The latest improvements in action
The Maintenance Release B of JASPIC Specification has made some significant
changes, some of which help to standardize the use of the specification regardless
of the server; others help to enrich the user experience. Among the changes, we
present only some relatively important changes and advise you to browse the spe-
cification document and blog found at: http://arjan-tijms.blogspot.com/
Integrating the authenticate, login, and logout
Since Version 3.0 of the Servlet, the authenticate, login, and logout methods have
been added to the HttpServletRequest interface for managing the login and
logout programmatically. However, the behavior of JASPIC modules after calling one
of these three methods was not clearly established. It was left under the care of the
server vendors to provide their own method of login and logout. The direct conse-
quence is the non portability of applications between Java EE-compliant servers.
In the recent changes, Version 1.1 of JASPIC has clearly defined the expected beha-
vior of JASPIC modules after calling one of these three methods. We now know that:
• The container implementation of the login method must throw a Ser-
vletException whenthereisanincompatibilitybetweenthe login method
and the configured authentication mechanism.
Here, the behavior of the module after calling the login method is not
• A call to the authenticate method must call the validateRequest meth-
od. This is true if the authenticate method is not called in the context of a
call it made to validateRequest .