Form login in a Servlet 3.0 using annotations

Question

I have an old servlet ABC using a web.xml to define it\'s form login (which is another servlet XYZ stored in another JAR file and integrated in the WAR under path WEB-INF\\l

Answer 1

Stephan,

I've been trying to find all-annotation configuration for my application as well.

You are correct - the only way to configure form-based authentication is by using deployment descriptor (web.xml or web-fragment.xml).

According to JSR-315 Servlet 3.0 Specification :: Ch13.6.3 (pg132):

"The web application deployment descriptor contains entries for a login form and error page..."

Specification only refers to the web deployment descriptor for form-login configuration, and not to any annotation-based configuration.

Also, take a look at JSR-315 Servlet 3.0 Specification :: Ch8.1 (pg61-64) - there is no notion of Servlet annotations that would implement form-based authentication configuration.

Actually, all of Ch8 is very useful to read, especially JSR-315 Servlet 3.0 Specification :: Ch8.2.3 (pg72-84) that explains how web.xml, web-fragment.xml and annotations are being assembled together and in which order.

I have briefly looked over JSR-340 Servlet 3.1 Specification spec that has just been released May 28, 2013. It seems they have not added any new provisions for form-based authentication configuration, see JSR-340 Servlet 3.1 Specification :: Ch13.6.3 (pg139)...

Good luck ;)