I need to develop a secure web -application that can be accessed by only using https. I have included this in my web.xml
<security-constraint>
<web-resource-collection>
<web-resource-name> My Name</web-resource-name>
<url-pattern>/CustomerPinChange/*</url-pattern>
<http-method>GET</http-method>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
But it does not work. Do I have to make any changes or include anything else?
