An application component that uses a JavaMail API javax.mail.Session object or a java.net.URL object should declare its need in a resource-ref element in its deployment descriptor, and access the Session through JNDI. A J2EE product must support this usage. See Section J2EE.5.4, "Resource Factory References" and Section J2EE.6.11, "JavaMail 1.1 Requirements."
The web container is required to propagate any active transaction context to web components called through the RequestDispatcher API. See Section J2EE.4.2.1, "Web Components."
The web container is required to ensure that newly created threads are not associated with any JTA transaction. See Section J2EE.4.2.1, "Web Components."
More clearly specified the requirements for transaction support in a web container. See Section J2EE.4.2.1, "Web Components."
More completely specified the required DOCTYPE declarations in deployment descriptors. See Chapter J2EE.8, "Application Assembly and Deployment."
Clarified requirement that the required database need not be accessible from applets. See Section J2EE.6.2.2.3, "JDBC API."
Updated the application-client DTD to reflect the new child element of resource-ref , res-auth , and updated the env-entry element to include env-entry-type . See Section J2EE.9.7, "J2EE: application-client XML DTD."
J2EE.A.1.2 Removed Requirements
Removed JDBC API requirement for TYPE_SCROLL_INSENSITIVE result sets. See Section J2EE.6.2.2.3, "JDBC API."
Reduced the number of cipher suites required to be supported to the most common two ”SSL_RSA_EXPORT_WITH_RC4_40_MD5 and SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA. See Section J2EE.3.4.1.3, "Required Login Mechanisms."
J2EE.A.1.3 Editorial Changes
Consistently use the term RMI-IIOP.
Made it clear that application clients themselves , not the application client container, are required to display the HTML form login page, if they access a web resource using that form of authentication. See Section J2EE.9.2, "Security."
Consistently used the term "J2EE product" to refer to a product that is compatible with this specification.
Changed the name of role "platform provider" to "product provider" for consistency with above change.
Added definition of "application assembler" as used in Chapter J2EE.5 to list of platform roles in Chapter J2EE.2.
Consistently capitalized platform role names such as deployer.
Rewrote ambiguous sentences resolving uses of "it" and "that," converted from passive to active voice, etc.
Changed all self references to read "this specification."
Corrected syntax used to list methods , added interface or class references for method references. See Chapter J2EE.3, "Security."
Changed various terms for JSP components to "JSP pages" in conformance with the JSP specification.
Corrected method names isUserInRole and getUserPrincipal on the HttpServletRequest class to be consistent with the latest servlet specification. See Chapter J2EE.3, "Security."