Details
Description
Servlet 3.0 spec has following statements in chapter 13.4.1.
The @ServletSecurity annotation provides an alternative mechanism for
defining access control constraints equivalent to those that could otherwise have
been expressed declaratively via security-constraint elements in the portable
deployment descriptor or programmatically via the setServletSecurity method
of the ServletRegistration interface. Servlet containers MUST support the use
of the @ServletSecurity annotation on classes (and subclasses thereof) that
implement the javax.servlet.Servlet interface.