This page details the proposed, accepted and deferred changes to JSR 115, documenting the changes that will go into the next revision, per Section 4.2 of the JCP 2.6 document.
Last updated: 1 May 2009
PROPOSED CHANGES
Changes made throughout the Document• Changed the version of the specification from 1.2 to 1.3. Changes to Policy Configuration ContractTranslating Security Constraints: • In Section 3.1.3.1, “Translating security-constraint Elements”, clarified the description of the HTTP methods to which a constraint applies to accommodate the introduction, by Servlet 3.0, of http-method-omission elements. Servlet 3.0 defines the http-method-omission element to support the use of the @RolesAllowed, @PermitAll, @DenyALL, and @TransportProtected annotations. • Added a new minor subsection called, “Combining Http Methods”, to establish the rules for determining to which HTTP methods a constraint applies. The rules were defined to include support for http-method-omission lists, and such that they are backward compatible with applications that employs a prior version deployment descriptor schema (that does not support http-method-omission elements).
Security Constraint Translation Example: • In Section 3.1.3.4, “Example”, modified the excluding auth-constraint to demonstrate the use of an http-method-omission list. Also changed TABLE 3-5 (which contains the result of the translation) to reflect the change to the auth-constraint.
EJB Security Role Ref Translation: • . Added a footnote to Section 3.1.5.3, “Translating EJB security-role-ref Elements”, to clarify, by example, the requirement to create additional EJBRoleRefPermission objects to support optional declaration of security-role-ref elements. |
ACCEPTED CHANGES
DEFERRED CHANGES
|
|