• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Security Questions

Luke Shannon
Ranch Hand
Posts: 239
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

I am trying to implement security on my site and have a few questions. They are WEB-INF/web.xml questions, I hope it is appropriate to ask them here:

The web.xml in my projects WEB-INF contains the following:

<!-- security -->

Right now I don't want any one to use a servlet that is not authorized
first. Once I got BASIC working as I expected I wanted to shift to a custom form login:


Can I do this with the url-pattern of *.do? Or do I need to put an actual
directory? The reason I ask is how will Tomcat find the login pages?

Another question concerning:


Is it a good idea to have this? I understand it encrypts all data that is
sent to the server. It seems to me that no system should be without. But I
wanted to check with someone more experienced first whether there were
concerns or limitations I am unaware of.

If anyone else has any security tips they would like to share I would love to hear them.


  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic