2 * Licensed to the Apache Software Foundation (ASF) under one or more
3 * contributor license agreements. See the NOTICE file distributed with
4 * this work for additional information regarding copyright ownership.
5 * The ASF licenses this file to You under the Apache License, Version 2.0
6 * (the "License"); you may not use this file except in compliance with
7 * the License. You may obtain a copy of the License at
9 * http://www.apache.org/licenses/LICENSE-2.0
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
17 package javax.servlet.annotation;
19 import java.lang.annotation.Documented;
20 import java.lang.annotation.ElementType;
21 import java.lang.annotation.Inherited;
22 import java.lang.annotation.Retention;
23 import java.lang.annotation.RetentionPolicy;
24 import java.lang.annotation.Target;
27 * Declare this annotation on a {@link javax.servlet.Servlet} implementation
28 * class to enforce security constraints on HTTP protocol requests.<br />
29 * The container applies constraints to the URL patterns mapped to each Servlet
30 * which declares this annotation.<br />
36 @Target({ElementType.TYPE})
37 @Retention(RetentionPolicy.RUNTIME)
39 public @interface ServletSecurity {
42 * Represents the two possible values of the empty role semantic, active
43 * when a list of role names is empty.
45 enum EmptyRoleSemantic {
48 * Access MUST be permitted, regardless of authentication state or
54 * Access MUST be denied, regardless of authentication state or identity
60 * Represents the two possible values of data transport, encrypted or not.
62 enum TransportGuarantee {
65 * User data must not be encrypted by the container during transport
70 * The container MUST encrypt user data during transport
76 * The default constraint to apply to requests not handled by specific
79 * @return http constraint
81 HttpConstraint value() default @HttpConstraint;
84 * An array of HttpMethodContraint objects to which the security constraint
87 * @return array of http method constraint
89 HttpMethodConstraint[] httpMethodConstraints() default {};