This page details the proposed, accepted and deferred changes to JSR 115, documenting the changes that will go into the next revision, per Section 4.2 of the JCP 2.7 document.
Last updated: 18 February 2013
PROPOSED CHANGES
Changes made throughout the Document• Changed the version of the specification from 1.4 to 1.5.
Changes to Policy Configuration ContractSupporting the Deny Uncovered Methods Semantic in Servlet
• In Section 3.1.3.3 “Translating Servlet security-role-refs Elements”, amended the description of uncovered HTTP methods to make their handling contingent on the semantic (permit or deny) established for uncovered methods.
Part1-Supporting the “Any Authenticated User” Role in Servlet
• In Section 3.1.1.2 “Translating security-constraint Elements”, added description of the handling of the any authenticated user role, “**”, in auth-constraint elements.
Part2-Supporting the “Any Authenticated User” Role in Servlet
• In Section 3.1.3.3 “Translating Servlet security-role-refs Elements”, added description of the additional WebRoleRefPermission elements to be created to support isUserInRole(“**”)
Supporting the "Any Authenticated User" Role in EJB
• In Section 3.1.5.1 “Translating EJB method-permission Elements”, dded description of the handling of the any authenticated user role, “**”, in method-permission elements. • In Section 3.1.5.3 “Translating EJB security-role-refs Elements”, added description of the additional EJBRoleRefPermission elements to be created to support isCallerInRole(“**”)
Granting Role ** to Any Authenticated User
• In Section 3.2, “What the Provider Must Do”, added requirement that the Policy Provider grant all permissions assigned to role “**” to any authenticated user.. |