Servlet 3.1 is in Public Review now. New features in Servlet 3.1 and changes since the EDR are listed below:
support Non Blocking IO ReadListener, WriteListener are added to handle the non-blocking IO. And the corresponding setters are added to ServletInputStream andServletOutputStream respectively. Futhermore,ServletInputStream#isFinished, #isReady andServletOutputStream#isReady are added. Changes since EDR:
Remove the requirement to read/write data as much as possible before Read/WriteListener is invoked.
Non Blocking I/O will only work in Async or Upgrade scenarios. This will simplify the understanding and usage of the API.
support upgrading HTTP protocol The allows the integration of web socket provider with servlet container provider. Changes since EDR:
Rename ProtocolHandler toHttpUpgradeHandler.
Add the following method to HttpUpgradeHandler
public void destroy();
This allows the handler clean up resources during destroy.
the upgrade API will take a class rather than an instance. This allows the container to do CDI if necessary. In HttpServletRequest, in EDR, we have
public void upgrade(ProtocolHandler handler) throws IOException;
In Public Review, we have
public <T extends HttpUpgradeHandler> T upgrade(Class<T> handlerClass) throws IOException;
run-as clarification run-as will also apply to Servlet#init and#destroy now.
Add new API to change session id The Session fixation attack is a security vulnerability to web application. One way to resolve this is to change the session id during authentication. Container providers has achieved this by using proprietary API. A new method is added to HttpServletRequest as follows:
public String changeSessionId();
And a new HttpSessionIdListener is added for the corresponding event. This allows JASPIC (JSR 196) auth modules to be written in a portable way.
Clarification on reset character encoding (more details in presentation)
And there are other bug fixes and clarifications. If you want to learn more about the Servlet 3.1, you can downloadthe spec and javadoc from jcp.org.