servlet 3.0 @WebServlet use..what will be in web.xml?

Question

I want to know the directory structure for using servlet 3.0 with Tomcat 7. I have used annotation @WebServlet without initialization parameters.

I want to know what is

Answer 1

I read the answer from Tomasz Nurkiewicz which was upvoted by 22 people till now. Please note, he answered 4 years ago.

I wondered why I needed an almost empty xml file?

And I tried with a hello world with Servlet 3.

package com.servlet3;


import java.io.IOException;
import java.io.PrintWriter;

import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

@WebServlet("/helloServlet3")
public class HelloServlet3 extends HttpServlet {
    private static final long serialVersionUID = 1L;

    protected void doGet(HttpServletRequest request, HttpServletResponse response)
            throws ServletException, IOException {

        response.setContentType("text/html");
        PrintWriter out = response.getWriter();

        out.print("<html><body>");
        out.print("<h3>Hello Servlet</h3>");
        out.print("</body></html>");
    }
}

And I am able to run this tiny web-application successfully.

Important Note:

please note, there is no web.xml exists in this sample.

So, we don't need this kind of almost-empty web.xml.

but, web.xml is mandatory, if you need form-based authentication (but, without Spring security).because, there is no equivalent annotation available for <login-config>.

According to this post in SO

<login-config>
  <auth-method>FORM</auth-method>
  <form-login-config>
    <form-login-page>/login</form-login-page>
    <form-error-page>/login?event=Retry</form-error-page>
  </form-login-config>
</login-config>

... the only way to configure form-based authentication is by using deployment descriptor (web.xml or web-fragment.xml).

According to JSR-315 Servlet 3.0 Specification :: Ch13.6.3 (pg132):

"The web application deployment descriptor contains entries for a login form and error page..."

Specification only refers to the web deployment descriptor for form-login configuration, and not to any annotation-based configuration.

UPDATE:

The above strike out information is related to Java EE6.

In Java EE7, We can do form-based authentication programmatic way..

From the Java EE7 official tutorial,

48.3.1 Authenticating Users Programmatically

The following methods of the HttpServletRequest interface enable you to authenticate users for a web application programmatically.

authenticate allows an application to instigate authentication of the request caller by the container from within an unconstrained request context. A login dialog box displays and collects the user name and password for authentication purposes.

login allows an application to collect user name and password information as an alternative to specifying form-based authentication in an application deployment descriptor.

logout allows an application to reset the caller identity of a request.

Answer 2

This is all you need in web.xml:

<web-app xmlns="http://java.sun.com/xml/ns/javaee"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
  version="3.0">

3.0-compatible servlet container (like Tomcat 7) will find @WebServlet automatically.