Java Servlet 2.4 Specification Public Draft Released

Discussions

News: Java Servlet 2.4 Specification Public Draft Released

  1. The Servlet 2.4 public draft specification is now available for review. Changes include the ability to run filters only underneath RequestDispatcher forward/include calls, the addition new ServletRequestListner event classes, and more.

    Check out Servlet 2.4 Public Draft.

    Read the Servlet 2.4 JSR.
  2. Why is this restriction of running Filters only underneath RequestDispatcher forward/include calls being proposed?
  3. I haven't read the draft, but I would guess based on Floyd's wording that this is an option - not mandatory. I would guess filters can still be used in the normal way.
  4. I think it allows you to only run the filter if it's the
    top-level request coming directly from the client,
    i.e. not from a <jsp:include>.

    If so, this is a great feature and should have been in
    the previous spec. For example, there's very little use
    applying an Access Control filter to included pages.

    --Joachim
  5. If I'm not mistaken, I believe this is how it is now (i.e. as of 2.3 filters are only applied to the client's request, not pages accessed via include or request dispatching). It sounds like the new addition will allow you to apply filters to pages accessed indirectly as well. I'm going to read it right now to be sure...
  6. From the "Changes since 2.3" section: "Ability to use Filters under the Request Dispatcher ( 6.2.5 )".

    Also of particular interest: "Servlets mapped to WEB-INF / response handling (9.5)". This is a very nice addition from a security standpoint.
  7. Why is this restriction of running Filters only

    > underneath RequestDispatcher forward/include calls
    > being proposed?

    It's not a restriction -- it is options in addition to the behavior in Servlet 2.3, where filters are only invoked on the original request.
  8. Servlet 2.3 filters do run on include/forward as well as on the initial request (at least this is true with Oracle OC4J 9.0.2 and Orion 1.5.4).

    I believe that the proposed spec says that you can configure a filter to ONLY execute on resources that are accessed through RequestDispatcher.include/forward.

    //Anders