I'm a bit confused about the serlevt mapping (Url part) - and the security-constraint i web.xml.
Why is it - you both specify Url under the servlet mapping and also under security-constraint. Wouldn't it better to have Url specified one place - and referencing this from other places ?
posted 12 years ago
The granularity of your security policy could be different of the servlet-mapping. For example, you can map a servlet on /servlet/* but apply security only on /servlet/secret.The two are not so connected that you state.