Thank you for reading my post
Can some one please explain me what is differences between using following
items in web descriptor and changing the entire htt listener to use ssl?
what happens that a listener serve request to this servlet over https and
other request over http?
<security-constraint>
<web-resource-collection>
<web-resource-name>Secure Area</web-resource-name>
<url-pattern>/HelloServletService/HelloServlet
</url-pattern>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
</role-name>EMPLOYEE</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>CLIENT-CERT</auth-method>
<realm-name>certificate</realm-name>
</login-config>
Another question related to this matter is, what does
"<realm-name>certificate</realm-name>" do here?
how does it works and understand which certification it should use?
Thanks