Win a copy of Java EE 8 High Performance this week in the Java/Jakarta EE forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

Security Questions  RSS feed

Ranch Hand
Posts: 239
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

I am trying to implement security on my site and have a few questions. They are WEB-INF/web.xml questions, I hope it is appropriate to ask them here:

The web.xml in my projects WEB-INF contains the following:

<!-- security -->

Right now I don't want any one to use a servlet that is not authorized
first. Once I got BASIC working as I expected I wanted to shift to a custom form login:


Can I do this with the url-pattern of *.do? Or do I need to put an actual
directory? The reason I ask is how will Tomcat find the login pages?

Another question concerning:


Is it a good idea to have this? I understand it encrypts all data that is
sent to the server. It seems to me that no system should be without. But I
wanted to check with someone more experienced first whether there were
concerns or limitations I am unaware of.

If anyone else has any security tips they would like to share I would love to hear them.


When it is used for evil, then watch out! When it is used for good, then things are much nicer. Like this tiny ad:
ScroogeXHTML 7.2 - RTF to HTML5 / XHTML converter
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!