hasAccessToWebResource method

Arjan Tijms


As requested by Werner, splitting this topic off from the welcome thread.

The previous discussion was about the format of the URL pattern and whether Servlet did, or did not define it.

As  mentioned, it's at least pretty clearly defined by JACC. There's no need to fear JACC, as it's just another Java EE spec that has defined or has helped defined a couple of things in Servlet and EJB pretty well.

That said, Servlet does indeed specify it too. The deployment descriptor referenced javaee:url-pattern, which is of url-patterntype. url-patterntype is defined in javaee_7.xsd as follows:

 <xsd:complexType name="url-patternType">



        The url-patternType contains the url pattern of the mapping.

        It must follow the rules specified in Section 11.2 of the

        Servlet API Specification. This pattern is assumed to be in

        URL-decoded form and must not contain CR(#xD) or LF(#xA).

        If it contains those characters, the container must inform

        the developer with a descriptive error message.

        The container must preserve all characters including whitespaces.


So this points back to Section 11.2 of the Servet spec, which was already mentioned.

In practice the URL pattern is a very well known concept in Java EE, as it's used in Servlet mappings, Filter mappings and the @WebServlet annotation.

Kind regards,

Arjan Tijms

Join javaee-security-spec@javaee.groups.io to automatically receive all group messages.