Re: [jboss-as7-dev] Security Domain Association

On Mon, 2011-06-13 at 18:10 +0530, Jaikiran Pai wrote: > Furthermore, isn't the security for web, based on url-pattern and _not_ > per servlet class? For example the same servlet class might be mapped to > two different url-patterns and only one url-pattern might be secured. In > such cases having a @SecurityDomain on a servlet class won't work, isn't it? The new security annotation from Servlet 3 now corresponds to it, but the basis of the servlet security ultimately remains URL matching.