Changes made throughout the Document

• Changed the version of the specification from 1.3 to 1.4.

• Changed the JCP version to 2.7

Changes to Policy Configuration Contract

EJBs in Web Modules:

• Added a footnote in Section 3.1.1 “PolicyContexts and Servlet Policy Context Identifiers “, to indicate that EJBs contained within a .war are an exception to the statement that a single policy context contains the policy statements corresponding to all the resources in one or more modules.

Servlet Policy Context Identifiers:

• In Section 3.1.2, “Servlet Policy Context Identifiers”, added paragraph to ensure that EJBs defined in web modules are assigned to a separate policy context to ensure that the EJB context can be put in service before the policy context of the web module (which may depend on being able to call the EJB).

Programmatic Servlet Registrations:

• Added Section 3.1.3.1, “Programmatic Servlet Registrations”, to describe how the Servlet policy translation defined by this subcontract can be applied to the security configuration resulting from the programmatic registration and security configuration enabled by Servlet 3.0. Also added a description of how an existing policy context may be retranslated while preserving its links to other policy contexts.

EJB Policy Context Identifiers:

• In Section 3.1.4, “EJB Policy Context Identifiers”, added paragraph to ensure that EJBs defined in web modules are assigned to a separate policy context to ensure that the EJB context can be put in service before the policy context of the web module (which may depend on being able to call the EJB).

Deploying an Application or Module:

• Clarified Section 3.1.94 “Deploying an Application or Module”, to allow translations, links, and commits of individual modules to be interleaved as necessary to support runtime initialization of Servlet policy (as required by Servlet 3.0) while preserving the ability of a ServletContextListener to make a local call to an EJB in the same application (and without getting an access exception).

Deploying to an Existing Policy Configuration:

• In the optional Section 3.1.8, “Deploying to an existing Policy Configuration”, added an additional paragraph to describe what must be done to capture the effects of any programmatic registrations and security configurations that may happen during initialization.

Redeploying a Module:

• Simplified Section 3.1.9, “Redeploying a Module”, by having it refer to Section 3.1.6, “Deploying an Application or Module”, which, as described above, has been changed to handle Servlet 3.0.

API - PolicyConfiguration interface:

• Added clarifications to removeUncheckedPolicy, removeExcludedPolicy, and removeRole methods to indicate that these methods have no effect on the linkages among policy contexts.

API - PolicyConfigurationFactory:

• Added clarification to the getPolicyConfiguration method to indicate that it removes policy statements and linkages when the value of the remove parameter is true.