I'm trying tofigure out the relationship between @RolesAllowed and @ServletSecurity inservlets. I'm using an EE7 server whichmeans Servlet 3.1. Long story short, itseems like @ServletSecurity works but @RolesAllowed does not. In section"A.3 Changessince Servlet 3.0 Public Review", the servlet specification says:
"Added support for security related commonannotations - @RolesAllowed, @PermitAll, @DenyAll" This leads me to believe that_at_RolesAllowed should work in 3.1. However, In section"A.2 Changessince Servlet 3.0 Proposed Final Draft" the servlet specification says: "Added a newannotation - @ServletSecurity (and associated annotation for the
fields) for defining security asopposed to re-using the @RolesAllowed,
@PermitAll, @DenyAll" So am I correct inassuming that the @RolesAllowed annotation was originally supported but is nolonger supported in favor of @ServletSecurity?
On Thursday, October 27, 2016 8:33 AM, "violetagg_at_abv.bg" <violetagg_at_abv.bg> wrote:
Hi,
I would like to ask for a clarification about
ServletOutputStream.setWriteListener.
In the specification it is not clear when it is allowed to invoke this
method.
Should the application go to a non blocking mode right after
AsyncContect.startAsync while in the container thread or that call can
be delayed and made from a different thread.
In Tomcat we allowed a delayed call to this method however we have
edged use cases [1] and [2] when this causes problems.
The same question applies also for ServletInputStream.setReadListener.
Thanks in advance,
Violeta Georgieva
[1]
http://marc.info/?t=147756348200005&r=1&w=2
[2]
http://marc.info/?t=147696900800002&r=1&w=2