I'm trying to figure out @RolesAllowed in servlets. I'm using an EE7 server which means Servlet 3.1 Looking at specification document, it reads in A.2
Added a new annotation - @ServletSecurity (and associated annotation for the
fields) for defining security as opposed to re-using the @RolesAllowed,
@PermitAll, @DenyAll
But in A.3 it says:
Added support for security related common annotations - @RolesAllowed,
@PermitAll, @DenyAll
So am I correct in assuming that in Servlet 3.0 the @RolesAllowed annotation was supported but in 3.1 it's no longer supported in favor of @ServletSecurity?