File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Servlets and the fly likes Security Questions Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "Security Questions" Watch "Security Questions" New topic

Security Questions

Luke Shannon
Ranch Hand

Joined: Sep 30, 2004
Posts: 239

I am trying to implement security on my site and have a few questions. They are WEB-INF/web.xml questions, I hope it is appropriate to ask them here:

The web.xml in my projects WEB-INF contains the following:

<!-- security -->

Right now I don't want any one to use a servlet that is not authorized
first. Once I got BASIC working as I expected I wanted to shift to a custom form login:


Can I do this with the url-pattern of *.do? Or do I need to put an actual
directory? The reason I ask is how will Tomcat find the login pages?

Another question concerning:


Is it a good idea to have this? I understand it encrypts all data that is
sent to the server. It seems to me that no system should be without. But I
wanted to check with someone more experienced first whether there were
concerns or limitations I am unaware of.

If anyone else has any security tips they would like to share I would love to hear them.



I agree. Here's the link:
subject: Security Questions
It's not a secret anymore!