Java Reference
In-Depth Information
The latest improvements in action
The Maintenance Release B of JASPIC Specification has made some significant
changes, some of which help to standardize the use of the specification regardless
of the server; others help to enrich the user experience. Among the changes, we
present only some relatively important changes and advise you to browse the spe-
cification document and blog found at:
http://arjan-tijms.blogspot.com/
2013_04_01_archive.html
,
which will provide you with more information.
Integrating the authenticate, login, and logout
methods called
Since Version 3.0 of the Servlet, the authenticate, login, and logout methods have
been added to the
HttpServletRequest
interface for managing the login and
logout programmatically. However, the behavior of JASPIC modules after calling one
of these three methods was not clearly established. It was left under the care of the
server vendors to provide their own method of login and logout. The direct conse-
quence is the non portability of applications between Java EE-compliant servers.
In the recent changes, Version 1.1 of JASPIC has clearly defined the expected beha-
vior of JASPIC modules after calling one of these three methods. We now know that:
• The container implementation of the
login
method must throw a
Ser-
vletException
whenthereisanincompatibilitybetweenthe
login
method
and the configured authentication mechanism.
Note
Here, the behavior of the module after calling the
login
method is not
clearly defined.
• A call to the
authenticate
method must call the
validateRequest
meth-
od. This is true if the
authenticate
method is not called in the context of a
call it made to
validateRequest
.
