posted 17 years ago
Very interesting point.
You might be able to verify that data integrity and confidentiality are implemented using isSecure(), but isSecure() can not be used to implement either. The typical way to implement these is through declaration in the web.xml which will require that HTTPS (HTTP over SSL) be used to secure the connection.
A good workman is known by his tools.