Java EE 6. What's new in Servlet API 3.0

With the release of Java EE 6, along with significant changes in JPA 2.0, the Servlet 3.0 specification also got a number of improvements: the development and deployment procedure was simplified, the configuration became more convenient, asynchronous requests were supported, and the security model was improved. Next, I will try to highlight the major changes in the API.

Servlet programming and deployment has been simplified mainly by introducing annotations for declaring a servlet (@WebServlet), filters (@WebFilter), listings (@WebListener), and security restrictions (@ServletSecurity). Thus, the web.xml deployment descriptor has become an optional element. I draw your attention to the fact that the Servlet API components themselves did not become a POJO, nobody canceled the usual hierarchy of interfaces and classes. An annotation was also added to support the loading of @MultipartConfig files and to set the initialization parameters of @WebInitParam.
')

Hello World Servlet Example
package net.ismailov.tests;

import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;

@WebServlet(name= "hw" , urlPatterns = "/hello_world" )
public class HelloWorld extends HttpServlet{

public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {

PrintWriter writer = response.getWriter();
writer.println( "<h1>Hello, World!</h1>" );

}

}


The good news was the advent of dynamic servlet registration:

ServletRegistration.Dynamic dynamic =
servletContext.addServlet( “DynamicTestServlet” , “net.ismailov.DynamicTestServlet” )
dynamic.addMapping( “/dynamicServlet” );



To support long-running operations, the possibility of asynchronous operation of the servlet was added. To enable this feature you need:

//
@WebServlet(asyncSupported= true )
//
dynamic.setAsyncSupported( true );

After this, the response does not cease to exist at the end of the method. It is necessary to call

AsyncContext ctx = ServletRequest.startAsync(req, res)

Now the request and response instances are saved, and when the asynchronous method is completed, they can be used to output to the user by one of the AsyncContext.dispatch methods (/ * various parameters * /)

@WebServlet( "/MyAsyncTestServlet" asyncSupported= true )
public class TestServlet extends HttpServlet {
public void doGet(HttpServletRequest req, HttpServletResponse res) {
...
AsyncContext aCtx = request.startAsync(req, res);
ScheduledThreadPoolExecutor executor = new ThreadPoolExecutor(10);
executor.execute( new MyAsyncService(aCtx));
}
}

public class MyAsyncService implements Runnable {
private AsyncContext ctx;
public MyAsyncService(AsyncContext ctx) {
this .ctx = ctx;
}
public void run() {
//
ctx.dispatch( "/result.jsp" );
}


As already mentioned, with the new API, it became possible to set access restrictions, for example:

@WebServlet(name= "hw" , urlPatterns = "/hello_world" )
@ServletSecurity(@HttpConstraint(rolesAllowed = { "admin" }))
public class HelloWorld extends HttpServlet{


Naturally, the task of defining roles / users, as well as authentication, are vendor-specific. For example, glassfish issues the basic http auth form:



It is also possible to impose restrictions on access methods:

@ServletSecurity(httpMethodConstraints={ @HttpMethodConstraint( "GET" ),
@HttpMethodConstraint( value = "POST" , rolesAllowed={ "user_group_1" })})


I tried to reflect the main innovations in api 3.0, it remains only to note that since December last year, the "reference implementation" of the Java EE6 specification: Glassfish 3.0 is available , in which you can experiment with the new API.