. Developers benefit from this convergence because it allows them to rely on common container mechanisms to both secure their applications and retain portability.

On the topic of Portability, Servlet 3.0 also takes another (albeit conservative) step toward convergence with Java EE 6 by recommending that all Servlet 3.0 containers support the integration of custom authentication mechanisms via the Servlet Container profile of JSR 196, as is required of all full-platform, Java EE 6 Compatible Servlet containers. Support for the profile is significant to developers because any such container exports a common interface that may be used to configure custom authentication mechanisms that will be applied by the the container in its processing of security constraints. This ensures that applications can remain decoupled from the security enforcement done by the container on their behalf and that common implementations of custom authentication mechanisms can be developed for use in any compatible container.

Servlet 3.0 also defined the @ServletSecurity annotation to extend to web developers the practice, introduced in EE 5, of using annotations to define the security constraints applied by containers on behalf of applications.

With the Release of Java EE 6, Servlet 3.0, and and Glassfish V3 Enterprise Server, the Java and Glassfish communities have simplified the development of secure portable web-facing applications.

Comments:

This make a little more simple to code using annotations, what a great idea!! Good article.

Posted by Gilton Nascimento on January 04, 2010 at 11:46 PM EST #

Post a Comment:
  • HTML Syntax: NOT allowed
About

monzillo

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today