On Mon, 2011-06-13 at 18:10 +0530, Jaikiran Pai wrote:
Furthermore, isn't the security for web, based on url-pattern and
_not_
per servlet class? For example the same servlet class might be mapped to
two different url-patterns and only one url-pattern might be secured. In
such cases having a @SecurityDomain on a servlet class won't work, isn't it?
The new security annotation from Servlet 3 now corresponds to it, but
the basis of the servlet security ultimately remains URL matching.
--
Remy Maucherat <rmaucher(a)redhat.com>
Red Hat Inc