29 July 2012

What’s new in Servlet 3 (edit)

Servlets 3 (JSR 315) highlights:

  • Instead of configuring the web application in the web.xml deployment description you now have more options
    • modular deployment descriptor
      jars can be bundled with your webapp containing a web-fragment.xml file. These files are merged with the main web.xml file of your webapp. This allows for easy plugging in of web application modules. If you plugin a framework jar, you won’t have to modify the web.xml of your application anymore (e.g. to send all *.do files to a framework servlet).
    • annotations
      ?
      1
      2
      3
      4
      @WebServlet ("/jeeves")
      public class ZServlet extends HttpServlet {
      ....
      }
      • Extends HttpServlet, no POJO (yes!)
    • programmatic configuration
    • Asynchronous servlets
      ?
      1
      2
      3
      4
      5
      6
      7
      8
      9
      10
      11
      12
      13
      14
      15
      16
      17
      18
      19
      20
      21
      22
      @WebServlet ("/jeeves", asyncSupported=true)
      public class ZServlet extends HttpServlet {
      private AsyncContext ctx
       
      public void doGet( HttpServletRequest req, HttpServletResponse res) {
       
         ctx = req.startAsync();
        // kick off a thread for async work
        ctx.start(new L8r());
        //method returns immediatly, no response sent
      } // end doGet method
       
      class L8r implements Runnable{
         public void run(){
          // do work
          ...
          // response ready
          ctx.complete();
          // alternative: ctx.dispatch("responseViewer.jsp");
        } // end run method
       } //end L8r class
      } //end ZServlet class

      The asynchronous servlet doGet() method does not wait for the L8r thread to complete. The request/response parameters however are not committed, but they are cached in AsyncContext. The L8r thread can then use these to reply to the waiting client.
    • Security
      • ProgrammaticLogin class
      • Java EE5 authorisation annotations
        • @RolesAllowed
        • @PermitAll
        • @DenyAll
      • @transportprotected: use SSL
      • Session security
        • ?
        1
        2
        3
        4
        5
        6
        7
        8
        9
        10
        <session-config>
        <!-- do not expose session id by using URL rewriting -->
          <tracking-mode>COOKIE</tracking-mod>
          <cookie-config>
            <!-- do not expose cookie to javascript-->
            <http-only>true</ttp-only>
            <!-- only transit cookie over encrypted connection-->
            <secure>true</secure>
          </cookie-config>
        </session-config>
    • EL 2.2
      Method calls are now possible from EL, e.g.: 
        #{portfolio.add('ORCL',100)}

    • File upload (aka multipart support) 

    Labels: , , , , , ,

    No comments:

    Post a Comment

    Subscribe to: Post Comments (Atom)