Changes made throughout the Document
• Changed the version of the
specification from 1.4 to 1.5.
Updated
The License
Changes to Policy Configuration Contract
Supporting
the Deny Uncovered Methods Semantic in Servlet
• In
Section 3.1.3.3 “Translating Servlet security-role-refs
Elements”, amended the description of uncovered HTTP
methods to make their handling contingent on the semantic (permit
or deny) established for uncovered methods.
Part1-Supporting
the “Any Authenticated User” Role in Servlet
• In
Section 3.1.1.2 “Translating security-constraint Elements”,
added description of the handling of the any authenticated user
role, “**”, in auth-constraint elements.
Part2-Supporting
the “Any Authenticated User” Role in Servlet
• In
Section 3.1.3.3 “Translating Servlet security-role-refs
Elements”, added description of the additional
WebRoleRefPermission elements to be created to support
isUserInRole(“**”)
Supporting
the "Any Authenticated User" Role in EJB
• In
Section 3.1.5.1 “Translating EJB method-permission
Elements”, dded description of the handling of the any
authenticated user role, “**”, in method-permission
elements.
• In
Section 3.1.5.3 “Translating EJB security-role-refs
Elements”, added description of the additional
EJBRoleRefPermission elements to be created to support
isCallerInRole(“**”)
Granting
Role ** to Any Authenticated User
• In
Section 3.2, “What the Provider Must Do”, added
requirement that the Policy Provider grant all permissions
assigned to role “**” to any authenticated user..
|
