This page details the proposed, accepted and deferred changes to JSR 115, documenting the changes that will go into the next revision, per Section 4.2 of the JCP 2.6 document.
Last updated: 1 May 2009PROPOSED CHANGES
Changes made throughout the Document
• Changed the version of the specification from 1.2 to 1.3.
Changes to Policy Configuration Contract
• In Section 22.214.171.124, “Translating security-constraint Elements”, clarified the description of the HTTP methods to which a constraint applies to accommodate the introduction, by Servlet 3.0, of http-method-omission elements. Servlet 3.0 defines the http-method-omission element to support the use of the @RolesAllowed, @PermitAll, @DenyALL, and @TransportProtected annotations.
• Added a new minor subsection called, “Combining Http Methods”, to establish the rules for determining to which HTTP methods a constraint applies. The rules were defined to include support for http-method-omission lists, and such that they are backward compatible with applications that employs a prior version deployment descriptor schema (that does not support http-method-omission elements).
• In Section 126.96.36.199, “Example”, modified the excluding auth-constraint to demonstrate the use of an http-method-omission list. Also changed TABLE 3-5 (which contains the result of the translation) to reflect the change to the auth-constraint.
• . Added a footnote to Section 188.8.131.52, “Translating EJB security-role-ref Elements”, to clarify, by example, the requirement to create additional EJBRoleRefPermission objects to support optional declaration of security-role-ref elements.
|Changes from 1st Maintenance Review, accepted on 2 March 2004
Changes from 2nd Maintenance Review, accepted on 27 April 2004
Changes from 3rd Maintenance Review, accepted on 13 September 2005
Changes from 4th Maintenance Review, accepted on 11 May 2006
Changes from the 5th Maintenance Review, accepted on 26 August 2008