Question : General Servlet Questions

1) I'm trying to write a servlet based on design specs that say, "Only allow HTTPS calls to the servlet". This servlet is a login authentication module, so will be collecting passwords. How do I make it exclusive to HTTPS calls?

2) Next question, I'm reading about how a servlet instance persists, and each new call is a new thread to that instance. It says you shouldn't save info in non-local variables, because they could get used by two different threads. So my servlet has a service method and an object class. The service method declares 3 variables and an instance of the object class. Since they're all declared in the service method, they're considered local and I don't need to worry about threads stepping on each other, correct?

3) My servlet is gathering user ID and password as HttpServletRequest parameters, and returning some codes/messages as HttpServlet Responses. I'm doing this all through the service method. Is there anything particularly wrong with overriding the service method instead of "doGet" or "doPost"?

4) One more question. I hope this isn't poor protocol to ask more than one question at a time. The more I learn, the more questions I have! This question is regarding Tomcat. I am using Tomcat (and a simple HTML form) on my local machine to test the servlet. I want to test it with my applications on the network, but don't have a development Web server that I can use yet. Is it possible to direct my development network apps to the servlet on my local (networked) machine with Tomcat running? I am currently testing the servlet using http://localhost:8080/SADI.

Thanks for the help!

Answer : General Servlet Questions

1. You need to restrict this in web.xml by specifying CONFIDENTIAL <transport-guarantee/>:

<security-constraint>
<web-resource-collection>

<web-resource-name>Protected Resources</web-resource-name>
<description>All servlets requiring https access</description>
<url-pattern>/path-to-your-servlet-starting-with-a-slash</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>

</web-resource-collection>

<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>

2. Correction: it is not necessarily NEW thread, more likely to be a DIFFERENT thread. The rest is correct, local method variables are safe.

3. Nothing wrong unless you want to limit it to particular method.

4. (it is !) Not quite clear what you want to achieve. Being able to access your local Tomcat from the network ? Should be fairly simple: open the port your Tomcat listens on (8080) in your firewall (allow incoming TCP connection). I think by default Tomcat listens on all interfaces/IPs. Then access it as:

http://yourMachineNameOrIP:8080/yourServlet
<security-constraint> <web-resource-collection>
</web-resource-collection></security-constraint>

Random Solutions

Windows Server 2008 R2 iSCSI Initiator and HP D2D CHAP issue

Oracle SQL containing word

prstat vs top command

How do I remove old servers from backup Exec?

builing a basic Advertise with Us Functionality!

MS Excel 2007 & PDF - Exporting to PDF takes long hours!

Looking for Excel User Function not Text to Columns to Convert text values to date values.

Display logon message to new users at first logon.

extending jQuery autocomplete plugin functionality