3.) Dynamic Security :
Dynamic Servlet Security Annotations @DeclareRoles("role1","role2") & @RunAs("rolename")
above 2 annotations can be given at the time of context initialization ( while servlets are registered dynamically)
in Servlet3.0 interface ServletRegistration.Dynamic has below imp methods
| void | setLoadOnStartup(int loadOnStartup)
Sets the loadOnStartup priority on the Servlet represented by this dynamic ServletRegistration. |
| void | setMultipartConfig(MultipartConfigElement multipartConfig)
Sets the MultipartConfigElement to be applied to the mappings defined for this ServletRegistration. |
| void | setRunAsRole(java.lang.String roleName)
Sets the name of the runAs role for this ServletRegistration. |
| java.util.Set | setServletSecurity(ServletSecurityElement constraint)
Sets the ServletSecurityElement to be applied to the mappings defined for this ServletRegistration. |
A very good example is given at http://weblogs.java.net/blog/kumarjayanti/archive/2009/12/28/summary-new-security-features-servlet-30.
Check web for more examples
4.) HttpOnly cookie and tags are supported ..refer servlet 3.0 specs.
HttpOnly cookies indicate to the client that they should not be exposed to client-side scripting code (It’s not filtered out unless the client knows to look for this attribute). The use of HttpOnly cookies helps mitigate certain kinds of cross-site scripting attacks.
No comments:
Post a Comment