This week's book giveaway is in the OCAJP 8 forum. We're giving away four copies of OCA Java SE 8 Programmer I Study Guide and have Edward Finegan & Robert Liguori on-line! See this thread for details.
The web container must provide SSL support on responses where the <user-data-constraint> in web.xml is 'integral' or 'confidential'. That requires the app server or web container to be configured to have an active SSL port and to have a public certificate that may be presented to the client browser before SSL handshaking can begin. App servers like WebLogic allow you to configure the SSL port and the server certificates in the admin console. Here is the url of the doc for configuring Certificates, keystores, and the SSL port on Tomcat: http://jakarta.apache.org/tomcat/tomcat-5.0-doc/ssl-howto.html That will give you an idea of how to set up the Public Certificate, the Private Key, and the root CA. Good luck, Bill