This page details the proposed, accepted and deferred changes to JSR 115, documenting the changes that will go into the next revision, per Section 4.2 of the JCP 2.7 document.
Last updated: 18 February 2013
Changes made throughout the Document
• Changed the version of the specification from 1.4 to 1.5.
Changes to Policy Configuration Contract
• In Section 220.127.116.11 “Translating Servlet security-role-refs Elements”, amended the description of uncovered HTTP methods to make their handling contingent on the semantic (permit or deny) established for uncovered methods.
• In Section 18.104.22.168 “Translating security-constraint Elements”, added description of the handling of the any authenticated user role, “**”, in auth-constraint elements.
• In Section 22.214.171.124 “Translating Servlet security-role-refs Elements”, added description of the additional WebRoleRefPermission elements to be created to support isUserInRole(“**”)
• In Section 126.96.36.199 “Translating EJB method-permission Elements”, dded description of the handling of the any authenticated user role, “**”, in method-permission elements.
• In Section 188.8.131.52 “Translating EJB security-role-refs Elements”, added description of the additional EJBRoleRefPermission elements to be created to support isCallerInRole(“**”)
• In Section 3.2, “What the Provider Must Do”, added requirement that the Policy Provider grant all permissions assigned to role “**” to any authenticated user..