Question : General Servlet Questions

1) I'm trying to write a servlet based on design specs that say, "Only allow HTTPS calls to the servlet". This servlet is a login authentication module, so will be collecting passwords. How do I make it exclusive to HTTPS calls?

2) Next question, I'm reading about how a servlet instance persists, and each new call is a new thread to that instance. It says you shouldn't save info in non-local variables, because they could get used by two different threads. So my servlet has a service method and an object class. The service method declares 3 variables and an instance of the object class. Since they're all declared in the service method, they're considered local and I don't need to worry about threads stepping on each other, correct?

3) My servlet is gathering user ID and password as HttpServletRequest parameters, and returning some codes/messages as HttpServlet Responses. I'm doing this all through the service method. Is there anything particularly wrong with overriding the service method instead of "doGet" or "doPost"?

4) One more question. I hope this isn't poor protocol to ask more than one question at a time. The more I learn, the more questions I have! This question is regarding Tomcat. I am using Tomcat (and a simple HTML form) on my local machine to test the servlet. I want to test it with my applications on the network, but don't have a development Web server that I can use yet. Is it possible to direct my development network apps to the servlet on my local (networked) machine with Tomcat running? I am currently testing the servlet using http://localhost:8080/SADI.

Thanks for the help!

Answer : General Servlet Questions

1. You need to restrict this in web.xml by specifying CONFIDENTIAL <transport-guarantee/>:

<security-constraint>
<web-resource-collection>

<web-resource-name>Protected Resources</web-resource-name>
<description>All servlets requiring https access</description>
<url-pattern>/path-to-your-servlet-starting-with-a-slash</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>

</web-resource-collection>

<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>

2. Correction: it is not necessarily NEW thread, more likely to be a DIFFERENT thread. The rest is correct, local method variables are safe.

3. Nothing wrong unless you want to limit it to particular method.

4. (it is !) Not quite clear what you want to achieve. Being able to access your local Tomcat from the network ? Should be fairly simple: open the port your Tomcat listens on (8080) in your firewall (allow incoming TCP connection). I think by default Tomcat listens on all interfaces/IPs. Then access it as:

http://yourMachineNameOrIP:8080/yourServlet
<security-constraint> <web-resource-collection>
</web-resource-collection></security-constraint>

Random Solutions

Disable SID Filtering in a Windows 2000 domain

OCS 2007 R2 - Failure [0xC3FC200D] One or more errors were detected

Realtek network adapter not working

upgrading and moving a sql server express 2005 database to a sql server standard

raid5 and win 2008 r2 server

Send two files in email as attachment in unix shell scripting using ksh

Acrobat 8 Pro, Adobe EPIC_APP Serious Error - Windows 7 Ultimate 64bit

CreateProcess terminates immediately

Multilingual Issue in dotnet