Java Servlets 2.5 Features

Java Servlets 2.5 Updates

In September 26, 2005 Sun Microsystems and the Java Specification Request 154 Expert Group issued a maintenance release of the Servlet API. Under normal circumstances, a JSR maintenance releases includes just a handful of nominally interesting specification clarifications. Jetty 6 server and Sun's GlassFish server are the two best-known servlet containers that include 2.5 support. Apache Tomcat 5.5 and JBoss 4.0 still support Servlet 2.4.

HTTP method names:

Now we can place any legal HTTP/1.1 method name into an <http-method> element. As you may recall, the <http-method> element specifies the methods on which a <security-constraint> entry should apply. It's historically been limited to the seven standard HTTP/1.1 methods: GET, POST, PUT, DELETE, HEAD, OPTIONS, and TRACE. However, HTTP/1.1 allows for extension methods, and WebDAV is a popular technology using extensions. With Servlet 2.5, you can now apply security constraints on any conceivable HTTP method name, standard or extension, including WebDAV methods like LOCK, UNLOCK, COPY, and MOVE.

Cross-context sessions:

When servlets dispatch requests from one context to another. Within the target call, what session should be in scope, if any? The issue came up most prominently with portlets, where a main page in one context may do several include calls to portlets in another context. Servlet 2.5 now specifies that resources within a context see the session for that context, regardless of where the request may have started. This means the portlets can track their own state separate from the main page state, and this rule will apply across servlet containers.

Annotations:

several annotations work in a servlet environment. Simple servlet containers can ignore these rules, while servlets in a JEE container must abide by them. Some annotations provide an alternative to XML entries that would otherwise go in the web.xml deployment descriptor. Other annotations act as requests for the container to perform tasks that otherwise the servlet would have to perform itself. Some annotations do both. The exact list of annotations isn't completely finalized, because the Servlet specification itself doesn't define the annotations, it only helps interpret how they affect a servlet environment.

Removed Restrictions:

Servlet 2.5 eased a few restrictions around error handling and session tracking. With error handling, Servlet 2.5 removed a rule dictating that error-handling pages configured with <error-page> could not call setStatus() to alter the error code that triggered them.

Enhanced web.xml:

Servlet 2.5 introduces several small changes to the web.xml deployment descriptor file format to make its use more convenient.
Previous:

<filter-mapping><filter-name>FilterName</filter-name><servlet-name>FilterName</servlet-name></filter-mapping>

Now:

<filter-mapping><filter-name>FilterName</filter-name><servlet-name>*</servlet-name></filter-mapping>

Previously in <servlet-mapping> or <filter-mapping> there used to be only one <url-pattern>, but now we can have multiple <url-pattern>, like

<servlet-mapping>
<servlet-name>abc</servlet-name>
<url-pattern>/abc/*</url-pattern>
<url-pattern>/abc/*</url-pattern></servlet-mapping>

like this many more facilities added in web.xml.

Response closure:

The Servlet 2.4 specification dictates that the response should be committed in several situations including when "The amount of content specified in the setContentLength method of the response and has been written to the response." This appears all well and good until you write code like this to do a redirect:

response.setHeader("Host", "localhost");
response.setHeader("Pragma", "no-cache");
response.setHeader("Content-Length", "0");
response.setHeader("Location", "http://www.apache.org");

The servlet technically must ignore the Location header because the response must be committed immediately as the zero byte content length is satisfied. The response is over before it began! Servlet containers often refuse to implement this behavior, and the Servlet 2.5 release adds "has been greater than zero" to the rule.